Monday, August 8, 2016

Steps to create your WAF(web application firewall) in C

Following definition (like OWASP), a WAF is a piece of software intended to protect a web app on the application level. Nowadays, a WAF action is not only defined by the web app. It’s not a customized solution specific to that application but similarly to a general software firewall, where one contains parameters to protect against intrusion in a wide variety of frameworks and codes.

Firewall burning invasors hehehe !

Let's go to clear your mind. There is overlap between the different types of firewalls. Software and hardware firewalls are used in their own right to protect networks. However, with their specialized function for web applications, WAFs can take the form of input of either of those two main types. Per default, a firewall uses a blocklist, protecting against an individual, previously logged attacks.

Additionally, it can also use an allowlist, providing allowable users and instances of interaction for the application. Another function is to block SQL Injection attacks and XSS attacks... In another context, WAFs can create random tokens and put them in forms to stop web robots and automated attacks. This practice can try to mitigate CSRF pitfalls.


Before you ask, "how-to, I create my WAF ?" I have got to bring you some principles, anyway, the theory around facts.


Have two common WAFs:


 1-Uses plugin in HTTPd to get information of INPUT or OUTPUT, before the finish he receives the request and blocks some contents, this function focuses at HTTP METHODs POST, GET... 


2-this way is my favourite. It is an independent reverse proxy server. He brings all requests of the client to the proxy. The proxy makes some analysis in the content. If not, block, he sends all the information to the external server.



Number One is cold, and this path is not fully portable. Another bad thing is you need to create a different plugin for each HTTPd, something to apache another to NGINX, IIs, Lighttpd... it's not cool! If you are not an excellent low-level programmer. You can try using twisted python. It is easy to make a reverse proxy with it, but it is not the right way because not have good performance in production. If you piss off at it, study the Stevens book of sockets.


It is OK, the title of this post is "create waf in C", Task is entirely done here and commented and with some documentations in LaTex... relax, you can get it in this repository: https://github.com/CoolerVoid/raptor_waf

 

Raptor WAF is a simple web application firewall made in C, using KISS principle, to make poll use the select() function, is not better than epoll() or kqueue() from *BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path traversal, you can see here https://github.com/CoolerVoid/raptor_waf/tree/master/doc/test_dfa


 No more words, look at the following :




Thank you for reading this! 
Cheeers!

Monday, August 1, 2016

Talking about text classifiers

In the last year following search, I searched something about machine learning, like trying to detect SPAMs at my private projects. I saw something about KNN, random decision forests and naive Bayes.


Consequently, I wrote a C++ library to classify texts and some slides for a presentation, which you can view at the end of this blog post.

So I chose Naive Bayes because Naive Bayes is one of the simplest classifiers, based on Bayes theorem with naïve and complete independence assumptions. It is one of the most basic text classification techniques with various email spam detection, document categorization, sexually explicit content detection, personal email sorting, language detection and sentiment detection(i think something like NLP). Despite the naïve design and oversimplified assumptions that this technique uses, Naive Bayes performs well in many complex real-world problems. Another good thing, Naive Bayes is suitable for limited CPU and memory resources.
To optimize detection accuracy, I use DFA(deterministic finite automaton) to match patterns and put each mark in ranking. That ranking has one classification. You can view the following code here. To make your automaton, you can use Flex, bison in another way.


If you view a presentation on slide number 12, you can see my point of view about ranking to optimize the accuracy of the classifier at results.

 


SO, This is a very cool trick to gain accuracy. No more words, friends. Thank you for reading this! 

Cheers!

References:


The magic of bits

 Before the long tale to the course of magic bits, let's gonna for a little walk in the world of C language. Variable of type int has 4 ...