Home page logo
/

basics logo Security Basics mailing list archives

Re: HTTP tunneling to bypass proxy filter
From: Patrick Debois <Patrick.Debois () sos be>
Date: Wed, 30 Apr 2008 17:14:14 +0200

uglyhunK wrote:
I took care of all those.

Requests look identical to the ones made by the browser.

Does it make sense to do something like an HTTP-fingerprint for applications? Like in the nmap OS fingerprint for the tcp stack?
Or maybe use this on the http timing level to detect in fact tcp timings?
-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of Albert R. Campa
Sent: Tuesday, April 29, 2008 7:57 PM
To: security-basics () securityfocus com
Subject: Re: Re: HTTP tunneling to bypass proxy filter


Simple Question

Most proxys have User-Agent permit, then deny the rest.

Will your tool have a wierd, NON IE/mozilla standard user agent? If so
its traffic can be detected and blocked.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]