A firewall reverse proxy for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks.

Related tags

Network programming log4jail
Overview

log4jail 🛡️

A fast firewall reverse proxy with TLS (HTTPS) and swarm support for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks.

📖 Table of Contents

ℹ️ Introduction

log4jail is a quick and dirty solution to block Log4Shell exploit attempts by acting as a reverse proxy scanning complete request body including all headers and request parameters for log4shell payloads.

💡 You can run multiple instances at once by mapping them by port and target in the configuration file.

The firewall follows the mitigation strategies from Google Cloud.

Installation

Download the binary for your OS from Releases OR Install with cargo:

$ cargo install --git https://github.com/mufeedvh/log4jail.git

Install Rust/Cargo

Build From Source

Prerequisites:

  • Git
  • Rust
  • Cargo (Automatically installed when installing Rust)
  • A C linker (Only for Linux, generally comes pre-installed)
$ git clone https://github.com/mufeedvh/log4jail.git
$ cd log4jail/
$ cargo build --release

The first command clones this repository into your local machine and the last two commands enters the directory and builds the source in release mode.

Quick Start

Just run the command and there will be a boilerplate configuration file in the same working directory called log4jail.json.

$ log4jail

The configuration file looks like this:

{
  "host": "127.0.0.1",
  "enable_https": false,
  "tls_cert_path": "cert.pem",
  "tls_key_path": "key.rsa",
  "reject_response_status": 403,
  "reject_response_body": "This request has been blocked.",
  "proxy_mapping": {
    "1337": "http://127.0.0.1:8080/",
    "6969": "http://127.0.0.1:9000/"
  }
}

Configure the values for your environment and run the command again to spin up the proxy!

Proof of Concept

log4jail blocks all attack vectors from log4j-scan with WAF Bypass mode enabled:

$ python3 log4j-scan.py -u http://127.0.0.1:1337/ --run-all-tests --waf-bypass

Screenshot from 2021-12-15 01-34-30

For Pentesters

If you have found any working Log4Shell payloads that can bypass this firewall, please open an issue.

Just run log4jail on any port and include the payload in the HTTP request for fuzz testing.

You might also like...
Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Proxyswarm Proxyswarm is a lightweight proxy that allows redirect HTTP(S) traffic through a proxy. WARNING: This app isn't recomended for download lar

Jorge Alejandro Jimenez Luna 4 Apr 16, 2022
Web3-proxy: a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers.

web3-proxy Web3-proxy is a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers. Signed transactions (eth_sendRawTrans

null 55 Jan 8, 2023
Utility for working with reverse DNS

RDNS RDNS is a small Rust CLI utility for performing single and bulk reverse DNS (PTR) lookups. Usage RDNS 0.1.0 Joe Banks [email protected] Utilities for

Joe Banks 2 Sep 22, 2021
RedLizard - A Rust TCP Reverse Shell with SSL
RedLizard - A Rust TCP Reverse Shell with SSL

RedLizard - A Rust TCP Reverse Shell with SSL RedLizard Rust TCP Reverse Shell Server/Client This is a reverse shell in Rust called RedLizard, basical

Thanasis Tserpelis 105 Dec 24, 2022
Interactive bind/reverse PTY shell with Windows&Linux support implementation by Rust.
Interactive bind/reverse PTY shell with Windows&Linux support implementation by Rust.

Cliws Lightweight interactive bind/reverse PTY shell with Windows&Linux support implementation by Rust. Features WebSocket Full pty support: VIM, SSH,

b23r0 215 Dec 3, 2021
A fast, offline reverse geocoder in Python
A fast, offline reverse geocoder in Python

Reverse Geocoder A Python library for offline reverse geocoding. It improves on an existing library called reverse_geocode developed by Richard Penman

Ajay Thampi 1.8k Dec 26, 2022
Easy per application transparent proxy built on cgroup.

cproxy can redirect TCP and UDP traffic made by a program to a proxy, without requiring the program supporting a proxy. Compared to many existi

Xiangru Lian 263 Dec 20, 2022
server security proxy write by Rust

server-security-proxy server security proxy write by Rust how to use config toml file

baoyachi. Aka Rust Hairy crabs 3 May 24, 2021
A tcp over http2 + tls proxy

mtunnel A tcp over http2 + tls proxy. Usage 1. get certificates, by following steps. 2. make your config client config: { "local_addr": "127.0.0.1

cssivision 9 Sep 5, 2022
Owner
Mufeed VH
organized chaos.
Mufeed VH
GitHub
Rust implementation of TCP + UDP Proxy Protocol (aka. MMProxy)

mmproxy-rs A Rust implementation of MMProxy! ?? Rationale Many previous implementations only support PROXY Protocol for either TCP or UDP, whereas thi

Saikō Technology 3 Dec 29, 2022
A high performence Socks5 proxy server with bind/reverse support implementation by Rust.

rsocx A high performence Socks5 proxy server with bind/reverse support implementation by Rust Features Async-std No unsafe code Single executable Linu

b23r0 259 Jan 6, 2023
A fast and stable reverse proxy for NAT traversal, written in Rust

rathole A fast and stable reverse proxy for NAT traversal, written in Rust rathole, like frp, can help to expose the service on the device behind the

Yujia Qiao 4.6k Dec 30, 2022
A lightweight Rust reverse proxy.

Brachyura A reverse proxy, which I am primarily using as a Rust / Hyper learning project. I utilize Nginx as part of my home lab providing reverse pro

William Howard 8 Jan 8, 2023
Reverse proxy for HTTP microservices and STDIO. Openfass watchdog which can run webassembly with wasmer-gpu written in rust.

The of-watchdog implements an HTTP server listening on port 8080, and acts as a reverse proxy for running functions and microservices. It can be used independently, or as the entrypoint for a container with OpenFaaS.

yanghaku 7 Sep 15, 2022
A minimal ngrok liked reverse proxy implemented in Rust.

rok A minimal ngrok implementation in Rust, for educational purpose. This work is largely based on rathole, especially the very first commit. Other ho

Kai 3 Jun 21, 2022
A multi-connection TCP reverse proxy server and client.

tprox A multi-connection TCP reverse proxy. The tprox server is able to proxy multiple incoming connections to the tprox client over a single TCP conn

Mohammed Ajmal Siddiqui 4 Sep 21, 2022
Hopper - Fast, configurable, lightweight Reverse Proxy for Minecraft

Hopper Hopper is a lightweight reverse proxy for minecraft. It allows you to connect multiple servers under the same IP and port, with additional func

Pietro 174 Jun 29, 2023
Proxy sentry request to a sentry server using a tunnel/proxy endpoint

Sentry Tunnel This is a proxy that forwards tunneled sentry requests to the real sentry server. The implementation is based on the explanation provide

Paul FLORENCE 14 Dec 20, 2022
UDP proxy with Proxy Protocol and mmproxy support

udppp UDP proxy with Proxy Protocol and mmproxy support. Features Async Support Proxy Protocol V2 SOCKET preserve client IP addresses in L7 proxies(mm

b23r0 10 Dec 18, 2022