ID N0WHERE:114097 Type n0where Reporter N0where Modified 2016-09-09T16:12:07
Description
Raptor Web Application Firewall
Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select() function, is not better than epoll() or kqueue() from *BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path traversal
Have two common WAFs:
Uses plugin in HTTPd to get information of data INPUT or OUTPUT, before finish he gets the request and block some contents, this function focuses at HTTP METHODs POST, GET…
this way, is my favorite, is a independent reverse proxy server, he bring all requests of the client to the proxy, the proxy makes some analysis in the content, if not block, he send all the information to the external server…
“ _ Number One is a cold, this path is not fully portable… other bad thing you need create a different plugin each HTTPd, something to apache another to NGINX, IIs, lighttpd… its not cool! If you are not a good low level programmer… you can try use twisted of python, is easy make reverse proxy with it, but is not good way, because not have good performance in production… if you piss off for it, _ _ study the Stevens book of sockets _ . ” – Author
Run:
$ git clone <https://github.com/CoolerVoid/raptor_waf>
$ cd raptor_waf; make; bin/raptor
{"id": "N0WHERE:114097", "bulletinFamily": "tools", "title": "Raptor Web Application Firewall", "description": "## Raptor Web Application Firewall \n\n* * *\n\nRaptor Web Application Firewall is a simple web application firewall made in C, [ using KISS principle ](<https://en.wikipedia.org/wiki/KISS_principle>) , to make poll use select() function, is not better than epoll() or kqueue() from *BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path traversal \n\nHave two common WAFs: \n\n 1. Uses plugin in HTTPd to get information of data INPUT or OUTPUT, before finish he gets the request and block some contents, this function focuses at HTTP METHODs POST, GET\u2026 \n 2. this way, is my favorite, is a independent reverse proxy server, he bring all requests of the client to the proxy, the proxy makes some analysis in the content, if not block, he send all the information to the external server\u2026 \n\n\n\n\u201c _ Number One is a cold, this path is not fully portable\u2026 other bad thing you need create a different plugin each HTTPd, something to apache another to NGINX, IIs, lighttpd\u2026 its not cool! ** If you are not a good low level programmer\u2026 ** you can try use [ twisted ](<https://twistedmatrix.com/trac/>) of python, is easy make reverse proxy with it, but is not good way, because not have good performance in production\u2026 if you piss off for it, _ [ _ study the Stevens book of sockets _ . ](<http://www.unixnetworkprogramming.com/>) \u201d \u2013 Author \n\n## Run: \n \n \n $ git clone <https://github.com/CoolerVoid/raptor_waf>\r\n $ cd raptor_waf; make; bin/raptor\n\n## Example \n\nUp some HTTPd server at port 80 \n \n \n $ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt\n\nCopy vulnerable PHP code to your web server directory \n \n \n $ cp doc/test_dfa/test.php /var/www/html\n\nNow you can test xss attacks at http://localhost:8883/test.php \n\n[  ](<https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf>)\n\n[  ](<https://github.com/CoolerVoid/raptor_waf>)\n\n[ Submitted ](<https://n0where.net/submit-content/>) by: CoolerVoid \n", "published": "2016-09-09T16:12:07", "modified": "2016-09-09T16:12:07", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://n0where.net/raptor-web-application-firewall", "reporter": "N0where", "references": ["https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf", "https://github.com/CoolerVoid/raptor_waf"], "cvelist": [], "type": "n0where", "lastseen": "2019-03-06T01:51:14", "edition": 3, "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2019-03-06T01:51:14", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2019-03-06T01:51:14", "rev": 2}, "vulnersScore": -0.5}, "toolHref": "https://github.com/CoolerVoid/raptor_waf", "scheme": null}
