Raptor web application firewall
-
Upload
cooler-freenode -
Category
Engineering
-
view
654 -
download
2
Transcript of Raptor web application firewall
![Page 1: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/1.jpg)
-.5em
Raptor Waf
Raptor Web Application Firewall
Antonio Costa - CoolerVoid - coolerlair[aT]gmail[DOt]com
November 12, 2015
Raptor WAF v0.1 Page 1/18
![Page 2: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/2.jpg)
WhoamiAuthor:
• Antonio Costa ”CoolerVoid” is a Computer Programmerwho loves the Hacker culture, he work as a system analystat CONVISO for four years. Antonio working with codereview, pentest and security research with focused onSecure Web Applications and Reverse Engineering. Healso has been speaking at in some Brazilian SecurityConferences such as YSTS, OWASP Florianopolis andBsides Sao Paulo.
[]Raptor WAF v0.1 Page 2/18
![Page 3: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/3.jpg)
Introduction
Software Information:• Raptor is a Open Source Tool, your focus is study of
attacks and find intelligent ways to block attacks.• Raptor held by GPL v3 license
Raptor WAF v0.1 Page 3/18
![Page 4: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/4.jpg)
Introduction
Why this tool is made in C language ?• C have a high delay time for writing and debugging, but no
pain no gain, have a fast performance, addition of thispoint, the C language is run at any architecture likeMips,ARM and others... other benefits of C, have good andhigh profile to write optimizations, if you think write somelines in ASSEMBLY code with AES-NI or SiMDinstructions, i think is good choice.
• Why you not use POO ? in this project i follow ”KISS”principe: http://pt.wikipedia.org/wiki/Keep It Simple
• C language have a lot old school dudes like a kernelhackers...
Raptor WAF v0.1 Page 4/18
![Page 5: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/5.jpg)
Introduction
Requirements:• Need ”GCC” and ”make”• Current version tested only in Linux.• Current version run well, but is a BeTa version, you can
report bug...
Raptor WAF v0.1 Page 5/18
![Page 6: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/6.jpg)
How you can use it
Following this to get, decompress, compile and execute:• wget git clone https://github.com/CoolerVoid/raptor waf
• cd raptorwaf ;make; bin/Raptor
Raptor WAF v0.1 Page 6/18
![Page 7: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/7.jpg)
The Overview
Raptor WAF v0.1 Page 7/18
![Page 8: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/8.jpg)
Explain
WAF stands for Web Application Firewall. It is widely usednowadays to detect and defend SQL Injections and XSS...
• You can block XSS, SQL injection attacks and pathtraversal with Raptor
• You can use blacklist of IPs to block some users atconfig/blacklist ip.txt
• You can use IPv6 and IPv4 at communications• At the future DoS protector, request limit, rule interpreter
and Malware detector at uploads.• At the future SSL/TLS...
Raptor WAF v0.1 Page 8/18
![Page 9: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/9.jpg)
Hands On !
Raptor WAF v0.1 Page 9/18
![Page 10: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/10.jpg)
Hands On !
• Follow this command• bin/Raptor –host Address of http server2Protect -p 80 -r
8886 -w 4 -o logAttacks.txt• Open the machine of Raptor at any computer of network
http://waf machine:8886• Ok raptor protect the HTTP server that you redirect, try
attack...
Raptor WAF v0.1 Page 10/18
![Page 11: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/11.jpg)
How it works ?Raptor is very simple, have three layers reverse proxy, blacklistand Match(using deterministic finite automaton).
Raptor WAF v0.1 Page 11/18
![Page 12: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/12.jpg)
How proxy works ?Proxy using the select() function to check multiple sockets, atthe future change to use libevent(signal based is very fast)
Raptor WAF v0.1 Page 12/18
![Page 13: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/13.jpg)
How it works ?
If someone send a request, Raptor do address analysis...Address blacklisted ? block !
Raptor WAF v0.1 Page 13/18
![Page 14: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/14.jpg)
How it works ?If deterministic finite automaton and Blacklist don’t match,Raptor don’t block
Raptor WAF v0.1 Page 14/18
![Page 15: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/15.jpg)
How it works ?
Raptor get a Request with GET or POST method and makesome analysis to find dirt like a sql injection, cross sitescripting...
Raptor WAF v0.1 Page 15/18
![Page 16: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/16.jpg)
The End ?
Raptor WAF v0.1 Page 16/18
![Page 17: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/17.jpg)
Greets
• contact: coolerlair[at]gmail[dot]com• [email protected]• my parents and friends...• https://conviso.com.br/index.php/EN
Raptor WAF v0.1 Page 17/18
![Page 18: Raptor web application firewall](https://reader034.fdocuments.net/reader034/viewer/2022051404/587b26fe1a28ab736c8b7bcd/html5/thumbnails/18.jpg)
at construction...
Raptor WAF v0.1 Page 18/18