A comprehensive automated security testing tool designed to detect business logic vulnerabilities in web applications through intelligent request replay and response analysis.
The Business Logic Anomaly Detector is an advanced security testing platform that identifies potential vulnerabilities by analyzing differences between original and modified HTTP requests. It specializes in detecting:
- Unauthorized Access: Authentication and authorization bypasses
- Privilege Escalation: Role-based access control violations
- Parameter Tampering: Input validation and business logic flaws
- Sequence Manipulation: Workflow and state management vulnerabilities
- Advanced anomaly detection algorithms with confidence scoring
- Machine learning-based pattern recognition
- Risk assessment and vulnerability classification
- Real-time analysis with detailed reporting
- Modern, responsive React-based dashboard
- Real-time monitoring and status updates
- Interactive data visualizations and charts
- Comprehensive flow management system
- Executive summary reports with risk scoring
- Detailed technical findings with recommendations
- Timeline analysis and trend detection
- Comparative analysis across multiple flows
- Export capabilities (HTML, JSON, PDF)
- RESTful API with comprehensive endpoints
- Scalable database design with SQLite/PostgreSQL support
- Modular architecture for easy extension
- Docker containerization support
- Production deployment ready
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Frontend β β Backend API β β Database β
β (React) βββββΊβ (Flask) βββββΊβ (SQLite) β
β β β β β β
β β’ Dashboard β β β’ Flow Mgmt β β β’ Flows β
β β’ Flow Mgmt β β β’ Recording β β β’ Requests β
β β’ Recording β β β’ Payload Gen β β β’ Test Cases β
β β’ Replay β β β’ Replay Exec β β β’ Responses β
β β’ Analysis β β β’ Analysis β β β’ Anomalies β
β β’ Reports β β β’ Reporting β β β’ Sessions β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
- Python 3.11+
- Node.js 20+
- npm/pnpm/yarn
-
Clone the repository
git clone <repository-url> cd business-logic-anomaly-detector
-
Set up the backend
cd anomaly_detector_api python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate pip install -r requirements.txt
-
Set up the frontend
cd ../anomaly_detector_frontend npm install npm run build -
Copy frontend build to backend
cp -r dist/* ../anomaly_detector_api/src/static/ -
Start the application
cd ../anomaly_detector_api python src/main.py -
Access the application
- Open your browser to
http://localhost:5000 - The API is available at
http://localhost:5000/api
- Open your browser to
- Navigate to the Flows section
- Click "Create New Flow"
- Enter flow details:
- Name: Descriptive name for your test
- Description: Purpose and scope of testing
- Target Domain: Domain to be tested (e.g.,
api.example.com)
- Select your created flow
- Go to Recording section
- Click "Start Recording"
- Add requests manually or import from tools like Burp Suite/OWASP ZAP
- Stop recording when complete
- Navigate to Payload Generator
- Select requests to generate payloads for
- Choose payload categories:
- String: Boundary testing, injection attempts
- Auth: Authentication bypass, token manipulation
- Parameter: Value tampering, type confusion
- Sequence: Workflow manipulation, state bypass
- Go to Replay Interface
- Select flow and test cases to execute
- Monitor real-time progress
- Review execution results
- Visit Analysis Results section
- Review detected anomalies by severity
- Filter by vulnerability type or confidence score
- Examine detailed findings and recommendations
- Access Reports section
- Select flow for reporting
- Choose report format:
- HTML: Professional formatted report
- JSON: Machine-readable data export
- Executive Summary: High-level overview
- Download or view reports
Currently, the API does not require authentication for development/testing purposes. For production deployment, implement appropriate authentication mechanisms.
http://localhost:5000/api
GET /api/flows # List all flows
POST /api/flows # Create new flow
GET /api/flows/{id} # Get specific flow
PUT /api/flows/{id} # Update flow
DELETE /api/flows/{id} # Delete flowGET /api/recording/status # Get recording status
POST /api/recording/start # Start recording
POST /api/recording/stop # Stop recording
POST /api/recording/request # Add request to recordingPOST /api/payloads/generate/request/{id} # Generate payloads for request
POST /api/payloads/generate/flow/{id} # Generate payloads for flow
GET /api/payloads/rules # Get payload generation rulesPOST /api/replay/flow/{id} # Replay entire flow
POST /api/replay/testcase/{id} # Replay specific test case
GET /api/replay/status/{id} # Get replay statusPOST /api/analysis/flow/{id} # Analyze flow results
GET /api/analysis/anomalies/{id} # Get anomalies for flow
POST /api/analysis/rules # Update detection rulesGET /api/reports/summary/{id} # Get report summary
GET /api/reports/html/{id} # Generate HTML report
GET /api/reports/json/{id} # Generate JSON report
GET /api/reports/executive/{id} # Get executive summary
GET /api/reports/analytics/{id} # Get detailed analyticsPOST /api/flows
Content-Type: application/json
{
"name": "E-commerce API Security Test",
"description": "Comprehensive security testing of shopping cart functionality",
"target_domain": "api.shop.example.com"
}POST /api/recording/request
Content-Type: application/json
{
"method": "POST",
"url": "https://api.shop.example.com/cart/add",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIs..."
