InfoSec Ninjas 资安忍者

Longjing 龙井



Deep Learning Driven Web Application Firewall




Longjing is Chinese green tea with a lot of antioxiants which can prevent you from getting cancer. Longjing Web Application Firewall (WAF) is deep learning driven and it is designed to protect your web application from being attacked by SQL Injection (SQLi).

Longjing WAF is developed in Python 3 and Scikit-Learn Python Library. It uses a simple neural network to build the model. It is not designed for high performance and it supports Linux systems only.

SQLi is one of the top 10 vulnerabilities in OWASP Top 10 2017. SQLi leads to data leakage and system compromised. It is a critical vulnerability for web applications.

Longjing WAF is easy to install and deploy on modern Linux systems. The higher performance of the CPU, the higher efficiency of the Longjing WAF. The accuracy of the detection rate of SQLi is over 99%.

Longjing WAF's training data and modelling code are not open sourced. However, the running python code and model built are open sourced, which is released under GPLv3 by Samiux.

Longjing is the next generation Web Application Firewall! Fetch and try!




sha256sum 0445982cbc99c18f031b88c8a44c1ba2bcf653bdeeafe59e6d2ee57f1b7e0f24 longjing-0.10.2.tar.gz


Change Log :

Version 0.7.3
Release date : 2018-02-09 GMT+8
[+] First release

Version 0.7.4
Release date : 2018-02-13 GMT+8
[+] Model tuning

Version 0.7.5
Release date : 2018-02-24 GMT+8
[+] Code clean up
[+] Add installer script
[+] For mitmproxy 2.0.2

Version 0.8.0
Release date : 2018-02-26 GMT+8
[+] Update for mitmproxy 3.0.3

Version 0.9.0
Release date : 2018-03-19 GMT+8
[+] Modified for deep learning

Version 0.9.1
Release date : 2018-03-20 GMT+8
[+] Performance tuning

Version 0.10.0
Release date : 2018-03-30 GMT+8
[+] Performance tuning
[+] Rebuild modelling
[+] Rebuild training data

Version 0.10.1
Release date : 2018-04-04 GMT+8
[+] Minor fix
[+] Minor improvement

Version 0.10.2 [Stable]
Release date : 2018-04-09 GMT+8
[+] Minor improvement


Requirement

- Ubuntu Linux Server 16.04.4 LTS
- Anaconda3
- mitmproxy 3.0.4
- web server
- web application
- SSD is recommended
- at least 4-8GB RAM

Installation

(A) Install Anaconda

sudo apt install build-essential libssl-dev libffi-dev python3-dev

wget https://repo.continuum.io/archive/Anaconda3-5.1.0-Linux-x86_64.sh

chmod +x Anaconda3-5.1.0-Linux-x86_64.sh

sudo -sH

./Anaconda3-5.1.0-Linux-x86_64.sh

install anaconda3 to /etc/anaconda3 and then answer "yes" to allow change the .bashrc of root.

source /root/.bashrc

(B) Update Anaconda

sudo -sH
conda update --prefix /etc/anaconda3 anaconda
conda update -n base conda


(B) Install mitmproxy

sudo -sH
conda install pip
pip install mitmproxy


Exit to normal user by entering exit.

(C) Update mitmproxy

sudo -sH
cd /etc/anaconda3
pip install mitmproxy --upgrade


(D) Install Longjing

wget https://www.infosec-ninjas.com/files/longjing-0.10.2.tar.gz
tar -xvzf longjing-0.10.2.tar.gz

cd longjing

nano config.conf


where :
- NET_INF is the network interface of the mitmproxy to be listening
- PORT is port number of the mitmproxy to be listening, e.g. 8080
- CERT is the location path of the private key TLS/SSL certificate of the domain when available. It should be starting with --certs.

Please read mitmproxy "about certificate" documents for details - Using a custom certificate.

sudo ./install.sh

Finally, make sure to copy index.html to the web application root directory.

(D) Running

sudo systemctl restart longjing.service

(E) Limitation

- The source IP address cannot be detected or recorded.
- The speed of the web application will be slowed down.

(F) Reference

Samiux's Blog

Back