melihtanfayed at engineer.com melihtanfayed at engineer.com
Fri Feb 4 06:10:25 EST 2011

I have seen this in turkish owasp mailing list. it is not smart but usefull for testing waf systems.

waf tester - http://ttlexpired.com/blog/?p=234


From: websecurity-bounces at lists.webappsec.org[mailto:websecurity-bounces at lists.webappsec.org] On Behalf Of RyanDewhurst
Sent: Wednesday, February 02, 2011 1:37 PM
To: websecurity at lists.webappsec.org
Subject: [WEB SECURITY] WAF XSS Fuzzer?!
Hi list,

I was wondering if such a thing existed and if not, would such a thing bepossible? 

Or does WAF evasion always need some degree of intelligence to produce a viablepayload?

I must admit my WAF evasion knowledge is quite poor. I am awaiting The WebApplication Obfuscation book as a starting point.


Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110204/a6508fc0/attachment-0003.html>

More information about the websecurity mailing list