lightbuld-framework v0.0.19 releases: Tools for auditing WAFS

Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a code review process. Nevertheless, despite their popularity and importance, auditing web application firewalls remains a challenging and complex task. Finding attacks that bypass the firewall usually requires expert domain knowledge for a specific vulnerability class. Thus, penetration testers not armed with this knowledge are left with publicly available lists of attack strings, like the XSS Cheat Sheet, which are usually insufficient for thoroughly evaluating the security of a WAF product.

LightBulb is an open source Python framework for auditing web application firewalls and filters.

Synopsis

The framework consists of two main algorithms:

• GOFA: An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active learning algorithms permit the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program and observe the output.
• SFADiff: A black-box differential testing algorithm based on Symbolic Finite Automata (SFA) learningFinding differences between programs with similar functionality is an important security problem as such differences can be used for fingerprinting or creating evasion attacks against security software like Web Application Firewalls (WAFs) which are designed to detect malicious inputs to web applications.

Changelog v0.0.19

• The dynamic import module was updated to support Jython.
• A check was added in Burp extension to validate that the flex binary exists before enabling the attacks.
• Support for Jython 2.7.X.
• MySQL Differential Learning still requires Jython 2.5.X since the MySQL connector jar cannot be dynamically imported in the classpath.

Installation

For apt platforms (ubuntu, debian...):



    sudo apt-get install flex

	sudo apt-get install python-pip

	sudo apt-get install python-dev

	sudo apt-get install build-essential

(Optional for apt) If you want to add support for MySQL testing:



    sudo apt-get install libmysqlclient-dev

For yum platforms (centos, redhat, fedora...) with already installed the extra packages repo (epel-release):



	sudo yum install -y python-pip

	sudo yum install -y python-devel

	sudo yum install -y wget

	sudo yum groupinstall -y 'Development Tools'

(Optional for yum) If you want to add support for MySQL testing:



	sudo yum install -y mysql-devel 

	sudo yum install -y MySQL-python

Install Lightbulb



In order to use the application without complete package installation:



git clone https://github.com/lightbulb-framework/lightbulb-framework

cd lightbulb-framework

make

lightbulb status

In order to perform complete package installation. You can also install it from pip repository. This requires first to install the latest setuptools version:



pip install setuptools --upgrade

pip install lightbulb-framework

lightbulb status

If you want to use virtualenv:



pip install virtualenv

virtualenv env

source env/bin/activate

pip install lightbulb-framework

lightbulb status

Tutorial

Demo

Copyright (c) 2018 George Argyros, Ioannis Stais