Penetration Testing mailing list archives
Re: Entity tags as an HTTP covert channel
From: Maarten Van Horenbeeck <maarten () daemon be>
Date: Sat, 03 Jun 2006 08:19:00 +0800
Thank you Robert,
By using randomized Byte-range's you'll also be able to fool many Web Application Firewalls, and IDS systems flagging on response signature based vulnerabilities.
My initial goal was to fool the proxy, as I expected some would merge many different partial downloads for the same file into one 200 response to make the logs more readable. I did not however find any proxy application/appliance that summarized in this way. Nevertheless, it remains a lot more covert than seeing data in the request string. It's also quite easy to merge your data into an Apache or IIS compliant entity tag. The only drawback you have there is that you're restricting the bandwidth of your tunnel. Best regards, Maarten -- Maarten Van Horenbeeck, CISSP GCIA GCIH maarten () daemon be - http://www.daemon.be/maarten ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Entity tags as an HTTP covert channel Maarten Van Horenbeeck (Jun 01)
- RE: Entity tags as an HTTP covert channel Bob Auger (Jun 02)
- Re: Entity tags as an HTTP covert channel Maarten Van Horenbeeck (Jun 02)
- RE: Entity tags as an HTTP covert channel Bob Auger (Jun 02)