GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → LandGrey → Abuse Ssl Bypass Waf

LandGrey / Abuse Ssl Bypass Waf

Bypassing WAF by abusing SSL/TLS Ciphers

Programming Languages

python
139335 projects - #7 most used programming language
python27
39 projects

Labels

bypass

Projects that are alternatives of or similar to Abuse Ssl Bypass Waf

Uac Escaper
Escalation / Bypass Windows UAC
Stars: ✭ 72 (-64.18%)
Mutual labels:  bypass
Facebook ssl pinning
Bypassing SSL Pinning in Facebook Android App
Stars: ✭ 95 (-52.74%)
Mutual labels:  bypass
Psbypassclm
Bypass for PowerShell Constrained Language Mode
Stars: ✭ 138 (-31.34%)
Mutual labels:  bypass
Winpayloads
Undetectable Windows Payload Generation
Stars: ✭ 1,211 (+502.49%)
Mutual labels:  bypass
Gld
Go shellcode LoaDer
Stars: ✭ 91 (-54.73%)
Mutual labels:  bypass
Pingtunnel
ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding.
Stars: ✭ 1,904 (+847.26%)
Mutual labels:  bypass
Gtfonow
Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries
Stars: ✭ 68 (-66.17%)
Mutual labels:  bypass
Stracciatella
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
Stars: ✭ 171 (-14.93%)
Mutual labels:  bypass
Pentest Guide
Penetration tests guide based on OWASP including test cases, resources and examples.
Stars: ✭ 1,316 (+554.73%)
Mutual labels:  bypass
Whatwaf
Detect and bypass web application firewalls and protection systems
Stars: ✭ 1,881 (+835.82%)
Mutual labels:  bypass
Att
Using Asuswrt-Merlin to bypass AT&T's residential gateway
Stars: ✭ 79 (-60.7%)
Mutual labels:  bypass
Humanoid
Node.js package to bypass CloudFlare's anti-bot JavaScript challenges
Stars: ✭ 88 (-56.22%)
Mutual labels:  bypass
Instagram ssl pinning
Bypassing SSL Pinning in Instagram Android App
Stars: ✭ 135 (-32.84%)
Mutual labels:  bypass
Ultimateapplockerbypasslist
The goal of this repository is to document the most common techniques to bypass AppLocker.
Stars: ✭ 1,186 (+490.05%)
Mutual labels:  bypass
Antimalware Research
Research on Anti-malware and other related security solutions
Stars: ✭ 163 (-18.91%)
Mutual labels:  bypass
Exploits
Miscellaneous exploit code
Stars: ✭ 1,157 (+475.62%)
Mutual labels:  bypass
Disable Windows Defender
Changing values to bypass windows defender C#
Stars: ✭ 107 (-46.77%)
Mutual labels:  bypass
Mysql Unsha1
Authenticate against a MySQL server without knowing the cleartext password
Stars: ✭ 191 (-4.98%)
Mutual labels:  bypass
Aboutsecurity
A list of payload and bypass lists for penetration testing and red team infrastructure build.
Stars: ✭ 166 (-17.41%)
Mutual labels:  bypass
Silentbridge
Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.
Stars: ✭ 136 (-32.34%)
Mutual labels:  bypass
View All Similar Projects ➔

abuse-ssl-bypass-waf

Helping you find the SSL/TLS Cipher that WAF cannot decrypt and Server can decrypt same time

Referer article: Bypassing Web-Application Firewalls by abusing SSL/TLS

Idea

Usage

python abuse-ssl-bypass-waf.py --help

If you can find keyword or regex when hit the WAF page, you can use:

python abuse-ssl-bypass-waf.py -regex "regex" -target https://target.com

or you cannot find keyword or regex when filter by WAF,you can use:

python abuse-ssl-bypass-waf.py -thread 4 -target https://target.com

Notice: If you are worry about WAF drop the connection, you have better not use -thread option.

Thirdparty

curl

sslcan

Notice: If your operation system is not Windows, you should be modify config.py ,adjust curl and sslscan path & command values.

Running

If you don't know what the type of the WAF, you can compare the html response content length and try to find the bypassing WAF ciphers

knowing the hit WAF page keyword or regex:

When using some SSL/TLS ciphers request the payload URL, If WAF keyword or regex not in html page, there is a way bypassing WAF using Cipher!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].