Geoff Jones 27 June, 2013

Update To ResponseCoder

An update to ResponseCoder is available to allow manipulation of the HTTP version header - some examples are listed below:

HTTP/1.2 200 OK
HTTP/12345 200 OK
BLAH/1.1 200 OK

A quick test shows all three of the above examples work in the current version of Chrome, Internet Explorer supports the first two cases, whilst Firefox rejects all of them (displaying even the headers in the browser window).

This is significant, as many of the proxies, Intrusion Detection Systems, and next-generation firewalls we test have a fairly standard pattern match for the start of a HTTP response - typically this:

$match = /HTTP\/1\.[01] 200 OK/

In other words, an adversary is likely to be able to bypass many filtering devices, simply by manipulating the version of HTTP in use.

Improve your security

Our experienced team will identify and address your most critical information security concerns.