Ever run into a WAF that stops you dead in your tracks in exploiting a vulnerability?
Annoyed because you know a WAF doesn’t actually fix the underlying issues.
Well I know I have. And I hope that this tool comes in handy in the future.
It’s called TamperThemAll and it takes payloads you feed into it and creates permutations and combinations for you to use against a WAF.
Check it out HERE
Install it like so
cd /opt/WEB sudo git clone https://github.com/francescolacerenza/TamperThemAll
Use it like this:
python3 tta3.py -p '<script>alert(document.domain)</script>' -l 3 -o out