Raptor - WAF - Web application firewall using DFA - Gadget Mentor- Redefining Hacks

Gadget Mentor- Redefining Hacks

Hack1ng R3d3f1n3


Post Top Ad

Thursday, 21 December 2017

Raptor - WAF - Web application firewall using DFA


Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. 


* You can block XSS,SQL injection attacks and path traversal with Raptor.

* You can use blacklist IPs to block some users at config/blacklist_ip.txt.

* You can use IPv6 and IPv4 at communications.

*At the future Dos protector , request limit, rule interpreter and Malware detector at uploads.

*At the future SSl/TLS

Why using C language :   

* C have a high delay time for writing and debugging, but no pain no gain, have a fast performance, addition of this point, the C language is run at any architecture like Mips,ARM and others… other benefits of C, have good and high profile to write optimizations, if you think write some lines in ASSEMBLY code with AES-NI or SiMD instructions, i think is good choice.

* Why you not use POO ? in this project i follow ”KISS” principe: http://pt.wikipedia.org/wiki/Keep It Simple.

* C language have a lot old school dudes like a kernel hackers… 

How does it works: 

 To run:

Up some HTTPd server at port 80

$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt

Copy vulnerable PHP code to your web server directory

$ cp doc/test_dfa/test.php /var/www/html

Now you can test xss attacks at http://localhost:8883/test.php


No comments:

Post a Comment

Post Bottom Ad