Bugtraq mailing list archives
Re: Bypassing of web filters by using ASCII
From: Kurt Huwig <k.huwig () iku-ag de>
Date: Thu, 22 Jun 2006 01:23:20 +0200
Paul schrieb:
Very interesting, indeed. Does this work with functional characters such as html brackets? What about html tag obfuscation (bypassing script filters such as those in place at hotmail)?
This works for the whole set of ASCII characters. I was able to create a HTML page where the MSB was set on all bytes of the file, i.e. also all brackets, and it worked fine with IE. I did not check hotmail's script filters.
Nice find.
Thanks. I happened to read Wikipedia's ASCII page on my lunch time and stumbled upon "the eighth bit was commonly used as a parity bit for error checking on communication lines or other device-specific functions. Machines which did not use parity typically set the eighth bit to zero, though some systems such as Prime machines running PRIMOS set the eighth bit of ASCII characters to one." Then I was curious what our browsers do with this. The hardest thing was to get the test page up; the PrintWriter used by JSP deletes the MSB, so I had to use a servlet. -- Kurt Huwig iKu Systemhaus AG http://www.iku-ag.de/ Vorstand Am Römerkastell 4 Telefon 0681/96751-0 66121 Saarbrücken Telefax 0681/96751-66 GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Bypassing of web filters by using ASCII k . huwig (Jun 21)
- Re: Bypassing of web filters by using ASCII Fixer (Jun 21)
- Re: Bypassing of web filters by using ASCII Paul (Jun 21)
- Re: Bypassing of web filters by using ASCII Kurt Huwig (Jun 22)
- Re: Bypassing of web filters by using ASCII Amit Klein (AKsecurity) (Jun 22)
- RE: Bypassing of web filters by using ASCII James C. Slora Jr. (Jun 23)
- RE: Bypassing of web filters by using ASCII Amit Klein (AKsecurity) (Jun 26)
- RE: Bypassing of web filters by using ASCII RSnake (Jun 26)
- Re: Bypassing of web filters by using ASCII Hubert Seiwert (Jun 27)
- RE: Bypassing of web filters by using ASCII James C. Slora Jr. (Jun 26)
- Re: Bypassing of web filters by using ASCII Paul (Jun 21)
- Re: Bypassing of web filters by using ASCII Fixer (Jun 21)
- Re: Bypassing of web filters by using ASCII Thor (Hammer of God) (Jun 23)
- Re: Bypassing of web filters by using ASCII Kurt Huwig (Jun 22)
- Re: Bypassing of web filters by using ASCII David Huecking (Jun 26)