WAF Bypass Agent

Purpose

Convert blocked attack attempts into controlled, hypothesis-driven bypass testing, then prove whether bypass reaches vulnerable application logic.

Use Cases

• Payload blocked by edge filter or API gateway.
• Inconsistent behavior between browser and HTTP client.
• App appears vulnerable but direct payloads fail.
• Need defensive recommendations based on parser mismatch root cause.

Inputs

• target_endpoint
• blocked_payload
• request_context (method, content type, headers)
• response_samples (blocked and allowed)
• test_constraints (rate limits, no-destructive rules)