Menu

Tree [eaa522] changes-fred /
 History

HTTPS git://
HTTPS access

File Date Author Commit
 cert 2020-11-09 Your Name Your Name [67a3de] add all code
 config 2020-11-12 Your Name Your Name [be6209] update
 doc 2020-11-09 Your Name Your Name [67a3de] add all code
 src 2020-12-23 Frederico Lamberti Pissarra Frederico Lamberti Pissarra [eaa522] Got rid of bool and use int as boolean.
 LICENSE 2020-11-09 Cooler_ Cooler_ [47d882] Initial commit
 Makefile 2020-12-06 Frederico Lamberti Pissarra Frederico Lamberti Pissarra [64fcba] Fix build-deps target
 README.md 2020-11-10 Cooler_ Cooler_ [885697] Update README.md

Read Me

Octopus WAF

OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections.

Alt text

First step

Instal lib-pcre, if you use RPM based distros search pcre-devel package, in BSD based search in ports or brew...
Need libevent-dev, on RPM distros libevent-devel, Openssl-dev and openssl-devel.

To compile and run OctopusWAF follow this commands:

$ git clone https://github.com/CoolerVoid/OctopusWAF
$ cd OctopusWAF; make
$ bin/OctopusWAF

Example tested on DVWA on simple HTTP channel

$ bin/OctopusWAF -h 127.0.0.1:2006 -r 127.0.0.1:80 -m horspool --debug

Open your browser in http://127.0.0.1:2006
  • Notes: Don't execute with "cd bin; ./OctopusWAF" use full path "bin/OctopusWAF", because binary need load content in config directory.
    Use HTTP only for WAF usage, this version 0.1 run TLS but don't have resource to load cert and read TLS requests/responses, if you use TLS the service can lost WAF function and work like reverse proxy.

Tested on Linux but can run in FreeBSD.

Code overview

-------------------------------------------------------------------------------
Language                     files          blank        comment           code
-------------------------------------------------------------------------------
C                               12            324            138            997
C/C++ Header                    11             63             70            212
make                             1              1              0             30
Markdown                         1              6              0              3
-------------------------------------------------------------------------------
SUM:                            25            394            208           1242
-------------------------------------------------------------------------------

TODO:

Resource to load modsec rules https://github.com/SpiderLabs/owasp-modsecurity-crs/

Insert rules to detect XSS

Insert rules to detect SQLi

Insert rules to detect RCE

Insert rules to detect RFI/LFI

Insert rules to detect XXE

Insert rules to detect Anomalys...

Channel for TLS

Cert Load

Reference:

https://libevent.org/

https://owasp.org/www-community/Web_Application_Firewall

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.