Evasive techniques

To be able to trick the API when security controls are in place, such as a WAF that scans requests for common attacks, input validation that restricts the type of input, or a rate limit that restricts how many requests can be sent:

1. Add string terminators to attacks

2. Add case switching to attacks

3. Encode payloads

4. Combine different evasion techniques

5. Rinse and repeat

6. Apply evasive techniques to all attacks