SlideShare a Scribd company logo

Raptor web application firewall

Antonio Costa aka Cooler_
Antonio Costa aka Cooler_

Raptor Open Source web application firewall

Engineering
1 of 18
Download to read offline
-.5em Raptor Waf Raptor Web Application Firewall Antonio Costa - CoolerVoid - coolerlair[aT]gmail[DOt]com November 12, 2015 Raptor WAF v0.1 Page 1/18
Whoami Author: • Antonio Costa ”CoolerVoid” is a Computer Programmer who loves the Hacker culture, he work as a system analyst at CONVISO for four years. Antonio working with code review, pentest and security research with focused on Secure Web Applications and Reverse Engineering. He also has been speaking at in some Brazilian Security Conferences such as YSTS, OWASP Florianopolis and Bsides Sao Paulo. []Raptor WAF v0.1 Page 2/18
Introduction Software Information: • Raptor is a Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. • Raptor held by GPL v3 license Raptor WAF v0.1 Page 3/18
Introduction Why this tool is made in C language ? • C have a high delay time for writing and debugging, but no pain no gain, have a fast performance, addition of this point, the C language is run at any architecture like Mips,ARM and others... other benefits of C, have good and high profile to write optimizations, if you think write some lines in ASSEMBLY code with AES-NI or SiMD instructions, i think is good choice. • Why you not use POO ? in this project i follow ”KISS” principe: http://pt.wikipedia.org/wiki/Keep It Simple • C language have a lot old school dudes like a kernel hackers... Raptor WAF v0.1 Page 4/18
Introduction Requirements: • Need ”GCC” and ”make” • Current version tested only in Linux. • Current version run well, but is a BeTa version, you can report bug... Raptor WAF v0.1 Page 5/18
How you can use it Following this to get, decompress, compile and execute: • wget git clone https://github.com/CoolerVoid/raptor waf • cd raptorwaf; make; bin/Raptor Raptor WAF v0.1 Page 6/18
The Overview Raptor WAF v0.1 Page 7/18
Explain WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS... • You can block XSS, SQL injection attacks and path traversal with Raptor • You can use blacklist of IPs to block some users at config/blacklist ip.txt • You can use IPv6 and IPv4 at communications • At the future DoS protector, request limit, rule interpreter and Malware detector at uploads. • At the future SSL/TLS... Raptor WAF v0.1 Page 8/18
Hands On ! Raptor WAF v0.1 Page 9/18
Hands On ! • Follow this command • bin/Raptor –host Address of http server2Protect -p 80 -r 8886 -w 4 -o logAttacks.txt • Open the machine of Raptor at any computer of network http://waf machine:8886 • Ok raptor protect the HTTP server that you redirect, try attack... Raptor WAF v0.1 Page 10/18
How it works ? Raptor is very simple, have three layers reverse proxy, blacklist and Match(using deterministic finite automaton). Raptor WAF v0.1 Page 11/18
How proxy works ? Proxy using the select() function to check multiple sockets, at the future change to use libevent(signal based is very fast) Raptor WAF v0.1 Page 12/18
How it works ? If someone send a request, Raptor do address analysis... Address blacklisted ? block ! Raptor WAF v0.1 Page 13/18
How it works ? If deterministic finite automaton and Blacklist don’t match, Raptor don’t block Raptor WAF v0.1 Page 14/18
How it works ? Raptor get a Request with GET or POST method and make some analysis to find dirt like a sql injection, cross site scripting... Raptor WAF v0.1 Page 15/18
The End ? Raptor WAF v0.1 Page 16/18
Greets • contact: coolerlair[at]gmail[dot]com • acosta@conviso.com.br • my parents and friends... • https://conviso.com.br/index.php/EN Raptor WAF v0.1 Page 17/18
at construction... Raptor WAF v0.1 Page 18/18

Recommended

0d1n
0d1n0d1n
0d1nAntonio Costa aka Cooler_
 
Understand study
Understand studyUnderstand study
Understand studyAntonio Costa aka Cooler_
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resourcesAntonio Costa aka Cooler_
 
Static analysis for beginners
Static analysis for beginnersStatic analysis for beginners
Static analysis for beginnersAntonio Costa aka Cooler_
 
Is rust language really safe?
Is rust language really safe? Is rust language really safe?
Is rust language really safe? Nullbyte Security Conference
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-FrameworkVeilFramework
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013midnite_runr
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
 

Recommended

0d1n
0d1n0d1n
0d1nAntonio Costa aka Cooler_
 
Understand study
Understand studyUnderstand study
Understand studyAntonio Costa aka Cooler_
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resourcesAntonio Costa aka Cooler_
 
Static analysis for beginners
Static analysis for beginnersStatic analysis for beginners
Static analysis for beginnersAntonio Costa aka Cooler_
 
