'Preventing' HTTP Tunneling Direct HTTP for http://www.example.com/ $ nc www.example.com 80 GET / HTTP/1.0 Host: www.example.com HTTP/1.1 200 OK Date: Thu, 25 Sep 2003 20:30:00 GMT Server: Apache Content-Length: 5773 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> ...
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at SecureWorld Expo, 2003.
Presentation created using vim and MagicPoint.