Longjing - Machine Learning Driven Web Application Firewall
Longjing is Chinese green tea with a lot of antioxiants. It is good for health. Longjing Web Application Firewall (WAF) is machine learning driven and it is designed to protect the web application from being attacked by SQL injection.
Longjing WAF is written in Python and It is not designed for the high performance in mind. Only Linux is supported.
Longjing WAF can protect your web application from being scanned by Burp Suite, SQLMap, OWASP ZAP, XSSER and Commix even your web application has SQL injection vulnerability. Meanwhile, reflected Cross Site Scripting (XSS) can be detected too.
SQL injection is on the top position of the OWASP Top 10 2017 which can lead to data leakage and/or system compromised. It is a critical vulnerability.
Longjing WAF is a PARTIALLY Open Source Project under GPLv3 License by Samiux. Training and Modelling are NOT open sourced. Demo may be provided when necessary.
The training requires about 3 hours on Intel i7-5500U with 16GB RAM. The accuracy rate is over 99%. The Longjing requires about 3GB RAM to run.
Requirement
- Ubuntu Linux Server 16.04.4 LTS
- Anaconda3
- mitmproxy
- web server
- web application
- SSD is recommended
- at least 8GB RAM
Installation
(A) Install Anaconda
install anaconda3 to
(B) Update Anaconda
(B) Install mitmproxy
The current version of mitmproxy at this writing is 3.0.3.
Exit to normal user by entering
(C) Update mitmproxy
(D) Install Longjing
where :
- NET_INF is the network interface of the mitmproxy to be listening
- PORT is port number of the mitmproxy to be listening, e.g. 8080
- CERT is the location path of the private key TLS/SSL certificate of the domain when available. It should be starting with
Please read mitmproxy "about certificate" documents for details - Using a custom certificate.
Finally, make sure to copy
(D) Running
(E) Testing with Tools
Longjing is well tested on Damn Vulnerable Web Application (DVWA) with the following tools :
- Burp Suite on DVWA (sqli and xss blocked except DOM)
- sqlmap on DVWA (tamper also blocked)
- OWASP ZAP on DVWA (sqli and xss blocked)
- xsser on DVWA (xss blocked)
- Commix on DVWA (blocked and Commix will hang in the middle)
That's all! See you.
Longjing WAF is written in Python and It is not designed for the high performance in mind. Only Linux is supported.
Longjing WAF can protect your web application from being scanned by Burp Suite, SQLMap, OWASP ZAP, XSSER and Commix even your web application has SQL injection vulnerability. Meanwhile, reflected Cross Site Scripting (XSS) can be detected too.
SQL injection is on the top position of the OWASP Top 10 2017 which can lead to data leakage and/or system compromised. It is a critical vulnerability.
Longjing WAF is a PARTIALLY Open Source Project under GPLv3 License by Samiux. Training and Modelling are NOT open sourced. Demo may be provided when necessary.
The training requires about 3 hours on Intel i7-5500U with 16GB RAM. The accuracy rate is over 99%. The Longjing requires about 3GB RAM to run.
Requirement
- Ubuntu Linux Server 16.04.4 LTS
- Anaconda3
- mitmproxy
- web server
- web application
- SSD is recommended
- at least 8GB RAM
Installation
(A) Install Anaconda
sudo apt install build-essential libssl-dev libffi-dev python3-dev
wget https://repo.continuum.io/archive/Anaconda3-5.1.0-Linux-x86_64.sh
chmod +x Anaconda3-5.1.0-Linux-x86_64.sh
sudo -sH
./Anaconda3-5.1.0-Linux-x86_64.sh
install anaconda3 to
/etc/anaconda3
and then answer "yes" to allow change the .bashrc
of root.source /root/.bashrc
(B) Update Anaconda
sudo -sH
conda update --prefix /etc/anaconda3 anaconda
conda update -n base conda
(B) Install mitmproxy
sudo -sH
conda install pip
pip install mitmproxy
The current version of mitmproxy at this writing is 3.0.3.
Exit to normal user by entering
exit
.(C) Update mitmproxy
sudo -sH
cd /etc/anaconda3
pip install mitmproxy --upgrade
(D) Install Longjing
wget https://www.infosec-ninjas.com/files/longjing-0.8.0.tar.gz
tar -xvzf longjing-0.8.0.tar.gz
cd longjing
nano config.conf
where :
- NET_INF is the network interface of the mitmproxy to be listening
- PORT is port number of the mitmproxy to be listening, e.g. 8080
- CERT is the location path of the private key TLS/SSL certificate of the domain when available. It should be starting with
--certs
.Please read mitmproxy "about certificate" documents for details - Using a custom certificate.
sudo ./install.sh
Finally, make sure to copy
index.html
to the web application root directory.(D) Running
sudo systemctl restart longjing.service
(E) Testing with Tools
Longjing is well tested on Damn Vulnerable Web Application (DVWA) with the following tools :
- Burp Suite on DVWA (sqli and xss blocked except DOM)
- sqlmap on DVWA (tamper also blocked)
- OWASP ZAP on DVWA (sqli and xss blocked)
- xsser on DVWA (xss blocked)
- Commix on DVWA (blocked and Commix will hang in the middle)
That's all! See you.