[index] [text page] [<<start] [<prev] [next>] [last>>]
Page 32: 'Preventing' HTTP Tunneling (cont)

Page 32

  
  'Preventing' HTTP Tunneling (cont)
  HTTPS uses SSL for encryption
  Proxy must connect client to server, cannot inspect data
  $ nc proxy 3128
  CONNECT home.my_server.net:443 HTTP/1.0
  Proxy-authorization: Basic cmVlZ2VuOnR3aW5z
  User-Agent: Mozilla/3.01Gold (X11; I; HP-UX A.09.05 9000/770)
  HTTP/1.0 200 Connection established
  SSH-1.99-OpenSSH_3.7.1p2
  Solution?
  Block the CONNECT method.
  Create angry employees.

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at SecureWorld Expo, 2003.

Presentation created using vim and MagicPoint.