OWASP Raider - A novel framework for manipulating the HTTP processes of persistent sessions.

This is a framework initially designed to test and automate the authentication process for web applications, and by now it has evolved and can be used for all kinds of stateful HTTP processes. It abstracts the client-server information exchange as a finite state machine. Each step comprises one request with inputs, one response with outputs, arbitrary actions to do on the response, and conditional links to other stages. Thus, a graph-like structure is created.

Graph-like structure

Raider defines a DSL to describe the client-server information exchange of arbitrary complexity. It can be infinitely extended since its configuration file is written in real code and not just static files.

Flows

You can automate complex workflows by linking Flows between each other and defining the starting flow as a pointer for a FlowGraph. From the command line, you can then run either one single Flow, a FlowGraph (follow Next links till the end or upon Success/Failure) or a combination of those.

Chain Flows together in a Graph Structure

Configuration

Raider’s configuration is inspired by Emacs. Hylang is used, which is LISP on top of Python. LISP is used because of its “Code is Data, Data is Code” property. With the magic of LISP macros generating configuration automatically becomes easy. Flexibility is in its DNA, meaning it can be infinitely extended with actual code. LISP macros can be used to autogenerate pieces of code and automate parts of your workflow.

Example hylang configuration

Command line interface

You can use it for example to create, store, reproduce, and share proof-of-concepts easily for HTTP attacks. With Raider you can also search through your Projects, filter by hyfile, Flows, FlowGraphs, etc… Then you run either just one step, or a chain of steps, so you can automate and run tests on any HTTP process.

You can also search through your Projects, filter by hyfile, Flows, FlowGraphs, etc… Then you run either just one step, or a chain of steps, so you can automate and run tests the HTTP process.

Chaostreff Potsdam Presentation

Features

Extensible Graph-like architecture

Chain many steps conditionally in any arbitrarily complex system. Raider was developed with modularity in mind, and adding new features is easy without messing with the main code.

Hylang (Lisp) configuration

Using Lisp for the configuration makes it possible to define even the most complex HTTP systems in an easy to understand format.

Reproducible attacks in cleartext

With Raider it's possible to represent HTTP based attacks in cleartext format (not limited to authentication).

Finite state machine modelling

By abstracting the HTTP process using finite state machines, Raider allows defining unlimited steps, with unlimited inputs/outputs and conditionally deciding the next steps.

Interact with individual elements

Raider abstracts the information exchange with a LISP-based DSL, and the user can interact with all involved elements.

Fuzz arbitrary inputs (WIP)

Fuzz any defined input. This part is unfunctional for now and it's still work in progress.