Lightbulb Framework - Tools For Auditing Wafs


LightBulb is an opened upwards source python framework for auditing spider web application firewalls as well as filters.

Synopsis
The framework consists of ii top dog algorithms:
  • GOFA: An active learning algorithm that infers symbolic representations of automata inwards the measure membership/equivalence inquiry model.
    Active learning algorithms permits the analysis of filter as well as sanitizer programs remotely, i.e. given simply the mightiness to inquiry the targeted plan as well as honour the output.
  • SFADiff: Influenza A virus subtype H5N1 black-box differential testing algorithm based on Symbolic Finite Automata (SFA) learning
    Finding differences betwixt programs alongside similar functionality is an of import safety work every bit such differences tin live on used for fingerprinting or creating evasion attacks against safety software similar Web Application Firewalls (WAFs) which are designed to give away malicious inputs to spider web applications.

Motivation
Web Applications Firewalls (WAFs) are primal edifice blocks of modern application security. For example, the PCI measure for organizations treatment credit card transactions dictates that whatever application facing the network should live on either protected past times a WAF or successfully transcend a code review process. Nevertheless, despite their popularity as well as importance, auditing spider web application firewalls remains a challenging as well as complex task. Finding attacks that bypass the firewall unremarkably requires proficient domain cognition for a specific vulnerability class. Thus, penetration testers non armed alongside this cognition are left alongside publicly available lists of laid on strings, similar the XSS Cheat Sheet, which are unremarkably insufficient for thoroughly evaluating the safety of a WAF product.

Commands Usage
Main interface commands:
Command Description
core Shows available heart as well as mortal modules
utils Shows available inquiry handlers
info Prints module information
library Enters library
modules Shows available application modules
use Enters module
start Initiate algorithm
help Prints help
status Checks as well as installs required packages
complete Prints bash completion command
Module commands:
Command Description
back Go dorsum to top dog menu
info Prints electrical flow module information
library Enters library
options Shows available options
define Set an choice value
start Initiate algoritm
complete Prints bash completion command
Library commands:
Command Description
back Go dorsum to top dog menu
info Prints requested module information (folder must live on located inwards lightbulb/data/)
cat Prints requested module (folder must live on located inwards lightbulb/data/)
modules Shows available library modules inwards the requested folder (folder must live on located inwards lightbulb/data/)
search Searches available library modules using comma separated keywords
complete Prints bash completion command

Installation

Prepare your system
First yous accept to verify that your scheme supports flex, python dev, pip as well as construct utilities:
For apt platforms (ubuntu, debian...):
    sudo apt-get install flex  sudo apt-get install python-pip  sudo apt-get install python-dev  sudo apt-get install build-essential
(Optional for apt) If yous desire to add together back upwards for MySQL testing:
    sudo apt-get install libmysqlclient-dev
For yum platforms (centos, redhat, fedora...) alongside already installed the extra packages repo (epel-release):
 sudo yum install -y python-pip  sudo yum install -y python-devel  sudo yum install -y wget  sudo yum groupinstall -y 'Development Tools'
(Optional for yum) If yous desire to add together back upwards for MySQL testing:
 sudo yum install -y mysql-devel   sudo yum install -y MySQL-python

Install Lightbulb
In club to utilization the application without consummate packet installation:
git clone https://github.com/lightbulb-framework/lightbulb-framework cd lightbulb-framework brand lightbulb status
In club to perform consummate packet installation. You tin also install it from pip repository. This requires commencement to install the latest setuptools version:
pip install setuptools --upgrade pip install lightbulb-framework lightbulb status
If yous desire to utilization virtualenv:
pip install virtualenv virtualenv env source env/bin/activate pip install lightbulb-framework lightbulb status
The "lightbulb status" dominance volition remove yous to install MySQLdb as well as OpenFst support. If yous utilization virtualenv inwards linux, the "sudo" dominance volition live on required simply for the installation of libmysqlclient-dev package.
It should live on noted that the "lightbulb status" dominance is non necessary if yous are going to utilization the Burp Extension. The argue is that this dominance installs the "openfst" as well as "mysql" bindings as well as the extension past times default is using Jython, which does non back upwards C bindings. It is recommended to utilization the dominance simply if yous desire to modify the Burp extension configuration from the settings as well as enable the native support.
It is also possible to utilization a docker instance:
docker line lightbulb/lightbulb-framework


Install Burp Extension
If yous wishing to utilization the novel GUI, yous tin utilization the extension for the Burp Suite. First yous accept to setup a working environs alongside Burp Proxy as well as Jython
  • Download the latest Jython from here
  • Find your local python packages installation folder*
  • Configure Burp Extender to utilization these values, every bit shown below*


  • Select the novel LightBulb module ("BurpExtension.py") as well as laid the extension type to live on "Python"


*You tin ignore this step, as well as install the standalone version which contains all the required python packages included. You tin download it here

Examples
Check out the Wiki page for usage examples.

Contributors
  • George Argyros
  • Ioannis Stais
  • Suman Jana
  • Angelos D. Keromytis
  • Aggelos Kiayias

References
  • G. Argyros, I. Stais, S. Jana, A. D. Keromytis, as well as A. Kiayias. 2016. SFADiff: Automated Evasion Attacks as well as Fingerprinting Using Black-box Differential Automata Learning. In Proceedings of the 2016 ACM SIGSAC Conference on Computer as well as Communications Security (CCS '16). ACM, New York, NY, USA, 1690-1701. doi: 10.1145/2976749.2978383
  • G. Argyros, I. Stais, A. Kiayias as well as A. D. Keromytis, "Back inwards Black: Towards Formal, Black Box Analysis of Sanitizers as well as Filters," 2016 IEEE Symposium on Security as well as Privacy (SP), San Jose, CA, 2016, pp. 91-109. doi: 10.1109/SP.2016.14