Code Monkey home page Code Monkey logo

awd-watchbird's Introduction

本项目禁止用于比赛. 如果您需要一个比赛场景下的WAF, 可以考虑DasSecurity-Labs/AoiAWD. (但请注意规则是否允许第三方通防)

Watchbird

A powerful PHP WAF for AWD

功能:

  • 易于配置(单文件, 无需加载外部js/css)
  • 可以随时开启/关闭某项防御
  • 基本防御:
    • 数据库注入(sql injection)
    • 文件上传(upload)
    • 文件包含(lfi)
    • flag关键字
    • PHP反序列化(unserialize)
    • 命令执行(rce)
    • 分布式拒绝服务攻击(ddos)
    • 请求头,请求参数(GET/POST)关键字
    • 特殊字符
  • 深度防御:
    • 响应检测/反向代理(默认将流量发送至本地服务器自检,可配置代理服务器IP及端口实现反代功能)
    • 响应flag检测并返回虚假flag
    • 基于LD_PRELOAD的指令执行保护
    • 基于open_basedir的PHP文件操作保护
  • 网页控制台:
    • 功能开关及配置
    • 实时日志查看
    • 日志流量重放, 可广播流量至指定网段, 支持提取flag自动提交
    • RCE/文件上传/深度检测 防御通知(由于chrome无法允许不安全的网站(无SSL证书)显示通知,请使用Firefox并修改about:config中dom.webnotifications.allowinsecure为true)

使用

  • 下载最新 release
  • 将waf.so,watchbird.php文件存放在/var/www/html或其他目录中
  • 将watchbird.php放在www-data可读的目录, 确保当前用户对目标目录可写, 然后执行php watchbird.php --install [Web目录], 安装器将输出安装了watchbird的文件路径
  • 访问任意启用了waf的文件, 参数?watchbird=ui打开watchbird控制台, 创建一个初始密码
  • 如需卸载, 请在相同的位置输入php watchbird.php --uninstall [Web目录], 如果您多次运行了安装, 请多次运行卸载直到卸载器无输出

构建

  • git clone https://github.com/leohearts/awd-watchbird.git

  • 使用 python3 pack.py 将源码打包为单文件

  • 编译waf.c生成.so文件,参考命令:gcc waf.c -shared -o waf.so

截图

Screenshot_2021-03-08 Watchbird控制台.png

Screenshot_2021-03-08 Watchbird控制台_1_.png

Screenshot_2021-03-08 Watchbird控制台_2_.png

贡献者

  • Leohearts
  • Longlone
  • (欢迎Issue及Pull Request)

本项目的开发仅出于研究目的, 请不要在比赛中使用.

awd-watchbird's People

Contributors

burpheart avatar leohearts avatar n-wn avatar way29 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

lola39 igloog cs4745 zmdprogrom secsystem akpotter netsecli lotfocus 851579181 iiiusky d4rker kee1ongz secgoblin uncia laowang1026 ynjw nessastein skyroot 0x7f74 dycsy wanglibin1314 arenaswan lightning-zb oceanlotus xuehua312741499 sevenplusjun way29 hypery11 ret2basic crisprss mitooooo sw-back mstheholy meowwbox lollipopup asweepingmonk murkuo akwood tomapu yangshuangfu cream-sec burpheart marszone test111-crypto lwj-xfz w4tchd09 jxxhwy missxq131 polarpeak kstrowski ctforg anzu-proj gy4n viracall moebackup loopendloop lihu2018 77-0 liudeguang liehu tga0 devil8123665 yzy2019 j4ckzh0u fxizenta shenqierbufan key1624 crypt0nx cyrilxu 5l1v3r1 jinnywc behing viki1998 r1ng13 tang51678 forgetoe tchzy666 kelly778956 an9unie chain312 diymonster n-wn spring051 jiliu233 wnsfjucl88533 wouijvziqy weathering0216

awd-watchbird's Issues

页面4个框架能否自定义位置

页面上的“flag_eye_to_eye、flag_log、under_attack_log、web_log”4个框架位置是固定显示的,能否根据各自需要自定义调整?比如,任意拖动位置。

如何能显示fake_flag?

已设置fake_flag,但通过shell执行cat /flag时,仅显示watchbird,没出现fake_flag,不知哪里配置的问题,还是某个开关未打开。
配置如下:
QQ截图20220104165534

QQ截图20220104165705

shell rce显示:
QQ截图20220104165628

控制台没有日志

部署后,能够成功拦截,日志txt文件在/tmp/systemd-private-a4a7987b08fe4cdfa2ac38de34acd45d-php-fpm.service-GoFPNh/tmp/watchbird/log路径下,但是控制台的日志标签内刷新不出来日志,请问是什么原因呢?

部署waf后对一句话shell可以拦截,但过一会儿就无效了

通过php watchbird.php --install /var/www/html 可以成功部署waf
利用一句话shell来测试waf,访问shell.php并执行system命令可以被waf拦截,且同时在waf log中可以看到执行的指令
但对shell执行几次命令后,再去访问shell,发现不再拦截,且之前写入shell的已经没有了
连续试了多次都这样,不知什么原因?

最新版本地发包问题

大佬,编译并使用了最新的程序,发现本地flag自动提交没有包发出去,请大佬指点~
1

resonse_content防护时的flag

开启response_content_match时,页面返回假flag,如flag{5hM4x6YBlCRfTZ2edqvNrLgFmD},虽然在配置页面下已设置了预定flag内容,但此处仍动态显示上面的flag,不知在哪里设置?

本地发包问题

大佬好,我使用了本地发包,但是抓包发现并没有从本地发包,求大佬指点。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.