Longjing 龙井



Deep Learning Driven Web Application Firewall




Longjing is Chinese green tea with a lot of antioxiants which can prevent you from getting cancer. Longjing Web Application Firewall (WAF) is deep learning driven by Python Scikit-Learn Library. It is not designed for very high performance. However, it is ideal for personal to small business web sites.

Longjing WAF is designed for any web server and any web application to block malicious web traffic, such as SQL Injection.

Longjing WAF is easy to install and deploy on modern Linux systems. The higher performance of the CPU, the higher efficiency of the Longjing WAF.

Longjing is the next generation Web Application Firewall! Fetch and try!




Features

- detects common web attacks
- mainly for detecting SQL Injection attacks


License

Longjing WAF's training data and modelling code are not open sourced. However, the running python code and model built are open sourced, which is released under GPLv3 by Samiux.

A Quick Guide to GPLv3
GNU General Public License Version 3.0


Requirement

- Ubuntu Linux Server 18.04.2 LTS (other distribution may not be working properly)
- Anaconda3 (Python 3)
- mitmproxy 4.0.4 (Python 3)
- any web server
- any web application
- high speed Hard disk (SSD is recommended)
- about 1 GB RAM for Longjing WAF


Donation

If you like our project, please show your support by sending the donation to Paypal (infosecninjas AT gmail DOT com) in USD or HKD currency. You need a Paypal account for the donation.


File Checksum

sha256sum 5d1bf7aadc1cb7677146a8816d09f4fc29aabc0fa71d1b6f246700b6a70f10bc longjing-0.10.5.tar.gz


Change Log :

Version 0.7.3
Release date : 2018-02-09 GMT+8
[+] First release

Version 0.7.4
Release date : 2018-02-13 GMT+8
[+] Model tuning

Version 0.7.5
Release date : 2018-02-24 GMT+8
[+] Code clean up
[+] Add installer script
[+] For mitmproxy 2.0.2

Version 0.8.0
Release date : 2018-02-26 GMT+8
[+] Update for mitmproxy 3.0.3

Version 0.9.0
Release date : 2018-03-19 GMT+8
[+] Modified for deep learning

Version 0.9.1
Release date : 2018-03-20 GMT+8
[+] Performance tuning

Version 0.10.0
Release date : 2018-03-30 GMT+8
[+] Performance tuning
[+] Rebuild modelling
[+] Rebuild training data

Version 0.10.1
Release date : 2018-04-04 GMT+8
[+] Minor fix
[+] Minor improvement

Version 0.10.2
Release date : 2018-04-09 GMT+8
[+] Minor improvement

Version 0.10.3
Release date : 2018-05-24 GMT+8
[+] Modified for mitmproxy 4.0.1

Version 0.10.4
Release date : 2018-10-21 GMT+8
[+] Update training data

Version 0.10.5 [Stable]
Release date : 2019-03-04 GMT+8
[+] Some improvement
[+] Changed for Anaconda3 5.3.1


Installation

(A) Install Anaconda

sudo apt install build-essential libssl-dev libffi-dev python3-dev

wget https://repo.continuum.io/archive/Anaconda3-2019.03-Linux-x86_64.sh

chmod +x Anaconda3-2019.03-Linux-x86_64.sh

sudo -sH

./Anaconda3-2019.03-Linux-x86_64.sh

anaconda3 is default to install at /root/anaconda3 and then answer "yes" to allow "conda" to initialize and change the .bashrc of root.

source /root/.bashrc

(B) Update Anaconda

sudo -sH
conda update --prefix /root/anaconda3 anaconda
conda update -n base conda


(C) Install mitmproxy

sudo -sH
conda install pip
pip install mitmproxy


Exit to normal user by entering exit.

(D) Update mitmproxy

sudo -sH
cd /root/anaconda3
pip install mitmproxy --upgrade


(E) Install Longjing

wget https://www.infosec-ninjas.com/files/longjing-0.10.5.tar.gz
tar -xvzf longjing-0.10.5.tar.gz

cd longjing

nano config.conf


where :
- NET_INF is the network interface of the mitmproxy to be listening
- PORT is port number of the mitmproxy to be listening, e.g. 8080
- CERT is the location path of the private key TLS/SSL certificate of the domain when available. It should be starting with --certs.

Please read mitmproxy "about certificate" documents for details - Using a custom certificate.

sudo ./install.sh

Finally, make sure to copy index.html to the web application root directory.

(F) Running

sudo systemctl restart longjing.service

(G) Limitation

- The source IP address cannot be detected or recorded.
- The speed of the web application will be slowed down a bit.

(H) Reference

Samiux's Blog