When bypassing a WAF for XSS payloads, one common technique is to use a simple payload like <script>alert(1)</script> to test the WAF's filtering mechanisms. This can help identify if the WAF is blocking specific characters or patterns. It's important to understand the WAF's behavior and customize the payload accordingly. For more advanced bypass techniques, additional evasion methods may be required. Remember to always test on your own applications or with proper authorization.