CyberMind-FR
64bfeccfdb
New WAF categories for VoIP and Jabber security: - voip: SIP header injection, ARI command injection, FreePBX RCE, AMI web access, multipart traversal, Digest auth attacks - xmpp: XSS in messages/presence, BOSH hijack, XXE via XInclude, WebSocket XSS, HTTP upload abuse, null byte in JID - cve_voip: Asterisk PJSIP crash (CVE-2021-26906), negative CL DoS, Via header overflow, Route header crash, SDP buffer overflow, CSeq method overflow, FreePBX/Kamailio/OpenSIPS CVEs - cve_xmpp: Prosody namespace confusion, stream DoS, upload DoS, ejabberd disco leak, Converse.js XSS, Strophe.js parsing crash, Tigase unauth user creation Also added: - UCI waf_rules section with toggles for all 12 categories - Auto-ban options for VoIP/XMPP attack patterns - Updated waf-sync script for new categories Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
45 lines
1.5 KiB
Bash
Executable File
45 lines
1.5 KiB
Bash
Executable File
#!/bin/sh
|
|
# Sync mitmproxy WAF config from UCI to JSON
|
|
|
|
CONFIG_FILE="/srv/mitmproxy/waf-config.json"
|
|
|
|
# Read UCI values
|
|
enabled=$(uci -q get mitmproxy.waf_rules.enabled || echo 1)
|
|
sqli=$(uci -q get mitmproxy.waf_rules.sqli || echo 1)
|
|
xss=$(uci -q get mitmproxy.waf_rules.xss || echo 1)
|
|
lfi=$(uci -q get mitmproxy.waf_rules.lfi || echo 1)
|
|
rce=$(uci -q get mitmproxy.waf_rules.rce || echo 1)
|
|
cve_2024=$(uci -q get mitmproxy.waf_rules.cve_2024 || echo 1)
|
|
scanners=$(uci -q get mitmproxy.waf_rules.scanners || echo 1)
|
|
webmail=$(uci -q get mitmproxy.waf_rules.webmail || echo 1)
|
|
api_abuse=$(uci -q get mitmproxy.waf_rules.api_abuse || echo 1)
|
|
voip=$(uci -q get mitmproxy.waf_rules.voip || echo 1)
|
|
xmpp=$(uci -q get mitmproxy.waf_rules.xmpp || echo 1)
|
|
cve_voip=$(uci -q get mitmproxy.waf_rules.cve_voip || echo 1)
|
|
cve_xmpp=$(uci -q get mitmproxy.waf_rules.cve_xmpp || echo 1)
|
|
|
|
# Convert to JSON booleans
|
|
to_bool() { [ "$1" = "1" ] && echo "true" || echo "false"; }
|
|
|
|
cat > "$CONFIG_FILE" << EOF
|
|
{
|
|
"enabled": $(to_bool $enabled),
|
|
"categories": {
|
|
"sqli": $(to_bool $sqli),
|
|
"xss": $(to_bool $xss),
|
|
"lfi": $(to_bool $lfi),
|
|
"rce": $(to_bool $rce),
|
|
"cve_2024": $(to_bool $cve_2024),
|
|
"scanners": $(to_bool $scanners),
|
|
"webmail": $(to_bool $webmail),
|
|
"api_abuse": $(to_bool $api_abuse),
|
|
"voip": $(to_bool $voip),
|
|
"xmpp": $(to_bool $xmpp),
|
|
"cve_voip": $(to_bool $cve_voip),
|
|
"cve_xmpp": $(to_bool $cve_xmpp)
|
|
}
|
|
}
|
|
EOF
|
|
|
|
echo "[WAF] Config synced to $CONFIG_FILE"
|