While HTTP is defined in RFC2616 (HTTP/1.1) the specification does not address every tiny detail. This makes browsers behave similar for the usual HTTP traffic, but they differ in behavior regarding unusual or invalid traffic.
The same interpretation problems can be seen in security systems, e.g. Intrusion Detection Systems (IDS), proxies or firewalls. Thus differences in the interpretation of HTTP leave enough room for circumventing these security systems.
This module contains predefined tests to generate dubious HTTP responses. The distribution contains also a script dubious_http.pl which can be used as an HTTP server to serve these dubious HTTP responses. It can alternativly be used to generate pcap-Files containing the dubious HTTP traffic, which instead of life traffic can be fed for analysis into IDS systems.
dubious_http.pl
Right now the following major tests are defined:
These tests have shown a variety of differences among browsers and IDS regarding the use of chunked encoding. For example they differ, if Transfer-Encoding chunked is specified within an HTTP/1.0 response (chunked is defined for HTTP/1.1 only) or if not specified as "chunked", but as "chunked xx" or similar.
Various compression schemas, invalid schemas, combining schemas etc get tested. These tests also show a variety of behavior among browsers and IDS.
The interpretation of multipart MIME-Messages differs a lot between browsers. While some don't interprete multipart messages at all, others simply take the last part and some even interprete Content-Transfer-Encoding information.
These tests check the behavior, if the server sends only partial responses back, even if the client did not ask for partial response. With luck the client tries to resume starting with the given position.
http://noxxi.de/research/http-evader.html http://noxxi.de/research/semantic-gap.html
Steffen Ullrich, 2013..2015
To install App::DubiousHTTP, copy and paste the appropriate command in to your terminal.
cpanm
cpanm App::DubiousHTTP
CPAN shell
perl -MCPAN -e shell install App::DubiousHTTP
For more information on module installation, please visit the detailed CPAN module installation guide.