LogicDetect is an automated business logic flaw detector that uses Machine Learning (ML) to exploit vulnerabilities.
The repository consists of the following key directories:
ML_POC/- Final proof of concept (PoC) implementation of the toolML_attempt/- Early ML model attempts and experiments.MilestonewGUI/- Milestone demonstration with a GUI for testing logic flaws.
Ensure the following dependencies are installed before running the project.
Run the following commands in your terminal:
pip install flask flask-cors
pip install -r requirements.txt(Note: Ensure requirements.txt is in the project root directory.)
- Install the Live Server (Five Server) extension for Visual Studio Code.
- Download and install Graphviz for your operating system.
Follow these steps to clone and set up the repository:
- Open a command prompt or terminal.
- Clone the repository:
git clone https://github.com/wolfhuntme/ICT2214WEBSEC.git
- Initialize Git Large File Storage (LFS):
git lfs install
- Pull large files using Git LFS:
git lfs pull
- Verify that
venv.zip(a Virtual Environment file) is present in the repository.
To run the milestone app demonstration (found in MilestonewGUI/), follow these steps:
- Open a command prompt in Administrator mode.
- Navigate to the milestone directory:
cd MilestonewGUI - Unzip the virtual environment (
venv.zip). - Activate the virtual environment:
- Windows:
venv\Scripts\activate
- Mac/Linux:
source venv/bin/activate
- Windows:
- Start the Flask backend:
python app.py
- Open
gui.htmlusing Live Server via localhost. - Input the target URL to attack/train.
To execute the final version of the ML-based business logic flaw detector (ML_POC/), run:
cd ML_POC
python lstm_execute_RL.py- Ensure you have the correct Python version (recommended: Python 3.8+).
- Use Administrator Mode when necessary to avoid permission issues.
- The tool integrates LSTM-based prediction and Reinforcement Learning to automate web attacks.