This tweet announces a resource called Awesome-WAF, which is a curated list of payloads and tricks designed to bypass Web Application Firewalls (WAFs). The list is not limited to a specific vulnerability type but offers various techniques to evade detection and filtering by different WAF products. The resource can be effectively combined with automation tools like Wfuzz or Burp Suite rules to carry out evasive API attacks. This makes it a valuable tool for pentesters and security researchers looking to test and find vulnerabilities in APIs protected by WAFs. The repository mentioned in the tweet provides practical payloads that can be used to craft attacks that bypass WAF rules, enhancing the ability to conduct thorough security assessments on web applications and APIs.
Original tweet: https://twitter.com/kalki_x0/status/1955335436349395114