Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal.
Why is this tool made in C language?
- C has a high delay time for writing and debugging, but no pain no gain, have a fast performance, addition of this point, the C language is run at any architecture like Mips, ARM and others… other benefits of C, have good and high profile to write optimizations, if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is good choice.
- Why you do not use POO ? in this project I follow ”KISS” principle: http://pt.wikipedia.org/wiki/Keep It Simple
- C language has a lot of old school dudes like a kernel hacker…
How raptor waf works?
Raptor is very simple, have three layers reverse proxy, blacklist, and Match(using deterministic finite automaton).
Proxy using the select() function to check multiple sockets, at the future change to use libevent(signal based is very fast)
If someone sends a request, Raptor does address analysis… Address blacklisted? block!
If deterministic finite automaton and Blacklist don’t match, Raptor doesn’t blockRaptor get a Request with GET or POST method and make some analysis to find dirt like an sql injection, cross-site scripting…
Raptor gets a Request with GET or POST method and makes some analysis to find dirt like an sql injection, cross-site scripting…
External match string mode
• At directory, config have a file of lists of rules
• You can match the string with different algorithms
• You can choose with an argument –match or -m
• Choice one option between Karpe Rabin, DFA or Boyer Moore Horspool
*- Fixed error handlers.
*- Tested with 200 requests per second, returns OK, but with 1000 request por second return 15 % of responses with anomaly.
*- Improved and i fixed all socket connections.
$ git clone https://github.com/CoolerVoid/raptor_waf.git
$ cd raptor_waf; make; bin/raptor
Don’t execute with “cd bin; ./raptor” use path “bin/raptor” look detail https://github.com/CoolerVoid/raptor_waf/issues/4
Up some HTTPd server at port 80
$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt
Copy vulnerable PHP code to your web server directory
$ cp doc/test_dfa/test.php /var/www/html
Now you can test xss attacks at http://localhost:8883/test.php
Copyright (C) 2015 CoolerVoid