Necessity can lead to innovation. The inception of Garuda's WAF library's is no exception. With the current surge of Log4Shell variants, we also felt the pain when we discover the absence of any library for WAF obfuscation, which can act as a catalyst to evaluate the efficacy of WAF solutions. All the major vendors today do offer WAF solutions, and they are undoubtedly good. But rather than blindly trusting these vendor solutions and being greeted by surprise attacks, it absolutely makes sense to evaluate these WAF solutions as a proactive measure to reduce risk and narrow down the attack surface. Garuda WAF Obfuscation is a python library developed to fast track the efficacy testing of Web Application Firewall. Individual functions can be used as regex rules in order to test specific modules during the assessment. Currently, Log4Shell obfuscation rules are added and can be consumed as a library in any existing python project.
- Possible first publication of lower/upper bypass
- HTML URL Encoding Reference
- Bypassing NGFW/WAFs using data format obfuscations
- Apache Log4j 2 v. 2.15.0 - User's Guide
- GitHub Reviewed CVE-2021-44228 - Remote code injection in Log4j
- LOG4J2-3230 Certain strings can cause infinite recursion
- Awesome list of secrets in environment variables
- Exploiting CVE-2021-44228 using PDFs as delivery channel - PoC
- Kozmer Log4Shell POC
- Lunasec
pip install waf-bypass-rules-garuda
Import Library and Specific Function (e.g. from WAFBypass.wafbypass import log4jRules) - Log4Shell WAF Obfuscation
- Cross platform
We are bunch of passionate people who want to contribute to the community. We have learned from the community and hence felt its our moral responsibility to contribute.
If you have any feedback, please reach out to us at [email protected]
- Multi-Vendor WAF Support
- Performance Optimization