From f8c7abee39f57e5820faca6da37be4d250124e5d Mon Sep 17 00:00:00 2001
From: Ally Petitt <76501220+ally-petitt@users.noreply.github.com>
Date: Wed, 31 May 2023 20:00:55 -0700
Subject: [PATCH] Clean up and add additional WAF bypass techniques to
waf-bypass.md
---
.../pentesting-web/waf-bypass.md | 55 +++++++++++++++++--
1 file changed, 51 insertions(+), 4 deletions(-)
diff --git a/network-services-pentesting/pentesting-web/waf-bypass.md b/network-services-pentesting/pentesting-web/waf-bypass.md
index f8e42e81..f5c7242b 100644
--- a/network-services-pentesting/pentesting-web/waf-bypass.md
+++ b/network-services-pentesting/pentesting-web/waf-bypass.md
@@ -12,13 +12,36 @@
+## Regex Bypasses
+Different techniques can be used to bypass the regex filters on the firewalls. Examples include alternating case, adding line breaks,
+and encoding payloads. Resources for the various bypasses can be found at [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/README.md#filter-bypass-and-exotic-payloads)
+and [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html). The examples below were pulled from [this article](https://medium.com/@allypetitt/5-ways-i-bypassed-your-web-application-firewall-waf-43852a43a1c2).
+
```bash
-# IIS, ASP Clasic
-<%s%cr%u0131pt> == #changing the case of the tag
+< #prepending an additional "<"
+ #using backticks instead of parenetheses
+java%0ascript:alert(1) #using encoded newline characters
+