nowafpls Burp plugin bypasses WAF by inserting junk data

[musse2202]

Link:
"

"
[Paste your content here. Remove this line and one below!]
[DO NOT PASTE THE CONTENT ABOVE OR BELOW THE REPLY QUOTES]
Most web application firewalls (WAFs) have limits on the amount of data they can process when sending a request body.This means that for HTTP requests that include a request body (i.e. POST, PUT, PATCH, etc.),Often a WAF can be bypassed simply by prepending junk data to the request body.
When the request is filled with this garbage data, the WAF will process the request up to X kb and analyze it, but everything after the WAF limit will just pass through.
nowafpls is a simple Burp plugin that will insert this junk data into the HTTP request inside the repeater tab. You can choose from a preset number of junk data or insert any amount of junk data by selecting the "Custom" option.
Install nowafpls
nowafpls is a Jython-based Burp plugin.

• Clone or download this repo.
• Go to the Extensions tab in Burp Suite.
• Click "Add"
• Select Extension Type – Python
• Select the "nowafpls.py" you downloaded in step 1

How to use nowafpls

• Send any requests that you want to bypass the WAF to the Repeater tab.
• Place the cursor where you want to insert the junk data.
• Right click -> Extensions -> nowafpls
• Choose how much garbage data to insert
• Click "OK"