Is rust language really safe?
Is rust language really safe? Is rust language really safe?
Is rust language really safe? Nullbyte Security Conference
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-FrameworkVeilFramework
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013midnite_runr
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF n|u - The Open Security Community
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the GatewaysOnur Alanbel
 
44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software44CON
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
The Postmodern Binary Analysis
The Postmodern Binary AnalysisThe Postmodern Binary Analysis
The Postmodern Binary AnalysisOnur Alanbel
 
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitStealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitNullbyte Security Conference
 
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...RootedCON
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromePositive Hack Days
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationMichael Boman
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughAnant Shrivastava
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0CTruncer
 
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...RootedCON
 
Dynamic PHP web-application analysis
Dynamic PHP web-application analysisDynamic PHP web-application analysis
Dynamic PHP web-application analysisax330d
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...egypt
 
Os Cook
Os CookOs Cook
Os Cookoscon2007
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation Cysinfo Cyber Security Community
 
Higher Level Malware
Higher Level MalwareHigher Level Malware
Higher Level MalwareCTruncer
 
Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfidMouhanad Alkhaldi
 

More Related Content

What's hot

Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the GatewaysOnur Alanbel
 
44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software44CON
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
The Postmodern Binary Analysis
The Postmodern Binary AnalysisThe Postmodern Binary Analysis
The Postmodern Binary AnalysisOnur Alanbel
 
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...RootedCON
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromePositive Hack Days
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationMichael Boman
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughAnant Shrivastava
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0CTruncer
 
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...RootedCON
 
Dynamic PHP web-application analysis
Dynamic PHP web-application analysisDynamic PHP web-application analysis
Dynamic PHP web-application analysisax330d
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...egypt
 
Higher Level Malware
Higher Level MalwareHigher Level Malware
Higher Level MalwareCTruncer
 

What's hot (20)

How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Hacking the Gateways
Hacking the GatewaysHacking the Gateways
Hacking the Gateways
 
44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software44CON 2014 - Breaking AV Software
44CON 2014 - Breaking AV Software
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
The Postmodern Binary Analysis
The Postmodern Binary AnalysisThe Postmodern Binary Analysis
The Postmodern Binary Analysis
 
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitStealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploit
 
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
 
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationWhat Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0AntiVirus Evasion Reconstructed - Veil 3.0
AntiVirus Evasion Reconstructed - Veil 3.0
 
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
 
Dynamic PHP web-application analysis
Dynamic PHP web-application analysisDynamic PHP web-application analysis
Dynamic PHP web-application analysis
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?
 
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
Using Guided Missiles in Drive-bys: Automatic Browser Fingerprinting and Expl...
 
Os Cook
Os CookOs Cook
Os Cook
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
Higher Level Malware
Higher Level MalwareHigher Level Malware
Higher Level Malware
 

Similar to Raptor web application firewall

Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view IPv6 Conference
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfidMouhanad Alkhaldi
 
Placing backdoors-through-firewalls
Placing backdoors-through-firewallsPlacing backdoors-through-firewalls
Placing backdoors-through-firewallsAkapo Damilola
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...ir. Carmelo Zaccone
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
Presentation 4 rifidi emulator lab
Presentation 4 rifidi emulator labPresentation 4 rifidi emulator lab
Presentation 4 rifidi emulator labMouhanad Alkhaldi
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudsparkfabrik
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Black Duck by Synopsys
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Tim Mackey
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTStéphanie Roger
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zooUltraUploader
 

Similar to Raptor web application firewall (20)

Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view Zaccone Carmelo - IPv6 and security from a user’s point of view
Zaccone Carmelo - IPv6 and security from a user’s point of view
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfid
 
Placing backdoors-through-firewalls
Placing backdoors-through-firewallsPlacing backdoors-through-firewalls
Placing backdoors-through-firewalls
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
The FatRat
The FatRatThe FatRat
The FatRat
 
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
Presentation 4 rifidi emulator lab
Presentation 4 rifidi emulator labPresentation 4 rifidi emulator lab
Presentation 4 rifidi emulator lab
 
IPV6 a tale of two protocols
IPV6 a tale of two protocolsIPV6 a tale of two protocols
IPV6 a tale of two protocols
 
Deep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloudDeep dive nella supply chain della nostra infrastruttura cloud
Deep dive nella supply chain della nostra infrastruttura cloud
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...Using hypervisor and container technology to increase datacenter security pos...
Using hypervisor and container technology to increase datacenter security pos...
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
 
A short visit to the bot zoo
A short visit to the bot zooA short visit to the bot zoo
A short visit to the bot zoo
 

More from Antonio Costa aka Cooler_

More from Antonio Costa aka Cooler_ (10)

Strange security mitigations
Strange security mitigationsStrange security mitigations
Strange security mitigations
 
