Longjing is Chinese green tea with a lot of antioxiants which can prevent you from getting cancer. Longjing Web Application Firewall (WAF) is deep learning driven and it is mainly designed to protect your web application from being attacked by SQL Injection (SQLi).
SQLi is one of the top 10 vulnerabilities in OWASP Top 10 2017. SQLi leads to data leakage and system compromised. It is a critical vulnerability for web applications.
Longjing WAF is developed in Python 3 with Scikit-Learn Python Library. It uses a simple neural network to build the model. It is not designed for very high performance and it supports Linux systems only. It is not only a proof of concept (PoC) however.
Longjing WAF is easy to install and deploy on modern Linux systems. The higher performance of the CPU, the higher efficiency of the Longjing WAF. The accuracy of the detection rate of SQLi is over 99%.
Longjing is the next generation Web Application Firewall! Fetch and try!
- Ubuntu Linux Server 18.04 LTS (other distribution may not be working properly)
- Anaconda3 (Python 3)
- mitmproxy 4.0.3 (Python 3)
- any web server
- any web application
- high speed Hard disk (SSD is recommended)
- about 1 GB RAM for Longjing WAF
If you like our project, please show your support by sending the donation to Paypal (infosecninjas AT gmail DOT com) in USD or HKD currency. You need a Paypal account for the donation.
pip install mitmproxy --upgrade
(D) Install Longjing
tar -xvzf longjing-0.10.3.tar.gz
- NET_INF is the network interface of the mitmproxy to be listening
- PORT is port number of the mitmproxy to be listening, e.g. 8080
- CERT is the location path of the private key TLS/SSL certificate of the domain when available. It should be starting with --certs.