When using software to scan for security holes, it is often not possible to bypass the WAF trick wall, just send the first request and it will be blocked, including crawling. You can bypass WAF by changing the packet’s header with one of the following headers. Depending on each Scan Tool, there will be a different way to change.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
In addition to changing the Header, you need to pay attention to adjust Chrome’s user-agent, encoding to UTF-8, reducing the frequency of sending Requests. So the possibility Bypass WAF with tool scan vulnerability will be more effective.
List of Headers used to Bypass WAF
X-Forwarded-Host X-Forwarded-Port X-Forwarded-Scheme Origin: nullOrigin: [siteDomain].attacker.com X-Frame-Options: Allow X-Forwarded-For: 127.0.0.1 X-Client-IP: 127.0.0.1 Client-IP: 127.0.0.1 Proxy-Host: 127.0.0.1 Request-Uri: 127.0.0.1 X-Forwarded: 127.0.0.1 X-Forwarded-By: 127.0.0.1 X-Forwarded-For: 127.0.0.1 X-Forwarded-For-Original: 127.0.0.1 X-Forwarded-Host: 127.0.0.1 X-Forwarded-Server: 127.0.0.1 X-Forwarder-For: 127.0.0.1 X-Forward-For: 127.0.0.1 Base-Url: 127.0.0.1 Http-Url: 127.0.0.1 Proxy-Url: 127.0.0.1 Redirect: 127.0.0.1 Real-Ip: 127.0.0.1 Referer: 127.0.0.1 Referrer: 127.0.0.1 Refferer: 127.0.0.1 Uri: 127.0.0.1 Url: 127.0.0.1 X-Host: 127.0.0.1 X-Http-Destinationurl: 127.0.0.1 X-Http-Host-Override: 127.0.0.1 X-Original-Remote-Addr: 127.0.0.1 X-Original-Url: 127.0.0.1 X-Proxy-Url: 127.0.0.1 X-Rewrite-Url: 127.0.0.1 X-Real-Ip: 127.0.0.1 X-Remote-Addr: 127.0.0.1 X-Custom-IP-Authorization:127.0.0.1 X-Originating-IP: 127.0.0.1 X-Remote-IP: 127.0.0.1 X-Original-Url: X-Forwarded-Server: X-Host: X-Forwarded-Host: X-Rewrite-Url:
In the following article, I will guide you to scan Website vulnerabilities with Nuclei and configure it to bypass WAF when blocked.