WebApp Sec mailing list archives
RE: HTTP proxy/redirector to a unique virtual host ....
From: "Jeff Gercken" <JeffG () kizan com>
Date: Thu, 16 Mar 2006 13:02:19 -0500
I replied directly to Alberto and figured I would send another message to the group. This should be done with http redirects, not packet manipulation. Below is a very quick and crude python script that will do just that. Most browsers will follow the redirect, those that won't will have to click on the hyperlink. The code should work on just about anything. You can use py2exe to roll this up into a win32.exe with all the necessary libraries. (very kewl) import BaseHTTPServer htmlpage=""" <html><head><title>Prepare to be redirected</title> <META HTTP-EQUIV="Refresh" CONTENT="5; URL=http://www.ebay.com"> </head> <body> <br> You will now be redirected. <br> If your browser doesn't automatically redirect to its new location, click <a href="http://www.ebay.com">here</a>. </body> </html> """ class WelcomeHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(self): self.send_response(303) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(htmlpage) httpserver = BaseHTTPServer.HTTPServer(("",80), WelcomeHandler) httpserver.serve_forever() -----Original Message----- From: davidribyrne () yahoo com [mailto:davidribyrne () yahoo com] Sent: Wednesday, March 15, 2006 7:53 PM To: webappsec () securityfocus com Subject: Re: HTTP proxy/redirector to a unique virtual host .... Alberto, It sounds like you're describing a reverse proxy. Squid is an open source proxy that should be more than sufficient. http://www.squid-cache.org/. It will also support SSL/TLS with both the client and content server. Just so you know, when you say "redirect", that has a special meaning in HTTP (code 3xx). David Byrne ------------------------------------------------------------------------ - This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR l ------------------------------------------------------------------------ -- ------------------------------------------------------------------------- This List Sponsored by: SpiDynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- HTTP proxy/redirector to a unique virtual host .... Alberto Paris (Mar 15)
- Re: HTTP proxy/redirector to a unique virtual host .... Luciano Miguel Ferreira Rocha (Mar 16)
- <Possible follow-ups>
- Re: HTTP proxy/redirector to a unique virtual host .... davidribyrne (Mar 16)
- RE: HTTP proxy/redirector to a unique virtual host .... Alan Murphy (Mar 16)
- Re: HTTP proxy/redirector to a unique virtual host .... Thomas Chiverton (Mar 16)
- Re: HTTP proxy/redirector to a unique virtual host .... John . T . Burkhart (Mar 16)
- RE: HTTP proxy/redirector to a unique virtual host .... Jeff Gercken (Mar 17)