ghostonbutterbread/waf

WAF Interceptor Skill

Auto-detect and bypass WAF blocks in any harness.

Required Preflight

Read shared state in this order before testing:

1. notes/summary.md
2. notes/observations.md
3. checklist.md (WAF items only)
4. todo.md (WAF items only)

Primary Harness

Use agents/bypass_harness.py when you need a CLI entrypoint and want agents/waf_interceptor.py engaged automatically. Use agents/waf_interceptor.py directly only when embedding the interceptor into a custom harness or a narrow manual repro.

python agents/bypass_harness.py --target https://target.com/admin --type 403 \
  --program target --concurrency 5 --rps 1

Module

agents/waf_interceptor.py

Mode Matrix

| Mode | Use When | What It Does | |------|----------|--------------| | fingerprint | You need to identify the blocking layer first | Detects likely WAF family from responses | | tier1 | Plain requests are blocked but payloads are simple | Retries with delays, header rotation, cookies, and path tricks | | tier2 | Payload-carrying requests are blocked after Tier 1 | Obfuscates query values in addition to Tier 1 bypasses | | wrap | Another harness already made the request | Reuses the existing response and only retries if blocked |

Primary Commands

# WAF-aware 403 probing
python agents/bypass_harness.py --target https://target.com/admin --type 403 \
  --program target --concurrency 5 --rps 1

# WAF-aware SSRF probing
python agents/bypass_harness.py --target https://target.com/fetch?url=x --type ssrf \
  --param url --program target --concurrency 5 --rps 1

CLI Notes

agents/bypass_harness.py

| Option | Description | |--------|-------------| | --target, -t | Target URL (required) | | --type, -T | Bypass type such as 403, ssrf, idor, or race | | --param, -p | Parameter name for injection-driven types | | --program | Program name for shared storage | | --output-dir, -o | Override raw artifact directory | | --timeout | Request timeout in seconds | | --concurrency, -c | Max parallel requests | | --rps | Requests per second | | --verbose, -v | Verbose debug output | | --quiet, -q | Show hits only |

Direct Interface

Quick Start

from agents.waf_interceptor import WAFInterceptor

# Sync (uses requests)
waf = WAFInterceptor(target="https://target.com", program="acme")
resp = waf.get("/admin")
resp = waf.post("/api/login", json={"user": "test"})

# Async (pass existing httpx.AsyncClient)
resp = await waf.aget("/admin", client=client)

# Wrap an already-made response (zero-cost if not blocked)
resp = await waf.wrap_async(client, "GET", url, resp)

Supported WAFs (13 types)

| WAF | Detection Method | |---|---| | Akamai | Body: AkamaiGHost, Reference #, AS-DOS-CID | | Cloudflare | Body: Ray ID:, cf-ray header, Checking your browser | | AWS WAF / CloudFront | Body: Generated by cloudfront, X-Cache: Error header | | Imperva / Incapsula | Body: Incapsula incident ID, incap_ses cookie | | F5 BIG-IP | Body: TS=4b63, support ID, BIGipServer cookie | | Sucuri | Body: Sucuri WebSite Firewall, sucuri-waf header | | Wordfence | Body: generated by Wordfence, wordfence.com | | ModSecurity | Body: ModSecurity, mod_security | | FortiWeb | Body: FortiWeb, Attack ID: | | Citrix NetScaler | Body: Netscaler, NSC_ cookie | | DDoS-Guard | Body: DDoS protection by, ddos-guard | | PerimeterX | Body: px-captcha, pxi.pub | | DataDome | Body/header: datadome |

Bypass Techniques

Each WAF has a tailored bypass list, followed by generic fallbacks:

• Delay: Rate limit evasion (delay: N seconds)
• User-Agent rotation: Chrome, iPhone, Googlebot, Bingbot
• Header injection: X-Forwarded-For, CF-IPCountry, True-Client-IP
• Path case variation: lower / UPPER / rAnDoM
• Path prefix tricks: //, /%2e, etc.
• Cookie passthrough: Preserve WAF session cookies on retry

Output Files

~/Shared/bounty_recon/{program}/agent_shared/findings/waf/
├── blocks_log.txt    # Every WAF block: WAF name, method, path, status, evidence
├── bypasses_log.txt  # Every successful bypass: technique + result status
└── summary.json      # Running stats: total_requests, waf_blocks, bypass_success, bypass_fail

Integration in bypass_harness.py

Already integrated. All _get() calls in BypassOrchestrator automatically:

1. Make the normal request
2. Check for WAF block with detect_waf()
3. If blocked → retry with wrap_async() until bypass succeeds or list exhausted
4. Log all blocks and bypasses to the WAF output directory

Standalone Detection

from agents.waf_interceptor import WAFInterceptor
import httpx

resp = httpx.get("https://target.com/admin")
waf_name = WAFInterceptor.fingerprint(resp)
print(waf_name)  # "Cloudflare" | "Akamai" | None

Stats

waf = WAFInterceptor(target=..., program=...)
# ... make requests ...
waf.print_summary()
# [WAF Interceptor Summary]
#   Total requests : 150
#   WAF blocks     : 12 (8.0%)
#   Bypasses OK    : 9 (75.0%)
#   Bypasses fail  : 3

Files

• Playbook: $HARNESS_ROOT/prompts/waf-playbook.md
• Shared Root: $HARNESS_SHARED_BASE/{program}/agent_shared/
• WAF Findings: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/waf/findings.md
• WAF Artifacts: $HARNESS_SHARED_BASE/{program}/agent_shared/findings/waf/

Workflow

1. Complete the required preflight reads in shared state order.
2. Read prompts/waf-playbook.md.
3. Use agents/bypass_harness.py for CLI-driven testing or agents/waf_interceptor.py directly inside a custom flow.
4. Record raw blocks and bypasses in the WAF artifact directory.
5. Write findings to agent_shared/findings/waf/findings.md.
6. Update WAF entries in checklist.md, todo.md, and relevant notes.