I'm probably just a douche but I hate pentests like that I want to figure out ways to bypass the waf, I don't want a sql injection vuln I want to perform ssti on whatever templates they are using, or...