WebApp Sec mailing list archives
SpyWare and HTTP headers
From: Steve McCullough <website () showmethesmut com>
Date: Mon, 06 Sep 2004 12:02:32 -0300
Hi all,I've recently had a flurry of page errors associated with clients who are browsing with FunWebProducts malware installed. There's more about this irritant here: http://forums.spywareinfo.com/index.php?showtopic=15652
Oddly for spyware, FunWebProducts announces its presence in the USER_AGENT header [an actual example: "HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; FunWebProducts)"]. This is doubly odd because it lets you know about the threat and allows server-side response to a client-side privacy-breaking vulnerability. I've added a check for this header as part of my non-secure-side error handling and as part of my secure-side authentication.
HTTP headers are usually only mentioned in discussions of web application security by noting that they are trivial to forge (never trust the client, blah, blah). I was wondering, on the other hand, if anyone has experience with parsing them for info that might be useful as a vulnerability/attack signature at the application level.
Steve -- Steve McCullough Web Developer www.venusenvy.ca www.showmethesmut.com
Current thread:
- Re: Session Management and IP address - experiences?, (continued)
- Re: Session Management and IP address - experiences? Adam Shostack (Sep 05)
- Re: Session Management and IP address - experiences? Frank Knobbe (Sep 04)
- Re: Session Management and IP address - experiences? Adam Shostack (Sep 05)
- RE: Session Management and IP address - experiences? Harry Metcalfe (Sep 04)
- Re: Session Management and IP address - experiences? Viktors Rotanovs (Sep 04)
- Re: Session Management and IP address - experiences? Dave Wichers (Sep 02)
- Re: Session Management and IP address - experiences? Saqib . N . Ali (Sep 04)
- RE: Session Management and IP address - experiences? Mike Randall (Sep 02)
- Session Management and IP address - experiences? Thomas Schreiber (Sep 04)
- Re: Session Management and IP address - experiences? focus (Sep 04)
- Re: Session Management and IP address - experiences? saphyr (Sep 05)
- SpyWare and HTTP headers Steve McCullough (Sep 06)
- Re: Session Management and IP address - experiences? saphyr (Sep 05)
- RE: Session Management and IP address - experiences? Fling, Steven (Sep 04)
- re: Session Management and IP address - experiences? eax (Sep 04)