Fusker is a Node.js security framework that detects and logs various types of attacks like SQL injection, XSS, and LFI. It includes modules called "detectives" that analyze incoming data for attack patterns. If an attack is detected, payloads can execute to handle the response like blacklisting IP addresses. Fusker is lightweight, modular, and easy to integrate into servers and frameworks. It also makes it fun to secure Node.js applications.
17. All your logs are belong to us Logs are saved any time a request is detected. Socket and HTTP attacks are saved in separate files. [- ATTACK DETAILS FOR Fri Aug 12 2011 19:28:33 GMT-0700 (MST) -] --> Detective: SQLi-0 --> Request: GET /index.html?id=1'%20OR%20'1'='1' --> IP: 127.0.0.1 [- END ATTACK DETAILS -]
18. Before switching to Fusker var http = require('http'); var url = require('url'); var sys = require('sys'); var fs = require('fs'); var path = require('path'); var serv = http.createServer(function (req, res) { var file = url.parse(req.url).pathname; if (file === '/') { file = '/index.html'; } fs.readFile(file, function (err, data) { if (!err) { res.writeHead(200); res.write(data, 'utf8'); res.end(); } }); }); serv.listen(8080); io = socketio.listen(serv);
19. After switching to Fusker var fusker = require('fusker'); var server = fusker.http.createServer(8080); var io = fusker.socket.listen(server);
32. Lots of fun to be had messing with people trying to hack you exports.run = function (req, res) { res.writeHead(302, {'Location': 'http://nyan.cat/'}); res.end(); };
33. Take a HWAK at it You think you're a raw dog? You think you can beat fusker? fusker.nodester.com Come at me bro.