Raptor WAF v0.6.2 releases: Web application firewall
Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross-site scripting, and path traversal.
Why is this tool made in C language?
- C has a high delay time for writing and debugging, but no pain no gain, have fast performance, addition to this point, the C language is run at any architecture like Mips, ARM, and others… other benefits of C, have a good and high profile to write optimizations if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is a good choice.
- Why you do not use POO ? in this project I follow the”KISS” principle: http://pt.wikipedia.org/wiki/Keep It Simple
- C language has a lot of old school dudes like a kernel hacker…
How raptor waf works?
Raptor is very simple, have three layers reverse proxy, blacklist, and Match(using deterministic finite automaton).
Proxy using the select() function to check multiple sockets, at the future change to use libevent(signal based is very fast)
If someone sends a request, Raptor does address analysis… Address blacklisted? block!
If deterministic finite automaton and Blacklist don’t match, Raptor doesn’t blockRaptor get a Request with GET or POST method and make some analysis to find dirt like an sql injection, cross-site scripting…
Raptor gets a Request with GET or POST method and makes some analysis to find dirt like an sql injection, cross-site scripting…
External match string mode
• At directory, config has a file of lists of rules
• You can match the string with different algorithms
• You can choose with an argument –match or -m
• Choice one option between Karpe Rabin, DFA, or Boyer Moore Horspool
- Patch fix to the improving documentation.
$ git clone https://github.com/CoolerVoid/raptor_waf.git
$ cd raptor_waf; make; bin/raptor
Don’t execute with “cd bin; ./raptor” use path “bin/raptor” look detail https://github.com/CoolerVoid/raptor_waf/issues/4
Up some HTTPd server at port 80
$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt
Copy vulnerable PHP code to your webserver directory
$ cp doc/test_dfa/test.php /var/www/html
Now you can test xss attacks at http://localhost:8883/test.php
Copyright (C) 2015 CoolerVoid