Bypassing WAFs via Protocol-Level Parsing Discrepancies

TLDR: Modern Web Application Firewalls often fail to correctly interpret complex HTTP requests, leading to significant security gaps. By exploiting parsing discrepancies between the WAF and the backend application, researchers can successfully inject malicious payloads that bypass security filters entirely. This research introduces WAFManis, an automated fuzzing framework that identifies these protocol-level vulnerabilities by leveraging grammar-guided fuzzing and code-coverage feedback.

Web Application Firewalls are the industry standard for "virtual patching," but they are fundamentally limited by their ability to parse HTTP traffic exactly like the backend application they protect. If a WAF interprets a request differently than the underlying web server or framework, the security rules you spent weeks tuning become effectively useless. This is not a theoretical edge case. It is a structural weakness in how we deploy security at the edge.

The Mechanics of Parsing Discrepancies

The core issue identified in this research is that WAFs and web frameworks often use different logic to extract parameters from HTTP requests. When an attacker crafts a request that is interpreted as benign by the WAF but as a valid, malicious command by the backend, the WAF is bypassed. This is a classic Injection scenario, but one that occurs at the protocol layer rather than the application layer.

The researchers developed WAFManis to automate the discovery of these discrepancies. The framework uses a two-pronged approach: white-box testing on open-source HTTP parsers to generate high-quality test inputs, and black-box testing against live WAFs to confirm bypasses. By using grammar-guided fuzzing, the tool ensures that the generated requests are syntactically valid enough to reach the application logic, while still being malformed enough to trigger parsing errors in the WAF.

Exploiting the Protocol Layer

Three primary tactics emerged from the research, each demonstrating a different way to confuse the WAF's parser:

1. Parameter Type Confusion

WAFs often struggle when a single request contains multiple ways to define parameters. For example, by sending a request with conflicting Content-Type headers, an attacker can force the WAF to interpret the body as XML while the backend framework (like Flask) interprets it as URL-encoded data. If the WAF's XML parser is not perfectly aligned with the backend's parameter extraction, the malicious payload slips through.

2. Malformed Parameters

This technique involves crafting requests that are technically malformed but still accepted by the backend. A common example is adding a quote or an incomplete boundary separator in a multipart/form-data request. Many WAFs will drop these requests as invalid, but if the backend is more permissive, it will process the parameters anyway. The WAF effectively ignores the payload, leaving the application wide open to SQL Injection.

3. RFC Support Gaps

This is perhaps the most elegant bypass. It exploits features that are deprecated or rarely used but still supported by backend libraries. For instance, the Content-Transfer-Encoding header is largely deprecated, yet some Go-based web applications still support it for legacy reasons. If the WAF does not implement the same decoding logic, it will see an encoded string that looks like gibberish, while the backend decodes it into a perfectly executable SQL injection payload.

Real-World Testing and Impact

During a penetration test, you should never assume the WAF is a monolithic barrier. If you are testing an application behind a WAF, your first step should be to map out how the application handles different parameter formats. If you can send a multipart/form-data request with a slightly malformed boundary and still get a 200 OK response from the application, you have found a potential parsing discrepancy.

The impact of these bypasses is critical. Because the WAF is the primary line of defense for many organizations, a successful bypass means that traditional signature-based detection is completely neutralized. You are essentially operating in the clear, with the WAF providing a false sense of security while you test the application's actual vulnerability surface.

Defensive Considerations

Defending against these attacks is difficult because the problem lies in the implementation of the HTTP protocol itself. The best approach is to ensure that your WAF and your backend application are as closely aligned as possible in their parsing logic. If you are using a WAF, regularly audit its configuration to ensure it is not ignoring malformed requests that your backend might be accepting. Furthermore, prioritize input validation at the application level. Never rely on the WAF to sanitize your inputs; if the WAF is bypassed, your application should still be resilient enough to handle the malicious input safely.

The research presented at Black Hat 2024 serves as a stark reminder that security tools are only as good as their understanding of the traffic they inspect. As web frameworks continue to evolve and support more complex, often obscure, features of the HTTP protocol, the gap between WAFs and backends will likely widen. For researchers and pentesters, this is a fertile area for finding high-impact bugs. For everyone else, it is a reason to stop trusting the "green light" from your security dashboard and start verifying your defenses against the actual traffic hitting your servers.