Security Basics mailing list archives
Re: HTTP tunneling to bypass proxy filter
From: Patrick Debois <Patrick.Debois () sos be>
Date: Wed, 30 Apr 2008 17:14:14 +0200
uglyhunK wrote:
I took care of all those. Requests look identical to the ones made by the browser.
Does it make sense to do something like an HTTP-fingerprint for applications? Like in the nmap OS fingerprint for the tcp stack?
Or maybe use this on the http timing level to detect in fact tcp timings?
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Albert R. Campa Sent: Tuesday, April 29, 2008 7:57 PM To: security-basics () securityfocus com Subject: Re: Re: HTTP tunneling to bypass proxy filter Simple Question Most proxys have User-Agent permit, then deny the rest. Will your tool have a wierd, NON IE/mozilla standard user agent? If so its traffic can be detected and blocked.
Current thread:
- RE: HTTP tunneling to bypass proxy filter, (continued)
- RE: HTTP tunneling to bypass proxy filter Hayes, Ian (Apr 22)
- Re: HTTP tunneling to bypass proxy filter Tsu (Apr 22)
- Re: HTTP tunneling to bypass proxy filter Siddharth Upmanyu (Apr 22)
- Re: HTTP tunneling to bypass proxy filter Siddharth Upmanyu (Apr 22)
- Re: HTTP tunneling to bypass proxy filter Francisco Neira Basso (Apr 22)
- Re: HTTP tunneling to bypass proxy filter p1g (Apr 23)
- Re: HTTP tunneling to bypass proxy filter Francisco Neira Basso (Apr 22)
- RE: HTTP tunneling to bypass proxy filter uglyhunK (Apr 22)
- Re: Re: HTTP tunneling to bypass proxy filter uglyhunK (Apr 24)
- Re: Re: HTTP tunneling to bypass proxy filter Albert R. Campa (Apr 29)
- RE: Re: HTTP tunneling to bypass proxy filter uglyhunK (Apr 30)
- Re: HTTP tunneling to bypass proxy filter Patrick Debois (Apr 30)
- Re: Re: HTTP tunneling to bypass proxy filter Albert R. Campa (Apr 29)