Skip to content
WAFEx Model Creator
Python CSS
Branch: master
Clone or download
Latest commit 33feafa May 16, 2019

README.md

WAFEx Model Creator

WAFEx Model Creator is an extension for Burp Proxy that allows for the simple extraction of a formal model in ASLan++ starting from a recorded HTTP sequence. WAFEx Model Creator can also be used to generate and edit the skeleton of an ASLan++ model and the concretization file.

Requirements

Installation

  1. Clone the repository
git clone https://github.com/rhaidiz/wafex-model-creator
  1. Install http-parser (make sure you install it for Python2.7):
pip install http-parser
  1. Burp Suite -> Extender -> Options
    • Python Environment -> Location of Jython standalone JAR file: load jython standalone.
    • Python Environment -> Folder for loading mofules (optional): select the path of the Python libraries.
    • Java Environment -> Folder for loading library JAr files (optional): load richtextfx-fat-0.7-M5.java.
  2. Burp Suite -> Extender -> Add
    • In Extension type select Python and load "wafex-model-creator.py"

How to use

The security analyst interacts with the web application and records a sequence of HTTP requests\responses. He then selects the requests he wants to use for creating a model in ASLAn++ and, with left click, sends them to the WAFEx Model Creator plugin.

screen1

The user interface of WAFEx Model Creator provides: a table collecting the requests to translate (1), a panel showing details of a selected request (2), a file selector for specifying the database file (3), two tabs for ASLan++ and the concretization editors (4), and the actual editor that also provides syntax highlight (5).

screen2

You can’t perform that action at this time.