• Stars
    star
    164
  • Rank 230,032 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created about 5 years ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A guided mutation-based fuzzer for ML-based Web Application Firewalls

WAF-A-MoLE

A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al.

Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessing the robustness of your product by letting WAF-A-MoLE explore the solution space to find dangerous "blind spots" left uncovered by the target classifier.

Python Version License Documentation Status

Architecture

WAF-A-MoLE Architecture

WAF-A-MoLE takes an initial payload and inserts it in the payload Pool, which manages a priority queue ordered by the WAF confidence score over each payload.

During each iteration, the head of the payload Pool is passed to the Fuzzer, where it gets randomly mutated, by applying one of the available mutation operators.

Mutation operators

Mutations operators are all semantics-preserving and they leverage the high expressive power of the SQL language (in this version, MySQL).

Below are the mutation operators available in the current version of WAF-A-MoLE.

Mutation Example
Case Swapping admin' OR 1=1# ⇒ admin' oR 1=1#
Whitespace Substitution admin' OR 1=1# ⇒ admin'\t\rOR\n1=1#
Comment Injection admin' OR 1=1# ⇒ admin'/**/OR 1=1#
Comment Rewriting admin'/**/OR 1=1# ⇒ admin'/*xyz*/OR 1=1#abc
Integer Encoding admin' OR 1=1# ⇒ admin' OR 0x1=(SELECT 1)#
Operator Swapping admin' OR 1=1# ⇒ admin' OR 1 LIKE 1#
Logical Invariant admin' OR 1=1# ⇒ admin' OR 1=1 AND 0<1#
Number Shuffling admin' OR 1=1# ⇒ admin' OR 2=2#

How to cite us

WAF-A-MoLE implements the methodology presented in "WAF-A-MoLE: Evading Web Application Firewalls through Adversarial Machine Learning". A pre-print of our article can also be found on arXiv.

If you want to cite us, please use the following (BibTeX) reference:

@inproceedings{demetrio20wafamole,
  title={WAF-A-MoLE: evading web application firewalls through adversarial machine learning},
  author={Demetrio, Luca and Valenza, Andrea and Costa, Gabriele and Lagorio, Giovanni},
  booktitle={Proceedings of the 35th Annual ACM Symposium on Applied Computing},
  pages={1745--1752},
  year={2020}
}

Running WAF-A-MoLE

Prerequisites

Setup

pip install -r requirements.txt

Sample Usage

You can evaluate the robustness of your own WAF, or try WAF-A-MoLE against some example classifiers. In the first case, have a look at the Model class. Your custom model needs to implement this class in order to be evaluated by WAF-A-MoLE. We already provide wrappers for sci-kit learn and keras classifiers that can be extend to fit your feature extraction phase (if any).

Help

wafamole --help

Usage: wafamole [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  evade  Launch WAF-A-MoLE against a target classifier.

wafamole evade --help

Usage: wafamole evade [OPTIONS] MODEL_PATH PAYLOAD

  Launch WAF-A-MoLE against a target classifier.

Options:
  -T, --model-type TEXT     Type of classifier to load
  -t, --timeout INTEGER     Timeout when evading the model
  -r, --max-rounds INTEGER  Maximum number of fuzzing rounds
  -s, --round-size INTEGER  Fuzzing step size for each round (parallel fuzzing
                            steps)
  --threshold FLOAT         Classification threshold of the target WAF [0.5]
  --random-engine TEXT      Use random transformations instead of evolution
                            engine. Set the number of trials
  --output-path TEXT        Location were to save the results of the random
                            engine. NOT USED WITH REGULAR EVOLUTION ENGINE
  --help                    Show this message and exit.

Evading example models

We provide some pre-trained models you can have fun with, located in wafamole/models/custom/example_models. The classifiers we used are listed in the table below.

Classifier name Algorithm
WafBrain Recurrent Neural Network
ML-Based-WAF Non-Linear SVM
ML-Based-WAF Stochastic Gradient Descent
ML-Based-WAF AdaBoost
Token-based Naive Bayes
Token-based Random Forest
Token-based Linear SVM
Token-based Gaussian SVM
SQLiGoT - Directed Proportional Gaussian SVM
SQLiGoT - Directed Unproportional Gaussian SVM
SQLiGoT - Undirected Proportional Gaussian SVM
SQLiGoT - Undirected Unproportional Gaussian SVM

WAF-BRAIN - Recurrent Neural Newtork

Bypass the pre-trained WAF-Brain classifier using a admin' OR 1=1# equivalent.

wafamole evade --model-type waf-brain wafamole/models/custom/example_models/waf-brain.h5  "admin' OR 1=1#"

ML-Based-WAF - Non-Linear SVM (with original WAF-A-MoLE dataset)

