I had presented a conference talk in AppSec EU 2018 about WAF bypass techniques.
Some screenshots and my original tweet about it can be seen below:
Here are my WAF bypass talk slides at @appseceu 2018: https://t.co/LSWL9wdjSt Next to the slides here is the Burp Suite HTTP Smuggler extension: https://t.co/1wN3TRX7Y6 #appseceu @NCCGroupInfosec pic.twitter.com/EB1VcOhgoO
— Soroush Dalili (@irsdl) July 6, 2018
The SlidShare was URL was:
I had also created a SQL injection challenge for my Twitter followers before the talk but the solution can be seen below (from Twitter):
As some people couldn't quite solve the CTF (https://t.co/g0wZBAfsMc) using the AppSec EU slides, I have attached this slow video that shows how the sqli could be exploited – I used HTTP Smuggler but that could be done manually. It was hard to type while recording ;-) pic.twitter.com/qEkOxKJZhP
— Soroush Dalili (@irsdl) July 9, 2018
The Burp Suite HTTP Smuggler extension can be downloaded from:Ā https://github.com/nccgroup/BurpSuiteHTTPSmuggler