secubox-openwrt

gandalf/secubox-openwrt

Fork 0

Commit Graph

Author	SHA1	Message	Date
CyberMind-FR	418cb2c76e	fix(mitmproxy): Fix SSRF false positives for internal traffic SSRF detection was triggering on any request to internal IPs (192.168.x.x, 10.x.x.x, etc.) because it was checking the target URL itself. Now only checks query parameters and request body for SSRF patterns, which is where actual SSRF attacks occur. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-14 05:38:26 +01:00
CyberMind-FR	e58f479cd4	feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats Add detection patterns for latest actively exploited vulnerabilities: - CVE-2025-55182 (React2Shell, CVSS 10.0) - CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint) - CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds) - CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti) - CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS) New attack categories based on OWASP Top 10 2025: - HTTP Request Smuggling (TE.CL/CL.TE conflicts) - AI/LLM Prompt Injection (ChatML, instruction markers) - WAF Bypass techniques (Unicode normalization, double encoding) - Supply Chain attacks (CI/CD poisoning, dependency confusion) - Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf) - API Abuse (BOLA/IDOR, mass assignment) CrowdSec scenarios split into 11 separate files for reliability. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-12 05:02:57 +01:00
CyberMind-FR	adec1144d6	feat: Streamlit ZIP flatten, mitmproxy bot whitelist, Fabricator app - Add extract_zip_flatten() to Streamlit RPCD for nested ZIP handling - Add bot whitelist to mitmproxy WAF (Facebook, Google, Bing crawlers) - Skip threat detection for whitelisted legitimate crawlers - Track Fabricator app and stats evolution in HISTORY.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-07 09:59:20 +01:00

Author

SHA1

Message

Date

CyberMind-FR

418cb2c76e

fix(mitmproxy): Fix SSRF false positives for internal traffic

SSRF detection was triggering on any request to internal IPs
(192.168.x.x, 10.x.x.x, etc.) because it was checking the target
URL itself. Now only checks query parameters and request body for
SSRF patterns, which is where actual SSRF attacks occur.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-14 05:38:26 +01:00

CyberMind-FR

e58f479cd4

feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats

Add detection patterns for latest actively exploited vulnerabilities:
- CVE-2025-55182 (React2Shell, CVSS 10.0)
- CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint)
- CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds)
- CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti)
- CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS)

New attack categories based on OWASP Top 10 2025:
- HTTP Request Smuggling (TE.CL/CL.TE conflicts)
- AI/LLM Prompt Injection (ChatML, instruction markers)
- WAF Bypass techniques (Unicode normalization, double encoding)
- Supply Chain attacks (CI/CD poisoning, dependency confusion)
- Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf)
- API Abuse (BOLA/IDOR, mass assignment)

CrowdSec scenarios split into 11 separate files for reliability.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-12 05:02:57 +01:00

CyberMind-FR

adec1144d6

feat: Streamlit ZIP flatten, mitmproxy bot whitelist, Fabricator app

- Add extract_zip_flatten() to Streamlit RPCD for nested ZIP handling
- Add bot whitelist to mitmproxy WAF (Facebook, Google, Bing crawlers)
- Skip threat detection for whitelisted legitimate crawlers
- Track Fabricator app and stats evolution in HISTORY.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-07 09:59:20 +01:00

3 Commits