Filter Profile and WAF Fingerprint
Filter profile
Add characters or keywords the target blocks (<, (, alert, script, …). The builder will:
- Sort compatible templates to the top
- Show per-token analysis on the generated payload (raw / encoded / eliminated)
- Suggest bypass ideas for blocked tokens
Use presets for common restrictions, and save profiles to reload token sets across sessions.
WAF fingerprint
When enough tokens match known patterns, xsspayloads scores likely WAF products (Cloudflare, ModSecurity/CRS, Akamai, AWS WAF, Imperva) and offers shortcuts to relevant bypass templates.
Workflow
- Probe the target with canary strings and note what gets stripped or transformed.
- Add blocked tokens to the profile.
- Pick a clean or partially clean template, then layer encodings/mutations.
- Use the fuzzer to rank variants against the same profile.