Bypass the pre-trained ML-Based-WAF SVM classifier using a admin' OR 1=1# equivalent.

wafamole evade --model-type mlbasedwaf wafamole/models/custom/example_models/mlbasedwaf_svc.dump  "admin' OR 1=1#"

ML-Based-WAF - Non-Linear SVM (with SQLiV5/SQLiV3 datasets)

Bypass the pre-trained ML-Based-WAF SVM classifier using a admin' OR 1=1# equivalent. Note that SQLiV5 is a dataset sourced from Kaggle expanded with a series of queries generated by WAF-A-MoLE itself, as a proof of concept that WAF-A-MoLE queries can enhance the robustness of a WAF with retraining. Use mlbasedwaf_svc_sqliv3.dump to bypass the WAF trained with the original Kaggle dataset (SQLiV3).

wafamole evade --model-type mlbasedwaf wafamole/models/custom/example_models/mlbasedwaf_svc_sqliv5.dump  "admin' OR 1=1#"

ML-Based-WAF - Stochastic Gradient Descent (SGD)

Bypass the pre-trained ML-Based-WAF SGD classifier using a admin' OR 1=1# equivalent.

wafamole evade --model-type mlbasedwaf wafamole/models/custom/example_models/mlbasedwaf_sgd.dump  "admin' OR 1=1#"

ML-Based-WAF - AdaBoost

Bypass the pre-trained ML-Based-WAF AdaBoost classifier using a admin' OR 1=1# equivalent (takes longer than other models, at around 2 to 5 minutes of runtime).

wafamole evade --model-type mlbasedwaf wafamole/models/custom/example_models/mlbasedwaf_ada.dump  "admin' OR 1=1#"

Token-based - Naive Bayes

Bypass the pre-trained token-based Naive Bayes classifier using a admin' OR 1=1# equivalent.

wafamole evade --model-type token wafamole/models/custom/example_models/naive_bayes_trained.dump  "admin' OR 1=1#"

Token-based - Random Forest

Bypass the pre-trained token-based Random Forest classifier using a admin' OR 1=1# equivalent.

wafamole evade --model-type token wafamole/models/custom/example_models/random_forest_trained.dump  "admin' OR 1=1#"

Token-based - Linear SVM

Bypass the pre-trained token-based Linear SVM classifier using a admin' OR 1=1# equivalent.

wafamole evade --model-type token wafamole/models/custom/example_models/lin_svm_trained.dump  "admin' OR 1=1#"

Token-based - Gaussian SVM

Bypass the pre-trained token-based Gaussian SVM classifier using a admin' OR 1=1# equivalent.

wafamole evade --model-type token wafamole/models/custom/example_models/gauss_svm_trained.dump  "admin' OR 1=1#"

SQLiGoT

Bypass the pre-trained SQLiGOT classifier using a admin' OR 1=1# equivalent. Use DP, UP, DU, or UU for (respectivly) Directed Proportional, Undirected Proportional, Directed Unproportional and Undirected Unproportional.

wafamole evade --model-type DP wafamole/models/custom/example_models/graph_directed_proportional_sqligot "admin' OR 1=1#"

BEFORE LAUNCHING EVALUATION ON SQLiGoT

These classifiers are more robust than the others, as the feature extraction phase produces vectors with a more complex structure, and all pre-trained classifiers have been strongly regularized. It may take hours for some variants to produce a payload that achieves evasion (see Benchmark section).

Note on newer ML-Based-WAF models

Some models based on a slightly modified version of vladan-stojnic's ML-Based-WAF have been recently added, from an extension of WAF-A-MoLE entitled wafamole++ by nidnogg. Testing the AdaBoost model might take a longer time than usual (usually 2 to 5 minutes).

There are variants trained with the SQLiV5.json dataset, while most use the original SQL injection from WAF-A-MoLE dataset by default.

A Google Colaboratory notebook is provided with the training routines for some of these models, using the original WAF-A-MoLE dataset (modified to the SQLiV5 format). Any dataset can be used as long as they're in the same format as SQLiV5.json.

Custom adapters

First, create a custom Model class that implements the extract_features and classify methods.

class YourCustomModel(Model):
    def extract_features(self, value: str):
    	# TODO: extract features
        feature_vector = your_custom_feature_function(value)
        return feature_vector

    def classify(self, value):
    	# TODO: compute confidence
        confidence = your_confidence_eval(value)
        return confidence

Then, create an object from the model and instantiate an engine object that uses your model class.

model = YourCustomModel() #your init
engine = EvasionEngine(model)
result = engine.evaluate(payload, max_rounds, round_size, timeout, threshold)

Benchmark

We evaluated WAF-A-MoLE against all our example models.

