▲ 35 r/offensive_security+5 crossposts

Got an AI agent past a Cloudflare WAF by giving it a RAG over past bypass research

Sharing a workflow that worked for me. The retrieval layer involved is my own project, so mentioning that upfront.

Setup: I was testing an XSS on a target behind Cloudflare, and every payload I tried was getting blocked by the WAF.

This time, instead of manually digging through old writeups, I gave my agent access to a retrieval layer built on top of a corpus of web security research (Preview RAG). The agent queries it in plain language, gets back actual writeups with sources attached, and uses that context to generate and test payload variants. One of those variants eventually got through and the XSS fired.

I'm not claiming the bypass itself is novel. It may already exist in a public writeup somewhere. What mattered to me was the workflow: the agent wasn't limited to whatever happened to be inside its training data. It could pull in relevant prior research and iterate from there.

That's the main reason I built this in the first place. Models have a training cutoff, but WAF evasion evolves quickly. Public bypasses get patched, new techniques appear, and the most useful information is usually the newest information. A retrieval layer helps bridge that gap.

The corpus is updated regularly and exposed over MCP, so it can be connected to any model with minimal setup, including smaller open-weight models.

Current limitations: it's strongest on client-side topics right now—XSS, WAF evasion, CSP, CORS, SSRF, request smuggling, and similar areas. Server-side coverage is improving, but still thinner, and it definitely won't have an answer for every problem.

Happy to share more about the setup. I'm honestly more interested in where this approach fails than where it succeeds. If you've experimented with agent-driven WAF bypassing and ran into hard limits, I'd love to hear about them.

u/Substantial_Kick4689 — 15 hours ago

A searchable knowledge base of web security research, for you or your AI agent

Built a small tool web security research.

You query it in plain English and it returns actual writeups with the source URL and the exact section that matches your question. No AI summaries or made-up answers.

Right now it's focused on XSS, WAF bypasses, CSP, CORS, SSRF, request smuggling, XS-Leaks, cache poisoning, prototype pollution, JWT/auth stuff, etc. Server-side coverage is next.

I mainly built it because when I'm stuck, somebody has usually already written about a similar problem. Finding that writeup is the hard part, especially for newer techniques that general models often miss.

Would genuinely appreciate feedback on where it fails. If you try it, let me know what you searched for and whether the results were actually useful.

rag.preview.is
u/Substantial_Kick4689 — 5 days ago
▲ 169 r/offensive_security+7 crossposts

A searchable knowledge base of web security research, for you or your AI agent

Built a small tool web security research.

You query it in plain English and it returns actual writeups with the source URL and the exact section that matches your question. No AI summaries or made-up answers.

Right now it's focused on XSS, WAF bypasses, CSP, CORS, SSRF, request smuggling, XS-Leaks, cache poisoning, prototype pollution, JWT/auth stuff, etc. Server-side coverage is next.

I mainly built it because when I'm stuck, somebody has usually already written about a similar problem. Finding that writeup is the hard part, especially for newer techniques that general models often miss.

Would genuinely appreciate feedback on where it fails. If you try it, let me know what you searched for and whether the results were actually useful.

u/Substantial_Kick4689 — 5 days ago