Lightbulb Framework : Tools For Auditing WAFS

LightBulb Framework is an open source python framework for auditing web application firewalls and filters.

LightBulb Framework Synopsis

The framework consists of two main algorithms:

  • GOFA: An active learning algorithm that infers symbolic representations of automate in the standard membership/equivalence query model.

Active learning algorithms permits the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program and observe the output.

  • SFADiff: A black-box differential testing algorithm based on Symbolic Finite Automate (SFA) learning

Finding differences between programs with similar functionality is an important security problem as such differences can be used for fingerprinting or creating evasion attacks against security software like Web Application Firewalls (WAFs) which are designed to detect malicious inputs to web applications.

Also ReadKBD-Audio : Tools For Capturing & Analysing Keyboard Input Paired With Microphone Capture

Commands Usage

Main interface commands:

Command Description
core Shows available core modules
utils Shows available query handlers
info <module> Prints module information
library Enters library
modules Shows available application modules
use <module> Enters module
start <moduleA> <moduleB> Initiate algorithm
help Prints help
status Checks and installs required packages
complete Prints bash completion command

Module commands:

Command Description
back Go back to main menu
info Prints current module information
library Enters library
options Shows available options
define <option> <value> Set an option value
start Initiate algoritm
complete Prints bash completion command

Library commands:

Command Description
back Go back to main menu
info <folder\module> Prints requested module information (folder must be located in lightbulb/data/)
cat <folder\module> Prints requested module (folder must be located in lightbulb/data/)
modules <folder> Shows available library modules in the requested folder (folder must be located in lightbulb/data/)
search <keywords> Searches available library modules using comma separated keywords
complete Prints bash completion command

Installation

Prepare your system

First you have to verify that your system supports flex, python dev, pip and build utilities:

For apt platforms (ubuntu, debian…):

    sudo apt-get install flex
 sudo apt-get install python-pip
 sudo apt-get install python-dev
 sudo apt-get install build-essential

(Optional for apt) If you want to add support for MySQL testing:

    sudo apt-get install libmysqlclient-dev

For yum platforms (centos, redhat, fedora…) with already installed the extra packages repo (epel-release):

 sudo yum install -y python-pip
 sudo yum install -y python-devel
 sudo yum install -y wget
 sudo yum groupinstall -y 'Development Tools'

(Optional for yum) If you want to add support for MySQL testing:

 sudo yum install -y mysql-devel 
 sudo yum install -y MySQL-python

Install Lightbulb

In order to use the application without complete package installation:

git clone https://github.com/lightbulb-framework/lightbulb-framework
cd lightbulb-framework
make
lightbulb status

In order to perform complete package installation. You can also install it from pip repository. This requires first to install the latest setuptools version:

pip install setuptools --upgrade
pip install lightbulb-framework
lightbulb status

If you want to use virtualenv:

pip install virtualenv
virtualenv env
source env/bin/activate
pip install lightbulb-framework
lightbulb status

The “lightbulb status” command will guide you to install MySQLdb and OpenFst support. If you use virtualenv in linux, the “sudo” command will be required only for the installation of libmysqlclient-dev package.

It should be noted that the “lightbulb status” command is not necessary if you are going to use the Burp Extension.

The reason is that this command installs the “openfst” and “mysql” bindings and the extension by default is using Jython, which does not support C bindings.

It is recommended to use the command only if you want to change the Burp extension configuration from the settings and enable the native support.

It is also possible to use a docker instance:

docker pull lightbulb/lightbulb-framework

Install Burp Extension

If you wish to use the new GUI, you can use the extension for the Burp Suite. First you have to setup a working environment with Burp Proxy and Jython

  • Download the latest Jython from here
  • Find your local python packages installation folder*
  • Configure Burp Extender to use these values, as shown below*

  • Select the new LightBulb module (“BurpExtension.py”) and set the extension type to be “Python”

You can ignore this step, and install the standalone version which contains all the required python packages included. You can download it here

Contributors: George Argyros,Ioannis Stais,Suman Jana,Angelos D. Keromytis Aggelos Kiayias

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

18 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

18 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago