Web Application Firewalls (WAFs) are the first line of defense for countless online services, yet a new approach—dubbed WAFFLED—demonstrates how subtle parsing mismatches can let malicious traffic slip through.
Researchers at Northeastern University and Dartmouth College have unveiled a systematic method that exploits differences in how WAFs and web application frameworks interpret HTTP requests, revealing over 1,200 unique bypasses across major WAF platforms.
Traditional WAF evasion techniques rely on obfuscating payloads or encoding attacks so that the firewall’s signature or anomaly rules fail to detect them.
However, modern WAFs and rulesets—including the OWASP Core Rule Set—already defend against most known obfuscation methods. The WAFFLED team shifted focus away from payload distortion and toward content parsing discrepancies.
By crafting requests that adhere to HTTP standards but use rarely exercised grammar features—such as multipart/form-data boundary continuations, XML namespace quirks, and unconventional JSON formatting—they trick WAFs into misidentifying the structure of the message.
Once past the WAF, the back-end framework’s parser correctly reconstructs the malicious payload and executes it.
Using a grammar-aware fuzzer based on T-Reqs, the researchers generated hundreds of thousands of mutated requests targeting five popular WAFs—AWS WAF, Azure WAF, Google Cloud Armor, Cloudflare WAF, and ModSecurity on NGINX—and six mainstream frameworks, including Flask, Express, and Spring Boot.
Their experiments uncovered 1,207 unique bypass vectors, with each vector representing the minimal mutation required to evade the WAF’s parser while still being accepted by the application framework.
Web Application Firewalls
To assess how these bypass techniques translate to real-world scenarios, the team analyzed 100 “forgot-password” pages on popular English-language websites using PublicWWW.
They identified that over 90% of these pages interchangeably accepted application/x-www-form-urlencoded and multipart/form-data requests.
This interchangeability means an attacker can easily switch content types and apply WAFFLED’s multipart bypass techniques against a majority of sites.
Additionally, one-quarter of the sites already used JSON request bodies, making the JSON-focused bypasses equally practical at scale.
Across the surveyed WAF-framework pairs, all platforms except AWS WAF exhibited at least one parsing-based vulnerability.
For example, Cloudflare WAF and ModSecurity were circumvented using malformed multipart boundaries, while Azure WAF and Google Cloud Armor fell prey to XML DOCTYPE confusion and JSON field-name hacks.
In controlled live tests—never exceeding ten requests per site and adhering to bug-bounty guidelines—the team confirmed these bypasses on production systems, leading to acknowledgments and bug bounties from major vendors.
The success of this proof-of-concept suggests that enforcing uniform parsing standards across the security and application layers can eliminate parsing-based bypasses, closing a critical gap in modern web security.
WAFFLED: HTTP-Normalizer
Recognizing the severity of these parsing attacks, the researchers developed HTTP-Normalizer, a proxy tool that rigorously enforces HTTP and MIME grammar as defined by relevant RFCs.
According to Report, Positioned in front of a WAF, HTTP-Normalizer parses incoming requests using a strict ABNF-derived parser.
Non-compliant or ambiguous constructs are rejected outright, while valid requests are normalized—removing deprecated features, standardizing header capitalization, and ensuring consistent formatting—before forwarding to both the WAF and the application.
In validation tests against 63 known bypass requests, HTTP-Normalizer rejected or normalized all attempts; none slipped through when coupled with a WAF.
While HTTP-Normalizer currently supports solely multipart/form-data, its architecture can be extended to JSON and XML, offering a blueprint for strengthening WAF defenses without degrading legitimate traffic.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
 are the first line of defense for countless online services, yet a new approach—dubbed WAFFLED.){kind=link}