Re: Re: HTTP tunneling to bypass proxy filter

From: uglyhunK@xxxxxxxxxxxxxx
Date: 5 May 2008 10:39:11 -0000

I guess you mean to say, every HTTP request that is sent to the corporate proxy should have a fingerprint of the browser and it should be matched everytime the proxy forwards the request.

No browser supports that feature yet and for a good reason bcoz it doesn't make sense. One can add the browser's fingerprint in the tunneling client request and fool the proxy.

The fact that I have been using successfully without alarming any device is the proof that HTTP tunneling is one of the fact best ways to bypass the filtering proxies.

Prev by Date: Re: Windows 2003 auditing tools?
Next by Date: Photos and Presentation Materials from HITBSecConf2008 - Dubai Released
Previous by thread: Re: Fwd: SAP information sniffing - need help
Next by thread: Photos and Presentation Materials from HITBSecConf2008 - Dubai Released
Index(es):
- Date
- Thread

Relevant Pages

How to send response headers from proxy to browser?
... The proxy server intercepts every request from the ... browser and redirect it to www.yahoo.com. ... should we do to send the response headers from proxy? ...
(comp.lang.java.programmer)
Re: writing a proxy ..
... the browser but I get a BAD REQUEST. ... I dont quite understand your code, To clear things up, is this code for an http proxy? ... if so why does the request originate with the proxy and where does your browser come into it. ... Can you explain the architecture of this thing, I usually expect there to be a Client talking to a Proxy which relays the request to a Server. ...
(comp.lang.java.programmer)
Re: ecommerce / ssl over 3g ?
... The only way for a proxy to intercept a request in this way is for it to pass the request to the server, decrypt it and then re-encrypt in its own SSL channel - at which point the encrypting certificate would not match the site certificate and the browser would complain bitterly. ... The only way 3 could make this work is by having their own key set as a trusted signing authority in every single client which would be accessing the internet through their proxy, including every browser on a computer that could be connected through a phone, and then generate ...
(uk.telecom.mobile)
Re: Secure Web Proxy als Open Source?
... Ja, auf dem Proxy. ... Im wirklichen Leben ist es doch aber so, daß ein Browser ... Zertifikat prüft und nicht nur den Fingerprint. ... zu reden, der nur behauptet, die Bank zu sein. ...
(de.comp.security.misc)
Re: Reading HTTP request using InputStream
... I'm using Inputstream to read an HTTP request from my browser (i'm ... There is more advanced code for a proxy. ... But anyway you should implement a timeout in case the browser aborts the request, or the connection is lost before end of the request/answer. ...
(comp.lang.java.programmer)