WebApp Sec mailing list archives

RE: HTTP proxy/redirector to a unique virtual host ....

From: "Jeff Gercken" <JeffG () kizan com>
Date: Thu, 16 Mar 2006 13:02:19 -0500

I replied directly to Alberto and figured I would send another message
to the group.  This should be done with http redirects, not packet
manipulation.  Below is a very quick and crude python script that will
do just that.  Most browsers will follow the redirect, those that won't
will have to click on the hyperlink.  The code should work on just about
anything.

You can use py2exe to roll this up into a win32.exe with all the
necessary libraries.  (very kewl)

import BaseHTTPServer
htmlpage="""
<html><head><title>Prepare to be redirected</title>
<META HTTP-EQUIV="Refresh"
      CONTENT="5; URL=http://www.ebay.com";>
</head>
<body>
<br>
You will now be redirected. <br>
If your browser doesn't automatically redirect to
its new location, click <a href="http://www.ebay.com";>here</a>.
</body>
</html>
"""
class WelcomeHandler(BaseHTTPServer.BaseHTTPRequestHandler):
        def do_GET(self):
                        self.send_response(303)
                        self.send_header("Content-type", "text/html")
                        self.end_headers()
                        self.wfile.write(htmlpage)
httpserver = BaseHTTPServer.HTTPServer(("",80), WelcomeHandler)
httpserver.serve_forever()


-----Original Message-----
From: davidribyrne () yahoo com [mailto:davidribyrne () yahoo com] 
Sent: Wednesday, March 15, 2006 7:53 PM
To: webappsec () securityfocus com
Subject: Re: HTTP proxy/redirector to a unique virtual host ....

Alberto,

It sounds like you're describing a reverse proxy. Squid is an open
source proxy that should be more than sufficient.
http://www.squid-cache.org/. It will also support SSL/TLS with both the
client and content server.

Just so you know, when you say "redirect", that has a special meaning in
HTTP (code 3xx).

David Byrne

------------------------------------------------------------------------
-
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gR
l
------------------------------------------------------------------------
--


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

Current thread:

HTTP proxy/redirector to a unique virtual host .... Alberto Paris (Mar 15)
- Re: HTTP proxy/redirector to a unique virtual host .... Luciano Miguel Ferreira Rocha (Mar 16)
- <Possible follow-ups>
- Re: HTTP proxy/redirector to a unique virtual host .... davidribyrne (Mar 16)
- RE: HTTP proxy/redirector to a unique virtual host .... Alan Murphy (Mar 16)
  - Re: HTTP proxy/redirector to a unique virtual host .... Thomas Chiverton (Mar 16)
- Re: HTTP proxy/redirector to a unique virtual host .... John . T . Burkhart (Mar 16)
- RE: HTTP proxy/redirector to a unique virtual host .... Jeff Gercken (Mar 17)