It was a big surprise to see that people are actually using this project! Because of that, I decided to make it much better and more user-friendly
The most noticeable improvement is the complete redesign. The tool now looks more professional, includes a dark mode, and is much easier to navigate, just check it here:
Here is a summary of what else has changed in WAF Checker recently:
- Batch Testing: You can now test up to 100 URLs at once
- HTTP Protocol Manipulation: Added advanced tests for HTTP Verb Tampering, Parameter Pollution, and special headers (like
X-HTTP-Method-Override) to find hidden bypasses - Smart URL Handling: The
{PAYLOAD}placeholder can now be placed anywhere in the URL - New WAF Bypass Techniques:
- Added "support" for Base64 encoding (successfully bypasses NoSQL injection blocks)
- Updated the payload list with sensitive files and common system paths
- Documentation Update: The README is now a complete guide covering all 19 attack categories and WAF detection tips for Cloudflare, AWS, and Akamai
The project is completely free. You can follow its development or suggest new ideas here: https://github.com/SecH0us3/waf-checker
Feel free to suggest more features in the Issues section
Ah, the link to project https://waf.secmy.app/ (no sms/registration/ads etc...)
Top comments (0)