Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/OWASP/raider

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions
https://github.com/OWASP/raider

authentication authorization finite-state-machine fsm hy hylang lisp owasp python raiderauth security

Last synced: 28 days ago
JSON representation

OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions

Awesome Lists containing this project

README

        

![Raider logo](https://raiderauth.com/images/logo/logo.png)

# Quick links

- [Website](https://raiderauth.com/).
- [OWASP page](https://owasp.org/www-project-raider/).
- [Documentation](https://docs.raiderauth.com/en/latest/).
- [Installation](https://docs.raiderauth.com/en/latest/overview/install.html).
- [FAQ](https://docs.raiderauth.com/en/latest/overview/faq.html).
- [Getting started](https://docs.raiderauth.com/en/latest/tutorials/getting_started.html).
- [Architecture](https://docs.raiderauth.com/en/latest/case_studies/architecture.html).
- [Discussions](https://github.com/OWASP/raider/discussions).
- [Issues](https://github.com/OWASP/raider/issues).
- [Twitter](@raiderauth).
- [Fediverse](@[email protected]).

# What is Raider

OWASP Raider was developed with the goal to improve web authentication
testing. By now it has evolved and can be used for all kinds of
stateful HTTP processes. It abstracts the client-server information
exchange as a finite state machine. Each step comprises one request
with inputs, one response with outputs, arbitrary actions to do on the
response, and conditional links to other stages. Thus, a graph-like
structure is created. Raider allows you to simulate complex systems
while allowing you to control each piece of data you get in and out of
the system.

# Graph-like architecture

Raider defines a DSL to describe the information flow between the
client and the server for HTTP processes. Each step of the process is
described by a Flow, which contains the Request with inputs, Response
with outputs, and arbitrary actions including links to other Flows:

![Flows](https://raiderauth.com/images/illustrations/raider_flows.png)

Chaining several Flows together can be used to simulate any stateful
HTTP process. FlowGraphs indicate the starting point. They can be
placed on any Flow. A FlowGraphs runs all Flows in the link until
Success/Failure is returned or if there are no more links.

![Flows and FlowGraphs](https://raiderauth.com/images/illustrations/graph.png)

# Configuration

Raider's configuration is inspired by Emacs. Hylang is used, which is
LISP on top of Python. LISP is used because of its "Code is Data, Data
is Code" property. With the magic of LISP macros generating
configuration automatically becomes easy. Flexibility is in its DNA,
meaning it can be infinitely extended with actual code.
You can use it for example to create, store, reproduce, and share
proof-of-concepts easily for HTTP attacks. With Raider you can also
search through your Projects, filter by hyfile, Flows, FlowGraphs,
etc... Then you run either just one step, or a chain of steps, so you
can automate and run tests on any HTTP process.

![Example hylang configuration](https://raiderauth.com/images/illustrations/config.png)

# Command line interface

You can use it for example to create, store, reproduce, and share
proof-of-concepts easily for HTTP attacks. With Raider you can also
search through your Projects, filter by hyfile, Flows, FlowGraphs,
etc... Then you run either just one step, or a chain of steps, so you
can automate and run tests on any HTTP process.

You can also search through your Projects, filter by hyfile, Flows,
FlowGraphs, etc… Then you run either just one step, or a chain of
steps, so you can automate and run tests the HTTP process.