},
"body": {
"product_id": 123,
"quantity": 2,
"user_id": 456
}
}By default, the system uses SQLite for simplicity. For production deployments, configure PostgreSQL:
# In src/config.py
DATABASE_URL = "postgresql://user:password@localhost:5432/anomaly_detector"Customize payload generation by modifying rules in src/payload_generation.py:
# Add custom payload rules
custom_rules = {
'category': 'custom',
'type': 'business_logic',
'patterns': [
{'field': 'price', 'values': [-1, 0, 999999]},
{'field': 'quantity', 'values': [-1, 0, 1000000]}
]
}Enhance detection algorithms in src/analysis.py:
# Custom anomaly detection logic
def detect_custom_anomaly(self, original, replayed, test_case):
# Implement custom detection logic
if custom_condition_met(original, replayed):
return AnomalyInfo(
type='custom_anomaly',
severity='High',
description='Custom business logic violation detected',
confidence_score=0.85
)# Run all tests
cd anomaly_detector_api
PYTHONPATH=/path/to/anomaly_detector_api python tests/test_simplified.py
PYTHONPATH=/path/to/anomaly_detector_api python tests/test_api_endpoints.py
# Run specific test categories
python tests/test_simplified.py TestRiskScorer
python tests/test_api_endpoints.py TestAPIValidationThe test suite covers:
- β Risk scoring algorithms (3 tests)
- β Trend analysis (3 tests)
- β Data visualization processing (4 tests)
- β Chart configuration generation (2 tests)
- β Enhanced reporting (3 tests)
- β API endpoint validation (20 tests)
# Start development server
cd anomaly_detector_api
source venv/bin/activate
python src/main.py-
Using Docker (Recommended)
# Build Docker image docker build -t anomaly-detector . # Run container docker run -p 5000:5000 -e FLASK_ENV=production anomaly-detector
-
Using WSGI Server
# Install production server pip install gunicorn # Run with Gunicorn gunicorn --bind 0.0.0.0:5000 --workers 4 src.main:app
-
Environment Variables
export FLASK_ENV=production export DATABASE_URL=postgresql://user:pass@localhost/db export SECRET_KEY=your-secret-key-here
The application is ready for deployment on:
- AWS: EC2, ECS, or Lambda
- Google Cloud: App Engine, Cloud Run, or Compute Engine
- Azure: App Service, Container Instances, or Virtual Machines
- Heroku: Direct deployment with Procfile
- Enable HTTPS/TLS encryption
- Implement authentication and authorization
- Configure rate limiting
- Set up input validation and sanitization
- Enable security headers (HSTS, CSP, etc.)
- Configure CORS appropriately
- Set up logging and monitoring
- Regular security updates and patches
- All sensitive data should be encrypted at rest
- Implement proper session management
- Use secure password hashing (bcrypt, Argon2)
- Regular security audits and penetration testing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
- Follow PEP 8 for Python code
- Use ESLint/Prettier for JavaScript/React code
- Add docstrings for all functions and classes
- Include type hints where appropriate
This project is licensed under the MIT License - see the LICENSE file for details.
- Create an issue for bug reports
- Use discussions for questions and feature requests
- Check existing documentation and FAQ
Common Issues:
-
Port already in use
# Find and kill process using port 5000 lsof -ti:5000 | xargs kill -9
-
Database connection errors
# Reset database rm src/database/anomaly_detector.db python src/database.py # Recreate tables
-
Frontend build issues
# Clear cache and rebuild cd anomaly_detector_frontend rm -rf node_modules dist npm install npm run build
- Machine learning-based anomaly detection
- Integration with CI/CD pipelines
- Multi-tenant support
- Advanced reporting dashboards
- Plugin architecture for custom detectors
- Real-time collaboration features
- Async request processing
- Database query optimization
- Caching layer implementation
- Load balancing support
Built with β€οΈ for the security community
For more information, visit our documentation or contact the development team.
