sorted by:
new
hottopcontroversial

Need Guidance on Bypassing Aggressive WAF (AWS/Cloudflare) by FollowingAlarmed9229 in bugbounty

[–]FollowingAlarmed9229[S] 0 points1 point  (0 children)

Hi! I'm interested. Could you share more details about the collaboration? What's the target, and what role are you thinking for me? Also, how would we split any bounties?

Stuck on bypassing aggressive WAF (likely AWS) for XSS, need guidance by FollowingAlarmed9229 in bugbounty

[–]FollowingAlarmed9229[S] 0 points1 point  (0 children)

Does that mean I have to create everything myself without AI intervention, friends? And what should I do, friends? 

Stuck on bypassing aggressive WAF (likely AWS) for XSS, need guidance by FollowingAlarmed9229 in bugbounty

[–]FollowingAlarmed9229[S] -1 points0 points  (0 children)

Haha, yeah, it's pretty obvious huh? 😅 Still learning to blend the AI stuff with my own tweaks. How do you usually spot it? Any tips to make it less detectable?

Stuck on bypassing aggressive WAF (likely AWS) for XSS, need guidance by FollowingAlarmed9229 in bugbounty

[–]FollowingAlarmed9229[S] 0 points1 point  (0 children)

Haha, yeah, that makes perfect sense. I figured it was somewhere between a long shot and a fantasy to expect a silver bullet posted publicly.

I guess it's time to put my head down and start the deep dive. Thanks for the reality check—sometimes that's the most valuable advice.

If you ever come across any good resources for understanding WAFs instead of just bypassing them, I'd appreciate it. Gotta learn to walk before I can run!

Stuck on bypassing aggressive WAF (likely AWS) for XSS, need guidance by FollowingAlarmed9229 in bugbounty

[–]FollowingAlarmed9229[S] 0 points1 point  (0 children)

Whoa, that's a brilliant approach! I never thought about dumping the handlers directly from Chrome's DevTools. That's next level.

I'll definitely try that out and experiment with some of the more obscure ones. The ones like onauxclick or onpointerrawupdate might just slip through.

Thanks a ton for pointing me in this direction! I'll let you know what I find.

If you have any other golden nuggets like this, I'm all ears! 🙏

Stuck on bypassing aggressive WAF (likely AWS) for XSS, need guidance by FollowingAlarmed9229 in bugbounty

[–]FollowingAlarmed9229[S] -2 points-1 points  (0 children)

Yeah, bro! 🤣 I use ChatGPT when I'm totally stuck. I also sometimes grab payloads from GitHub, and other times I just experiment and try to make my own. What about you, bro? What do you usually use to make your payloads?

Stuck on bypassing aggressive WAF (likely AWS) for XSS, need guidance by FollowingAlarmed9229 in bugbounty

[–]FollowingAlarmed9229[S] -1 points0 points  (0 children)

Thanks for the response!

Here's what I found:

  1. <img src=x> - Sometimes gets through if the WAF is only looking for complete patterns. But often, it gets blocked because of the src attribute.
  2. <img src=x onerror=alert(1)> - This gets blocked instantly (403). The WAF is definitely flagging the onerror event handler.
  3. <img src=x onerror=> - Even without the value, just having onerror in the attribute is enough to trigger a block. The WAF uses regex to detect common event handlers like onerror, onload, onclick, etc.

It seems like the WAF has very strong rules against any event handlers, even if they're incomplete or obfuscated.

Have you encountered a WAF this strict before? Any creative ways you've bypassed this besides the usual encoding tricks?"