Search the Community
Showing results for tags 'raptor'.
-
Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross-site scripting, and path traversal. Why is this tool made in C language? C has a high delay time for writing and debugging, but no pain no gain, have fast performance, addition to this point, the C language is run at any architecture like Mips, ARM, and others… other benefits of C, have a good and high profile to write optimizations if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is a good choice. Why you do not use POO ? in this project I follow the”KISS” principle: [Hidden Content] It Simple C language has a lot of old school dudes like a kernel hacker… Raptor is very simple, have three layers reverse proxy, blacklist, and Match(using deterministic finite automaton). Proxy using the select() function to check multiple sockets, at the future change to use libevent(signal based is very fast) If someone sends a request, Raptor does address analysis… Address blacklisted? block! If deterministic finite automaton and Blacklist don’t match, Raptor doesn’t blockRaptor get a Request with GET or POST method and make some analysis to find dirt like an sql injection, cross-site scripting… Raptor gets a Request with GET or POST method and makes some analysis to find dirt like an sql injection, cross-site scripting… External match string mode • At directory, config has a file of lists of rules • You can match the string with different algorithms • You can choose with an argument –match or -m • Choice one option between Karpe Rabin, DFA, or Boyer Moore Horspool Changelog v0.6.2 Patch fix to the improving documentation. to run: $ git clone [Hidden Content] $ cd raptor_waf; make; bin/raptor Don’t execute with “cd bin; ./raptor” use path “bin/raptor” look detail [Hidden Content] [hide][Hidden Content]]
-
Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross-site scripting, and path traversal. Why is this tool made in C language? C has a high delay time for writing and debugging, but no pain no gain, have fast performance, addition to this point, the C language is run at any architecture like Mips, ARM, and others… other benefits of C, have a good and high profile to write optimizations if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is a good choice. Why you do not use POO ? in this project I follow the”KISS” principle: [Hidden Content] It Simple C language has a lot of old school dudes like a kernel hacker… Changelog v0.6.1 Fix memory error handler [hide][Hidden Content]]