Raptor Web Application Firewall

2016-09-09T16:12:07
ID N0WHERE:114097
Type n0where
Reporter N0where
Modified 2016-09-09T16:12:07

Description

Raptor Web Application Firewall


Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select() function, is not better than epoll() or kqueue() from *BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path traversal

Have two common WAFs:

  1. Uses plugin in HTTPd to get information of data INPUT or OUTPUT, before finish he gets the request and block some contents, this function focuses at HTTP METHODs POST, GET…
  2. this way, is my favorite, is a independent reverse proxy server, he bring all requests of the client to the proxy, the proxy makes some analysis in the content, if not block, he send all the information to the external server…

Raptor Web Application Firewall

“ _ Number One is a cold, this path is not fully portable… other bad thing you need create a different plugin each HTTPd, something to apache another to NGINX, IIs, lighttpd… its not cool! If you are not a good low level programmer… you can try use twisted of python, is easy make reverse proxy with it, but is not good way, because not have good performance in production… if you piss off for it, _ _ study the Stevens book of sockets _ . ” – Author

Run:

$ git clone <https://github.com/CoolerVoid/raptor_waf>
$ cd raptor_waf; make; bin/raptor

Example

Up some HTTPd server at port 80

$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt

Copy vulnerable PHP code to your web server directory

$ cp doc/test_dfa/test.php /var/www/html

Now you can test xss attacks at http://localhost:8883/test.php

Raptor Web Application Firewall presentation

Raptor Web Application Firewall Download

Submitted by: CoolerVoid