с фри форумов по типу codeby все устарели, какие есть методы обхода WAF на 25 год для sqlmap?
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Какие есть актуальные обходы WAF для SQL инъекций через SQLmap на 2025 год?
It depends on each target, basically what you have to do is use burp suite's proxy in your sqlmap scan so all requests passes thru your burp in order for you to actually see what is blocking your payloads.
sqlmap has tamper scripts by default, i suggest always starting with --tamper=space2comment after try adding --tamper=space2comment,between and expand to your needs. Never try more then 2 - 3 tamper scripts as your scan will take ages.
Always include --time-sec=6 + or --delay=3 + i suggest 6 to act as human behavior.
Use --random-agent ( but not many times could be good ). Sometimes using a real recent user agent could help, example: --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
Always capture requests via burp proxy so you can use it as sqlmap -r file.txt in order to replicate human like actions via cookies captured with session and nonce.
If a target looks vulnerable, don't give up it's just a matter of finding the right bypass method witch all comes thru burp to make your work easier.
sqlmap has tamper scripts by default, i suggest always starting with --tamper=space2comment after try adding --tamper=space2comment,between and expand to your needs. Never try more then 2 - 3 tamper scripts as your scan will take ages.
Always include --time-sec=6 + or --delay=3 + i suggest 6 to act as human behavior.
Use --random-agent ( but not many times could be good ). Sometimes using a real recent user agent could help, example: --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
Always capture requests via burp proxy so you can use it as sqlmap -r file.txt in order to replicate human like actions via cookies captured with session and nonce.
If a target looks vulnerable, don't give up it's just a matter of finding the right bypass method witch all comes thru burp to make your work easier.
In 2025 manual work is no longer required, only in some particular conditions but it is very time wasting, capturing requests is the best idea to have a better view of what is actually happening with your request, a normal browser request might show only few details because of front / back wafs, modsec, openresty etc. Automation is the key to success nowdays.