-
Notifications
You must be signed in to change notification settings - Fork 87
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
石昌琦
committed
Nov 17, 2023
1 parent
93c3e11
commit c8f645e
Showing
3 changed files
with
21 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,51 +1,31 @@ | ||
| # BlazeHTTP | ||
| <h1 align="center">最好用的 WAF 测试工具</h1> | ||
| <p align="center"> | ||
| <img src="./images/blazehttp_cmd.gif"> | ||
| </p> | ||
|
|
||
| 一个可以帮您测试 WAF 关键指标的工具 | ||
|
|
||
| 主要为了解决下面问题: | ||
| ## 测试指标 | ||
| | 指标 | 描述 | 统计方法 | | ||
| | ---- | ---- | ---- | | ||
| | 检出率 | 用来反应 WAF 检测能力的全面性,没有检出即为 ”漏报“。 | 攻击样本拦截数量 | | ||
| | 误报率 | 用来反应对正常流量的干扰,不靠谱的结果即为 ”误报“。 | 正常样本拦截数量 | | ||
| | 准确率 | 准确率是检出率和误报率的综合指标,避免漏报和误报顾此失彼。 | | | ||
| | 检测耗时 | 用来反应 WAF 性能,耗时越大则性能越差。 | | | ||
|
|
||
| 1. 标准库不支持解析`畸形的HTTP请求` | ||
| 2. 没有免费的工具发送`大量`的`HTTP请求` | ||
| 3. 没有免费的工具可以测试 WAF 的关键指标 | ||
| ## 🚛 下载代码 | ||
|
|
||
| > 如果项目对您有用, 欢迎star、fork! | ||
| > 如果项目有任何问题,欢迎提PR! | ||
| ## 使用帮助 | ||
|
|
||
| ### 编译 or 下载 release | ||
|
|
||
| ```bash | ||
| go build -o ./build/blazehttp ./cmd/blazehttp | ||
| ``` bash | ||
| git clone https://github.com/chaitin/blazehttp.git && cd blazehttp | ||
| ``` | ||
|
|
||
| ### 开始测试 | ||
|
|
||
| ```bash | ||
| ./build/blazehttp http://127.0.0.1:8008 | ||
| sending 100% |██████████████████████████████████████████| (33669/33669, 943 it/s) [35s:0s] | ||
| TP[攻击拦截]: 412 TN[正常放行]: 33071 FP[误报]: 23 FN[漏报]: 163 | ||
| 总样本数量: 33669 成功: 33669 错误: 0 | ||
| 检出率: 71.65% | ||
| 误报率: 5.29% | ||
| 准确率: 99.45% | ||
| ## 🚀 一键运行 | ||
|
|
||
| 90% 平均耗时: 0.67毫秒 | ||
| 99% 平均耗时: 0.87毫秒 | ||
| 平均耗时: 0.87毫秒 | ||
| ``` bash | ||
| bash build.sh && ./build/blazehttp -t http://127.0.0.1:8008 | ||
| ``` | ||
|
|
||
| ### 环境准备(推荐) | ||
|
|
||
| nginx.conf | ||
| ## 🕹️ 靶机服务 | ||
|
|
||
| ``` conf | ||
| location / { | ||
| return 200 'hello WAF!'; | ||
| default_type text/plain; | ||
| } | ||
| ``` | ||
| 启动 web 服务,并接入 waf | ||
| ``` bash | ||
| docker run -d -p 8088:80 -v /path/to/nginx.conf:/etc/nginx/nginx.conf -d nginx:latest | ||
| ``` | ||
| docker run -d -p 8080:80 --name hello_waf -d co0ontty/hello_waf:latest | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.