Hello Brent, Thank you for the link to the presentation and the article.
Khalil Bijjou also presented at DeepSec Vienna in November and I have been in touch with him briefly afterwards. I used the tool a bit, yet it is not quite easy as the documentation is lacking in my eyes (--help does not give you all the options. You need to look in the source code) and I could not get my head around the fuzzing options. Also the article on blackmoreops is very brief and the video does not answer all the questions. So what I would really love to see is a demonstration of this WAFNinja tool against CRS3 with a report on the bypasses discovered by WAFNinja. I should probably dig deeper myself, but too much on my plate these days. Ahoj, Christian On Thu, Dec 14, 2017 at 09:40:30AM +0200, Brent Clark wrote: > Good day Guys > > I just thought I would share a video tutorial that may be of interest. > > > https://www.youtube.com/watch?time_continue=4&v=SD7ForrwUMY > > I came to know of the above tut via > > https://www.blackmoreops.com/2017/12/13/bypass-web-application-firewall-using-wafninja/ > > Hope this helps and is of some help to the project and community. > > Regards > > Brent > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:christian.fol...@netnea.com twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
