Back to Blog

WAF Bypass Techniques – Using HTTP Standard and Web Servers’ Behaviour

I had presented a conference talk in AppSec EU 2018 about WAF bypass techniques.

Some screenshots and my original tweet about it can be seen below:

The SlidShare was URL was:

I had also created a SQL injection challenge for my Twitter followers before the talk but the solution can be seen below (from Twitter):

The Burp Suite HTTP Smuggler extension can be downloaded from: https://github.com/nccgroup/BurpSuiteHTTPSmuggler

This entry was posted in Security Posts

Creation date: August 13, 2018

Previous
MS 2018 Q4 – Top 5 Bounty Hunter for 2 RCEs in SharePoint Online
Next
SMB hash hijacking & user tracking in MS Outlook