LightBulb Framework – Tools For Auditing WAFS

LightBulb Framework - Tools For Auditing WAFS

LightBulb is an open supply python framework for auditing net software firewalls and filters.

The framework consists of two most important algorithms:

  • GOFA: An energetic studying algorithm that infers symbolic representations of automata in the usual membership/equivalence question mannequin.
    Active studying algorithms permits the evaluation of filter and sanitizer applications remotely, i.e. given solely the flexibility to question the focused program and observe the output.
  • SFADiff: A black-field differential testing algorithm primarily based on Symbolic Finite Automata (SFA) studying
    Finding variations between applications with related performance is a crucial safety downside as such variations can be utilized for fingerprinting or creating evasion assaults towards safety software program like Web Application Firewalls (WAFs) that are designed to detect malicious inputs to net purposes.

Web Applications Firewalls (WAFs) are basic constructing blocks of recent software safety. For instance, the PCI customary for organizations dealing with bank card transactions dictates that any software dealing with the web needs to be both protected by a WAF or efficiently go a
code review course of. Nevertheless, regardless of their recognition and significance, auditing net software firewalls stays a difficult and complicated job. Finding assaults that bypass the firewall normally requires skilled area information for a particular vulnerability class. Thus, penetration testers not armed with this information are left with publicly obtainable lists of assault strings, just like the XSS Cheat Sheet, that are normally inadequate for completely evaluating the safety of a WAF product.

Commands Usage
Main interface instructions:

Command Description
core Shows obtainable core modules
utils Shows obtainable question handlers
data <module> Prints module data
library Enters library
modules Shows obtainable software modules
use <module> Enters module
begin <moduleA> <moduleB> Initiate algorithm
assist Prints assist
standing Checks and installs required packages
full Prints bash completion command

Module instructions:

Command Description
again Go again to most important menu
data Prints present module data
library Enters library
choices Shows obtainable choices
outline <possibility> <worth> Set an possibility worth
begin Initiate algoritm
full Prints bash completion command

Library instructions:

Command Description
again Go again to most important menu
data <foldermodule> Prints requested module data (folder have to be positioned in lightbulb/knowledge/)
cat <foldermodule> Prints requested module (folder have to be positioned in lightbulb/knowledge/)
modules <folder> Shows obtainable library modules within the requested folder (folder have to be positioned in lightbulb/knowledge/)
search <key phrases> Searches obtainable library modules utilizing comma separated key phrases
full Prints bash completion command


Prepare your system
First it’s important to confirm that your system helps flex, python dev, pip and construct utilities:
For apt platforms (ubuntu, debian…):

    sudo apt-get set up flex
 sudo apt-get set up python-pip
 sudo apt-get set up python-dev
 sudo apt-get set up construct-important

(Optional for apt) If you need to add help for MySQL testing:

    sudo apt-get set up libmysqlclient-dev

For yum platforms (centos, redhat, fedora…) with already put in the additional packages repo (epel-launch):

 sudo yum set up -y python-pip
 sudo yum set up -y python-devel
 sudo yum set up -y wget
 sudo yum groupinstall -y 'Development Tools'

(Optional for yum) If you need to add help for MySQL testing:

 sudo yum set up -y mysql-devel 
 sudo yum set up -y MySQL-python

Install Lightbulb
In order to make use of the applying with out full bundle set up:

git clone
cd lightbulb-framework
lightbulb standing

In order to carry out full bundle set up. You can even set up it from pip repository. This requires first to put in the newest setuptools model:

pip set up setuptools --upgrade
pip set up lightbulb-framework
lightbulb standing

If you need to use virtualenv:

pip set up virtualenv
virtualenv env
supply env/bin/activate
pip set up lightbulb-framework
lightbulb standing

The “lightbulb status” command will information you to put in MySQLdb and OpenFst help. If you employ virtualenv in linux, the “sudo” command will likely be required just for the set up of libmysqlclient-dev bundle.
It needs to be famous that the “lightbulb status” command will not be crucial if you’re going to use the Burp Extension. The purpose is that this command installs the “openfst” and “mysql” bindings and the extension by default is utilizing Jython, which doesn’t help C bindings. It is really helpful to make use of the command solely if you wish to change the Burp extension configuration from the settings and allow the native help.
It can also be doable to make use of a docker occasion:

docker pull lightbulb/lightbulb-framework

Install Burp Extension
If you want to use the brand new GUI, you should use the extension for the Burp Suite. First it’s important to setup a working setting with Burp Proxy and Jython

  • Download the newest Jython from here
  • Find your native python packages set up folder*
  • Configure Burp Extender to make use of these values, as proven beneath*

  • Select the brand new LightBulb module (“”) and set the extension kind to be “Python”

*You can ignore this step, and set up the standalone model which incorporates all of the required python packages included. You can obtain it here

Check out the Wiki page for utilization examples.


  • George Argyros
  • Ioannis Stais
  • Suman Jana
  • Angelos D. Keromytis
  • Aggelos Kiayias


  • G. Argyros, I. Stais, S. Jana, A. D. Keromytis, and A. Kiayias. 2016. SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16). ACM, New York, NY, USA, 1690-1701. doi: 10.1145/2976749.2978383
  • G. Argyros, I. Stais, A. Kiayias and A. D. Keromytis, “Back in Black: Towards Formal, Black Box Analysis of Sanitizers and Filters,” 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, 2016, pp. 91-109. doi: 10.1109/SP.2016.14


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.