Longjing 龙井



Deep Learning Driven Web Application Firewall




Longjing is Chinese green tea with a lot of antioxiants which can prevent you from getting cancer. Longjing Web Application Firewall (WAF) is deep learning driven and it is mainly designed to protect your web application from being attacked by SQL Injection (SQLi).

SQLi is one of the top 10 vulnerabilities in OWASP Top 10 2017. SQLi leads to data leakage and system compromised. It is a critical vulnerability for web applications.

Longjing WAF is developed in Python 3 with Scikit-Learn Python Library. It uses a simple neural network to build the model. It is not designed for very high performance and it supports Linux systems only. It is not only a proof of concept (PoC) however.

Longjing WAF is easy to install and deploy on modern Linux systems. The higher performance of the CPU, the higher efficiency of the Longjing WAF. The accuracy of the detection rate of SQLi is over 99%.

Longjing is the next generation Web Application Firewall! Fetch and try!




Features

- detects SQL Injection (SQLi) attempts
- detects Cross Site Scripting (XSS) attempts
- detects Path Traversal attempts
- detects Local File Inclusion attempts
- spoofing vulnerability scanners for false positive


License

Longjing WAF's training data and modelling code are not open sourced. However, the running python code and model built are open sourced, which is released under GPLv3 by Samiux.

A Quick Guide to GPLv3
GNU General Public License Version 3.0


Requirement

- Ubuntu Linux Server 18.04 LTS (other distribution may not be working properly)
- Anaconda3 (Python 3)
- mitmproxy 4.0.3 (Python 3)
- any web server
- any web application
- high speed Hard disk (SSD is recommended)
- about 1 GB RAM for Longjing WAF


Donation

If you like our project, please show your support by sending the donation to Paypal (infosecninjas AT gmail DOT com) in USD or HKD currency. You need a Paypal account for the donation.


File Checksum

sha256sum 524cae2391ea4a06d948a8fbba7b1452f1d3e1d7294a8e8c78b354f489c97108 longjing-0.10.3.tar.gz


Change Log :

Version 0.7.3
Release date : 2018-02-09 GMT+8
[+] First release

Version 0.7.4
Release date : 2018-02-13 GMT+8
[+] Model tuning

Version 0.7.5
Release date : 2018-02-24 GMT+8
[+] Code clean up
[+] Add installer script
[+] For mitmproxy 2.0.2

Version 0.8.0
Release date : 2018-02-26 GMT+8
[+] Update for mitmproxy 3.0.3

Version 0.9.0
Release date : 2018-03-19 GMT+8
[+] Modified for deep learning

Version 0.9.1
Release date : 2018-03-20 GMT+8
[+] Performance tuning

Version 0.10.0
Release date : 2018-03-30 GMT+8
[+] Performance tuning
[+] Rebuild modelling
[+] Rebuild training data

Version 0.10.1
Release date : 2018-04-04 GMT+8
[+] Minor fix
[+] Minor improvement

Version 0.10.2
Release date : 2018-04-09 GMT+8
[+] Minor improvement

Version 0.10.3 [Stable]
Release date : 2018-05-24 GMT+8
[+] Modified for mitmproxy 4.0.1


Installation

(A) Install Anaconda

sudo apt install build-essential libssl-dev libffi-dev python3-dev

wget https://repo.continuum.io/archive/Anaconda3-5.2.0-Linux-x86_64.sh

chmod +x Anaconda3-5.2.0-Linux-x86_64.sh

sudo -sH

./Anaconda3-5.2.0-Linux-x86_64.sh

install anaconda3 to /etc/anaconda3 and then answer "yes" to allow change the .bashrc of root.

source /root/.bashrc

(B) Update Anaconda

sudo -sH
conda update --prefix /etc/anaconda3 anaconda
conda update -n base conda


(B) Install mitmproxy

sudo -sH
conda install pip
pip install mitmproxy


Exit to normal user by entering exit.

(C) Update mitmproxy

sudo -sH
cd /etc/anaconda3
pip install mitmproxy --upgrade


(D) Install Longjing

wget https://www.infosec-ninjas.com/files/longjing-0.10.3.tar.gz
tar -xvzf longjing-0.10.3.tar.gz

cd longjing

nano config.conf


where :
- NET_INF is the network interface of the mitmproxy to be listening
- PORT is port number of the mitmproxy to be listening, e.g. 8080
- CERT is the location path of the private key TLS/SSL certificate of the domain when available. It should be starting with --certs.

Please read mitmproxy "about certificate" documents for details - Using a custom certificate.

sudo ./install.sh

Finally, make sure to copy index.html to the web application root directory.

(D) Running

sudo systemctl restart longjing.service

(E) Limitation

- The source IP address cannot be detected or recorded. That will fully compliance with the EU General Data Protection Regulation (GDPR).
- The speed of the web application will be slowed down a bit.

(F) Reference

Samiux's Blog