The plot below shows the time it took for WAF-A-MoLE to mutate the admin' OR 1=1# payload until it was accepted by each classifier as benign.

On the x axis we have time (in seconds, logarithmic scale). On the y axis we have the confidence value, i.e., how sure a classifier is that a given payload is a SQL injection (in percentage).

Notice that being "50% sure" that a payload is a SQL injection is equivalent to flipping a coin. This is the usual classification threshold: if the confidence is lower, the payload is classified as benign.

Benchmark over time

Experiments were performed on DigitalOcean Standard Droplets.

Contribute

Questions, bug reports and pull requests are welcome.

In particular, if you are interested in expanding this project, we look for the following contributions:

  1. New WAF adapters
  2. New mutation operators
  3. New search algorithms

Team

More Repositories

1

RevOK

An HTTP Response fuzzer to find Vulnerabilities in Security Scanners
Python
26
star
2

regrets

Use Z3 to generate strings that match multiple regex | "The plural of regex is regrets"
Python
24
star
3

cyber-gym

Deliberately vulnerable scripts for Web Security training
HTML
21
star
4

modsecurity-cli

A CLI wrapper for libmodsecurity (v3.0.10)
Python
11
star
5

playstore_downloader

Download raw (free) APKs from Google Play Store
Ruby
9
star
6

faq-yourself

Frequently Asked Questions you should ask yourself before asking them again
6
star
7

DVAS

Damn Vulnerable Application Scanner
JavaScript
6
star
8

playstore_parser

Google Play Store API response parser in Ruby
Ruby
5
star
9

sat-smt-tutorial

Exercises based on Dennis Yurichev (@DennisYurichev) tutorial on SAT-SMT
Python
4
star
10

regex-utils

Utilities for Regular Expressions in Python
Python
2
star
11

FATA

Fuoco Aqua Terra Aria - Cooperativa Artigiana
PHP
2
star
12

cbcmac

Existential Forgery on misconfigured CBC-MAC (using plaintext concatenation)
Python
2
star
13

SDNPathProgramming

A Path Programming module for the OpenDaylight SDN Controller.
HTML
2
star
14

chatapp-tutorial

Source code for a Meteor.js chat app tutorial http://sebastiandahlgren.se/2013/07/17/tutorial-writing-your-first-metor-application/
JavaScript
1
star
15

lezione-27-03-17

Lezione GitHub 27 marzo 2017
1
star
16

board-games

Random stuff for board games
Jupyter Notebook
1
star
17

notes-md

A CLI tool for taking notes, inspired by Todo.txt
Python
1
star
18

json2java

JavaScriptObjectNotation to Java Object structure, in JavaCC
Java
1
star
19

LabPaaForkable

Forkable LabPaa Repository
1
star
20

pingsweepers

A collection of simple CLI Ping Sweepers/Scanners.
Ruby
1
star
21

ReadingList

The final product of Soup to Bits 2, a screencast from CodeSchool
Ruby
1
star
22

droidbox

Automatically exported from code.google.com/p/droidbox
Python
1
star
23

android-rawquery-app

An Android App with a vulnerable rawQuery method call
Java
1
star
24

JobeetBundle

Prova per Symfony (Progetto JOBEET)
PHP
1
star
25

TestPerWebwolf

Prove in PHP a caso
PHP
1
star
26

format_suggester

A simple Ruby CLI string format suggester
Ruby
1
star
27

formalin

PHP
1
star
28

Plagio

JavaScript
1
star
29

cpptests

Random tests on C++
C++
1
star
30

manytimepad

Python implementation of misconfigured One-Time PAD (using the PAD multiple times)
Python
1
star
31

graph-analytics

Notes for the Graph Analytics course -- a.y. 2017/2018
Jupyter Notebook
1
star
32

dogma

A Doctrine-inspired PHP library, using PDO and the Data Mapper ORM pattern
PHP
1
star
33

legerados

primo progetto online
CSS
1
star
34

lolstat

RoR wrapper for League of Legends APIs
Ruby
1
star
35

labyrinth

Labyrinth Engine for labyrinth-oriented javascript games
JavaScript
1
star
36

lab-o-matic

Shell
1
star
37

LabPAA

Qualcosa
1
star
38

android-market-api

Automatically exported from code.google.com/p/android-market-api
Java
1
star
39

ReadingListAPI

[Soup to Bits from Codeschool]
Ruby
1
star
40

simple-todos

Meteor.js Simple TO-DOs tutorial
CSS
1
star
41

ZenHack-Slides-Template

The official ZenHack template for fancy presentations.
TeX
1
star
42

debt_graph

Ruby
1
star
43

symfony-framework-tutorial

An implementation of a Symfony-like framework from this tutorial: http://symfony.com/doc/current/create_framework/index.html
PHP
1
star