SPCA: Stream Parser Confusion Attack for Web Application Firewall Evasion in HTTP/2

Web Application Firewalls (WAFs) are widely deployed as a primary defense mechanism against injection-based web attacks by inspecting HTTP traffic for malicious patterns. However, structural inconsistencies in HTTP/2 stream parsing introduce a protocol-level attack surface that remains insufficiently examined. We propose the Stream Parser Confusion Attack (SPCA), a novel evasion technique that exploits discrepancies between WAFs and backend HTTP/2 servers in processing stream dependencies and priorities. SPCA operates without altering payload content, relying solely on RFC-compliant manipulation of stream priority weights and dependency trees to deliver unmodified malicious inputs past WAF inspection. To evaluate the feasibility and generality of SPCA, we design three well-defined stream topologies—skewed, k-ary, and unbalanced—each capturing unique structural traits observed in real-world HTTP/2 scheduling patterns. Each topology's dataset consists of 500 structurally distinct requests, derived by embedding 100 malicious test cases across five distinct priority levels. We transmit these requests against 13 commercial and open-source WAFs and 20 backend web frameworks in a black-box setting. Each topology individually achieves a bypass success rate of 49.66% for the skewed tree, 44.62% for the k-ary tree, and 46.38% for the unbalanced tree. Under the concurrent attack with three topologies, the overall success rate exceeds 89% on average against the open-source and commercial WAFs. These findings demonstrate that structure-only protocol-compliant manipulation is sufficient to systematically bypass modern WAFs, revealing critical blind spots in HTTP/2-aware traffic inspection. We responsibly disclosed the identified issues to all affected vendors and received acknowledgments of the disclosures.