root@ubuntu20:/opt/waf-bypass# docker run nemesida/waf-bypass --host='www.dingjunkj.com'

^C

Target: http://www.dingjunkj.com

Proxy:

Timeout: 30s

Threads: 5

Block code: 403

Exclude dirs:

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36

An incorrect response was received while processing request from file /opt/waf-bypass/payload/SSI/1.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/API/3.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/RCE/5.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/API/1.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/SSI/2.json in URL: 0
An error occurred while processing file /opt/waf-bypass/payload/RCE/5.json in BODY: WBHTTPConnectionPool(host='www.dingjunkj.com', port=80): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f5ffce55070>, 'Connection to www.dingjunkj.com timed out. (connect timeout=30)'))
An incorrect response was received while processing request from file /opt/waf-bypass/payload/API/2.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/SSI/5.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/RCE/22.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/NoSQLi/6.json in URL: 0
An error occurred while processing file /opt/waf-bypass/payload/RCE/22.json in COOKIE: WBHTTPConnectionPool(host='www.dingjunkj.com', port=80): Read timed out.
An incorrect response was received while processing request from file /opt/waf-bypass/payload/RCE/15.json in URL: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/NoSQLi/2.json in URL: 0
An error occurred while processing file /opt/waf-bypass/payload/RCE/15.json in ARGS: WBHTTPConnectionPool(host='www.dingjunkj.com', port=80): Read timed out.
An incorrect response was received while processing request from file /opt/waf-bypass/payload/RFI/4.json in ARGS: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/RFI/4.json in ARGS: 0
An incorrect response was received while processing request from file /opt/waf-bypass/payload/RFI/4.json in ARGS: 0

Keyboard Interrupt

Run the script according to the tutorial, and report this error directly. Has any brother Jimei encountered this error? How did you solve it?

Hi，it was used normally a few days ago, but now it reports an error when it is used。
Error message ：
error occurred while processing payload from file path\xxx.json: list index out of range�

tnx

Hi guys, I'm curious what is BYPASSED, PASSED etc. means in the results of the program? Can you provide a little description, please? I'm a little confused about how to interpret the results...

For the False Negative test:

1. Does the PASSED means "Not vulnerable"? Does it mean that payloads in this column didn't triggered WAF Bypass and WAF successfully blocked the malicious request?
2. Does the BYPASSED means "Vulnerable"? Does it mean that payloads in this column triggered WAF Bypass and WAF failed to block the malicious requests?
3. FAILED is about Failed requests? (e.g.,cannot connect to server, incorrect response code etc.) I found it in your code, but can you confirm that?

For the False Positive test:

1. Does the PASSED means "Not vulnerable"? Does it mean that payloads in this column didn't triggered WAF Bypass and WAF successfully blocked the malicious request?
2. Does the FALSED means that WAF blocks the Legitimate requests and that's why it's "Vulnerable"?

By the way, your program is awesome, thanks <3

The --json-format option is nice, and does give some indication of the details of what went wrong, but
it replaces the original text format, so there's no way to get both.

' or /!u%6eion/ /!se%6cect/ 1,2,3,4,5,6,7,8,9,0,11 '--

After using waf-bypass, often one wants to zero in on individual failures and replay them, but it seems hard to do.

waf-bypass could make this easier in many ways.

For instance, it could output curl commands (a la https://github.com/ofw/curlify) or a json equivalent (a la https://curlconverter.com/json) for each failure case to a log file.
Alternately, it could provide a --replay option that accepts an identifier from log file and replays just that one request.

The portion of URLs after # is for client-side processing and does not get sent to the server in HTTP requests. Therefore, there is no way for a WAF to block this request, as it would only receive /do.php instead of the full /do.php#.png

/do.php is not malicious in and of itself and therefore the UWA/26.json payload should not be expected to be blocked by a WAF.

I run the script and get result but have no idea how to find the payload detail. I need look into each payloads resulting to false negative to verify the test result.
Thanks