![[FCO]FreeCoursesOnline](https://onehack.us/uploads/default/original/3X/b/4/b4d2fc8468becec1e9976784dba394e5a378ec81.jpg){kind=small}
OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections.
First step
Instal lib-pcre, if you use RPM based distros search pcre-devel package, in BSD based search in ports or brew… Need libevent-dev, on RPM distros libevent-devel, Openssl-dev and openssl-devel.
To compile and run OctopusWAF follow this commands:
$ git clone https://github.com/CoolerVoid/OctopusWAF$ cd OctopusWAF; make$ bin/OctopusWAFExample tested on DVWA on simple HTTP channel$ bin/OctopusWAF -h 127.0.0.1:2006 -r 127.0.0.1:80 -m horspool --debugOpen your browser in http://127.0.0.1:2006
- Notes: Don’t execute with “cd bin; ./OctopusWAF” use full path “bin/OctopusWAF”, because binary need load content in config directory. Use HTTP only for WAF usage, this version 0.1 run TLS but don’t have resource to load cert and read TLS requests/responses, if you use TLS the service can lost WAF function and work like reverse proxy.
Tested on Linux but can run in FreeBSD.
Code overview
-------------------------------------------------------------------------------Language files blank comment code-------------------------------------------------------------------------------C 12 324 138 997C/C++ Header 11 63 70 212make 1 1 0 30Markdown 1 6 0 3-------------------------------------------------------------------------------SUM: 25 394 208 1242-------------------------------------------------------------------------------
TODO:
Resource to load modsec rules https://github.com/SpiderLabs/owasp-modsecurity-crs/
Insert rules to detect XSS
Insert rules to detect SQLi
Insert rules to detect RCE
Insert rules to detect RFI/LFI
Insert rules to detect XXE
Insert rules to detect Anomalys…
Channel for TLS
Cert Load
Reference: