An automated Python script intended to test a host of bypass methods against a WAF-filtered URL.
Payloads are optional, and can be used as an argument and included in testing requests.
Bypass methods include - but are not limited to:
- A variety of HTTP header manipulation techniques
- Localhost Spoofing
- URL manipulation
- Obfuscation techniques
All operating systems capable of processing:
- Python 3.9
- Developers:
vipa @ Datura Data
- Contributors:
[ NULL as of now ]
sys
argparse
time
os
requests
itertools
threading
As of v0.1, there are two (REQUIRED) arguments that must be passed while running the 'WAFFLE.py' script.
| Argument | Example | Usage |
|---|---|---|
| URL | --url | Target URL |
| Payload | --payload | Malicious code to be tested |
Example:
$ python3 WAFFLE.py --url <url> --payload <SQLi/XSS/RCE/LFI/... Payload>
| Function | Progress |
|---|---|
| Multi-threading | IN-PROCESS |
| LFI manipulation | IN-PROCESS |
| Header manipulation | IN-PROCESS |
| Input tampering | ✔ |
| RFI manipulation | ✖ |
| Neat & Tidy, Efficient code | ✖ |
**
If you found this project useful - please drop a like, watch, contribute, suggest, and donate! 🍄
Give a ⭐️... If you know what's good for you!