hi Alex,
A lot of thanks for replying. By an HTTP protocol engine I was referring
to a piece of code that actually understands HTTP, decodes into various
structures and then could be tested through various security checks. One
of this includes URL encoding based attacks. Extraction means out of
complete HTTP payload, extraction of URL part.....
Well, I have really gone about searching for some good amount of time and
trials/experirments in using code/routines. You are right in saying that
various routines and codes are available but most of these codes are
either just code (not understandable) or using native APIs, extensions
which may not be plugged currently in our software. Thats why I had
specifically mentioned abt (C/C++)....so its like a library exisitng
through which I can parse URLs, decode various encoding schemes being used
and perform security checks.....
I have actually tried libcurl, libwww, but these come with client side
APIs, through which we can frame URLs, Perl modules at CPAN provides
URI::URL module which I am currently exploring.....
so if you have some idea on the above, I would be eagerly looking for your
mail....
thanks Alex,
thanks list
regds,
Mayank
On Mon, 1 Nov 2004, Alex Russell wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 26 October 2004 12:06 am, Mayank Bhatnagar wrote:
I am working towards URL Encoding and Decoding based attacks. A
nice paper could be read from here...
http://www.technicalinfo.net/papers/URLEmbeddedAttacks.html
Agreed. Gunter appears to cover most of the bases here. Nice to see a
treatment that includes IPv6.
To carry out on ths work, I have implemented a HTTP protocol engine
and I am able to extract a complete URL string. This I am doing
using C++/Unix environment.
What does that mean? What does "extract" mean? And how is this
different from any other regexp that matches URI schemes (of which
there are many of varying quality)? What are you extracting from?
HTTP headers?
Now my question is, I would like to know if there are some
libraries exisiting using which I can decode the captured URLs. I
wish to use the library (preferably in C/C++) and then proceed to
find the attack patterns in them.
Here's where you're starting to get on my nerves. A quick google
search turns up TONS of urldecoding/encoding routines (again, of
varying quality). I've you've already searched through these, please
mention which you've looked at before requesting blankly that the
members of this list do the most basic research imagineable for you.
Can any one provide some links/references....
http://www.google.com
http://groups.google.com
- --
Alex Russell
alex@dojotoolkit.org
alex@netWindows.org F687 1964 1EF6 453E 9BD0 5148 A15D 1D43 AB92 9A46
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBhoNioV0dQ6uSmkYRAv1lAJwIGVy2ODJF8CFL2FHqA8cbB2mTpwCfaKm0
qmymficDh7DX2xtdPm4YPPs=
=5Lqc
-----END PGP SIGNATURE-----
