While we doing web application penetration testing for our clients, we may some time have to face the Web application Firewall that blocks every malicious request/payload.

There are some Cheat sheets available on internet that helped to bypass WAF in the past. However, those cheats won't work with the modern WAFs and latest browsers.  

So, here is need for creating new Cheat sheet.

One of the top security researcher Rafay Baloch has done an excellent job by organizing his own techniques to bypass modern WAFs and published a white paper on that.

The paper titled "Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters" covers only the techniques needed for bypassing XSS filters.

Rafay promised to write other vulnerabilities' bypassing techniques in his next paper.

Download XSS Cheat Sheet