Pentest Tools
Published on May 2nd, 2015 📆 | 1656 Views ⚑
0Payload Mask v1.0 – Payload Generator for Bypass WAF
iSpeech
Payload Mask is an open source tool to generate payload list to try bypass Web Application Firewall, you can use a big list of encodes and techniques to convert your payload list. Payload Mask is licensed under GPLv3.
Requirements:
- Need ”GCC” and ”make”
- Current version tested only Unix Like systems(Linux, MacOS and *BSD).
[adsense size='1']
Examples:
You can use comments to bypass WAF:
https://www.site.com/index.php?page id=-15 /*!UNION*//*!SELECT*/ 0,1,2,3...
You can also change the Case of the Command:
https://www.site.com/index.php?page id=-15 UnIoN sELecT 0,1,2,3...
You can combine methods:
https://www.site.com/index.php?page id=-15 /*!uNIOn*//*!sElECt*/ 0,1,2,3.
More Information:
Gloss