Improving spam detection with automaton
Improving spam detection with automatonImproving spam detection with automaton
Improving spam detection with automaton
 
Burlando Waf 2.0
Burlando Waf 2.0Burlando Waf 2.0
Burlando Waf 2.0
 
burlando um WAF
burlando um WAFburlando um WAF
burlando um WAF
 
Development pitfalls
Development pitfallsDevelopment pitfalls
Development pitfalls
 
0d1n bsides2
0d1n bsides20d1n bsides2
0d1n bsides2
 
Vivendo de hacking
Vivendo de hackingVivendo de hacking
Vivendo de hacking
 
Bsides odin
Bsides odinBsides odin
Bsides odin
 
Bsides4cooler
Bsides4coolerBsides4cooler
Bsides4cooler
 
detector de ladrão com laser
detector de ladrão com laserdetector de ladrão com laser
detector de ladrão com laser
 

Recently uploaded

GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 

Recently uploaded (20)

GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 

Raptor web application firewall

  • 1. -.5em Raptor Waf Raptor Web Application Firewall Antonio Costa - CoolerVoid - coolerlair[aT]gmail[DOt]com November 12, 2015 Raptor WAF v0.1 Page 1/18
  • 2. Whoami Author: • Antonio Costa ”CoolerVoid” is a Computer Programmer who loves the Hacker culture, he work as a system analyst at CONVISO for four years. Antonio working with code review, pentest and security research with focused on Secure Web Applications and Reverse Engineering. He also has been speaking at in some Brazilian Security Conferences such as YSTS, OWASP Florianopolis and Bsides Sao Paulo. []Raptor WAF v0.1 Page 2/18
  • 3. Introduction Software Information: • Raptor is a Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. • Raptor held by GPL v3 license Raptor WAF v0.1 Page 3/18
  • 4. Introduction Why this tool is made in C language ? • C have a high delay time for writing and debugging, but no pain no gain, have a fast performance, addition of this point, the C language is run at any architecture like Mips,ARM and others... other benefits of C, have good and high profile to write optimizations, if you think write some lines in ASSEMBLY code with AES-NI or SiMD instructions, i think is good choice. • Why you not use POO ? in this project i follow ”KISS” principe: http://pt.wikipedia.org/wiki/Keep It Simple • C language have a lot old school dudes like a kernel hackers... Raptor WAF v0.1 Page 4/18
  • 5. Introduction Requirements: • Need ”GCC” and ”make” • Current version tested only in Linux. • Current version run well, but is a BeTa version, you can report bug... Raptor WAF v0.1 Page 5/18
  • 6. How you can use it Following this to get, decompress, compile and execute: • wget git clone https://github.com/CoolerVoid/raptor waf • cd raptorwaf; make; bin/Raptor Raptor WAF v0.1 Page 6/18
  • 7. The Overview Raptor WAF v0.1 Page 7/18
  • 8. Explain WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS... • You can block XSS, SQL injection attacks and path traversal with Raptor • You can use blacklist of IPs to block some users at config/blacklist ip.txt • You can use IPv6 and IPv4 at communications • At the future DoS protector, request limit, rule interpreter and Malware detector at uploads. • At the future SSL/TLS... Raptor WAF v0.1 Page 8/18
  • 9. Hands On ! Raptor WAF v0.1 Page 9/18
  • 10. Hands On ! • Follow this command • bin/Raptor –host Address of http server2Protect -p 80 -r 8886 -w 4 -o logAttacks.txt • Open the machine of Raptor at any computer of network http://waf machine:8886 • Ok raptor protect the HTTP server that you redirect, try attack... Raptor WAF v0.1 Page 10/18
  • 11. How it works ? Raptor is very simple, have three layers reverse proxy, blacklist and Match(using deterministic finite automaton). Raptor WAF v0.1 Page 11/18
  • 12. How proxy works ? Proxy using the select() function to check multiple sockets, at the future change to use libevent(signal based is very fast) Raptor WAF v0.1 Page 12/18
  • 13. How it works ? If someone send a request, Raptor do address analysis... Address blacklisted ? block ! Raptor WAF v0.1 Page 13/18
  • 14. How it works ? If deterministic finite automaton and Blacklist don’t match, Raptor don’t block Raptor WAF v0.1 Page 14/18
  • 15. How it works ? Raptor get a Request with GET or POST method and make some analysis to find dirt like a sql injection, cross site scripting... Raptor WAF v0.1 Page 15/18
  • 16. The End ? Raptor WAF v0.1 Page 16/18
  • 17. Greets • contact: coolerlair[at]gmail[dot]com • acosta@conviso.com.br • my parents and friends... • https://conviso.com.br/index.php/EN Raptor WAF v0.1 Page 17/18
  • 18. at construction... Raptor WAF v0.1 Page 18/18