Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

WAFEx Model Creator

WAFEx Model Creator is an extension for Burp Proxy that allows for the simple extraction of a formal model in ASLan++ starting from a recorded HTTP sequence. WAFEx Model Creator can also be used to generate and edit the skeleton of an ASLan++ model and the concretization file.



  1. Clone the repository
git clone
  1. Install http-parser (make sure you install it for Python2.7):
pip install http-parser
  1. Burp Suite -> Extender -> Options
    • Python Environment -> Location of Jython standalone JAR file: load jython standalone.
    • Python Environment -> Folder for loading mofules (optional): select the path of the Python libraries.
    • Java Environment -> Folder for loading library JAr files (optional): load
  2. Burp Suite -> Extender -> Add
    • In Extension type select Python and load ""

How to use

The security analyst interacts with the web application and records a sequence of HTTP requests\responses. He then selects the requests he wants to use for creating a model in ASLAn++ and, with left click, sends them to the WAFEx Model Creator plugin.


The user interface of WAFEx Model Creator provides: a table collecting the requests to translate (1), a panel showing details of a selected request (2), a file selector for specifying the database file (3), two tabs for ASLan++ and the concretization editors (4), and the actual editor that also provides syntax highlight (5).