Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: HTTP proxy/redirector to a unique virtual host ....

RE: HTTP proxy/redirector to a unique virtual host ....

From: Jeff Gercken <JeffG_at_kizan.com>
Date: Thu, 16 Mar 2006 13:02:19 -0500

I replied directly to Alberto and figured I would send another message
to the group. This should be done with http redirects, not packet
manipulation. Below is a very quick and crude python script that will
do just that. Most browsers will follow the redirect, those that won't
will have to click on the hyperlink. The code should work on just about
anything.

You can use py2exe to roll this up into a win32.exe with all the
necessary libraries. (very kewl)

import BaseHTTPServer
htmlpage="""
<html><head><title>Prepare to be redirected</title>
<META HTTP-EQUIV="Refresh"
      CONTENT="5; URL=http://www.ebay.com">
</head>
<body>
<br>
You will now be redirected. <br>
If your browser doesn't automatically redirect to
its new location, click here.
</body>
</html>
"""
class WelcomeHandler(BaseHTTPServer.BaseHTTPRequestHandler):
        def do_GET(self):
                        self.send_response(303)
                        self.send_header("Content-type", "text/html")
                        self.end_headers()
                        self.wfile.write(htmlpage)
httpserver = BaseHTTPServer.HTTPServer(("",80), WelcomeHandler)
httpserver.serve_forever()

-----Original Message-----
From: davidribyrne_at_yahoo.com [mailto:davidribyrne_at_yahoo.com]
Sent: Wednesday, March 15, 2006 7:53 PM
To: webappsec_at_securityfocus.com
Subject: Re: HTTP proxy/redirector to a unique virtual host ....

Alberto,

It sounds like you're describing a reverse proxy. Squid is an open
source proxy that should be more than sufficient.
http://www.squid-cache.org/. It will also support SSL/TLS with both the
client and content server.

Just so you know, when you say "redirect", that has a special meaning in
HTTP (code 3xx).

David Byrne

------------------------------------------------------------------------
-
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
------------------------------------------------------------------------ 

--
-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Mar 17 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]