I believe you're thinking of encoding payloads. It really depends on what the firewall is identifying as malicious.
I assume you're using Metasploit for this. If it's identifying the generic HTTP request that Metasploit uses to trigger the exploit, you're probably going to have to copy that module and make modifications to it in order to make it unique. For example, this is the data used for executing your payload in the OP5 module: data = 'timestamp=1317050333`' + payload.encoded + '`&action=install&install=Install';
The firewall check may simply be looking for timestamp=1317050333 since it would be quite unusual for legitimate users to have that timestamp, but it will always be present when using the MSF module (that value was also used in the original PoC: http://www.ekelow.se/file_uploads/Advis ... 012-01.pdf
). You may be able to get around this by simply modifying that value or making other minor changes to the exploit template.
When you've selected the module, you can also issue a "show encoders" command to see what your options are for encoding the payload. You unfortunately have very few options in these two cases since you're primarily working with text and not actual shellcode. Therefore, you're not going to be able to use encoders like shikata_ga_nai.
You can also try setting EnableContextEncoding to true. Additionally, the argument injection module provides advanced payload options for EnableStageEncoding and StageEncoder, which might be useful if you're using a staged payload and the firewall is actually catching the stage and not the exploit itself.
The day you stop learning is the day you start becoming obsolete.