This tweet reveals an interesting technique used to bypass Web Application Firewalls (WAF). The user @OriginalSicksec explains how a Link Shortener service helped in bypassing WAF protections. Link shorteners take a long URL and shorten it into a condensed version, often hiding the original URL structure. This can be exploited to bypass WAFs that rely on pattern matching and URL inspection. When the WAF scans the URL, it only sees the shortened link and cannot analyze the underlying parameters or malicious payloads contained in the expanded URL. This approach can work universally against many WAF products since it targets the URL analysis mechanism, which is common across WAF vendors. It highlights the need for WAF systems to follow redirects and inspect the expanded URLs thoroughly rather than just the shortened ones. In summary, link shorteners can be a simple yet effective tool to bypass WAF protections that do not properly analyze URL redirections.
Check out the original tweet here: https://twitter.com/imooaaz/status/1936489984292200681