Re: regarding URL Encoding based attacks

[Alex Russell <alex () dojotoolkit org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 26 October 2004 12:06 am, Mayank Bhatnagar wrote:
> I am working towards URL Encoding and Decoding based attacks. A
> nice paper could be read from here...
>
> http://www.technicalinfo.net/papers/URLEmbeddedAttacks.html

Agreed. Gunter appears to cover most of the bases here. Nice to see a 
treatment that includes IPv6.

> To carry out on ths work, I have implemented a HTTP protocol engine
> and I am able to extract a complete URL string. This I am doing
> using C++/Unix environment.

What does that mean? What does "extract" mean? And how is this 
different from any other regexp that matches URI schemes (of which 
there are many of varying quality)? What are you extracting from? 
HTTP headers?

> Now my question is, I would like to know if there are some
> libraries exisiting using which I can decode the captured URLs. I
> wish to use the library (preferably in C/C++) and then proceed to
> find the attack patterns in them.

Here's where you're starting to get on my nerves. A quick google 
search turns up TONS of urldecoding/encoding routines (again, of 
varying quality). I've you've already searched through these, please 
mention which you've looked at before requesting blankly that the 
members of this list do the most basic research imagineable for you.

> Can any one provide some links/references....

http://www.google.com
http://groups.google.com

- -- 
Alex Russell
alex () dojotoolkit org
alex () netWindows org F687 1964 1EF6 453E 9BD0 5148 A15D 1D43 AB92 9A46
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBhoNioV0dQ6uSmkYRAv1lAJwIGVy2ODJF8CFL2FHqA8cbB2mTpwCfaKm0
qmymficDh7DX2xtdPm4YPPs=
=5Lqc
-----END PGP SIGNATURE-----