asm capabilities encoded request

Question

Hi
&nbsp;i m doing Xss attack to the ASM with

hooleylist · Answer

Hi Zafer, 
&nbsp;  
&nbsp; ASM doesn't currently provide an option to base64 decode request components.  But most web servers won't do this either so it's not a problem.  If the web application does base64 decode whatever request component you're putting the base64 encoded attack string in, then you'd have a potential issue.   
&nbsp;  
&nbsp; What kind of app are you testing? 
&nbsp;  
&nbsp; Aaron

zafer_101134 · Answer

Hi hoolio&nbsp;
&nbsp;the customer use apache tomcat.
&nbsp;We tested several attack methods to the ASM and i can't find how to block encoded request based on hex and base64&nbsp;
&nbsp;regards
&nbsp;zafer&nbsp;&nbsp;

Forum Discussion

asm capabilities encoded request

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

BIG-IP Meets DoD’s Needs for Next Level Logging Capabilities

Base32 Encoder and Decoder

HTML encoding proc

BER and DER: Why Encoding and Decoding Matter

Python SDK Cookbook: Encoding URLs and Using Proxies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS