I'm curious about the behavior of modern Web Application Firewalls (WAFs) when it comes to dealing with requests originating from intercepting proxies. I'd appreciate any insights, experiences, or recommended practices on this topic.
My understanding of intercepting proxies is that they sit between the client and the server, intercepting and modifying network traffic. However, I'm unsure about how WAFs handle such requests. Do they have mechanisms in place to detect and respond to requests that have been intercepted by proxies?
I have been working on a Bug Bounty program recently and found that the requests which is originating from Burp Suite are getting actively blocked. The site uses Akamai WAF. I did some research to have a better understanding about how the WAF's in general are capable to pinpoint the request coming from intercepting proxies. I also found that this is not a new issue, many researchers have been getting blocked from sites from last few years.
After understanding that WAF protection rules are specific to web applications and may vary depending upon the application, i tried basic bypass techniques like encoding, content splitting, obfuscation, parameter pollution, etc.. but no luck. This is making me wonder can modern Web Application Firewalls (WAFs) detect requests originating from intercepting proxies.
If anyone has encountered such scenarios, i would love to hear about your experiences. Also Sharing any relevant research, documentation, or recommended practices would be greatly appreciated.
