Application Layer Covert Channel Analysis and ... - Bill Buchanan
Application Layer Covert Channel Analysis and ... - Bill Buchanan
Application Layer Covert Channel Analysis and ... - Bill Buchanan
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Z. Kwecka, BSc (Hons) Network Computing, 2006 86///If there's an error while processing the HTTP request or when connectingto the remote server, the Proxy sends a "400 - Bad Request" error to theclient.private void ProcessQuery(string Query){HeaderFields = ParseQuery(Query);HeaderFieldsSignature = ParseQuerySignature(Query);if (HeaderFields == null || !HeaderFields.ContainsKey("Host")){SendBadRequest();return;}//implement filterstring filterName;string filterValue;int Ret;if(ConsoleBuffer.filter != ""){Ret = ConsoleBuffer.filter.IndexOf(":");if (Ret > 0 && Ret < ConsoleBuffer.filter.Length - 1){try{filterName = ConsoleBuffer.filter.Substring(0, Ret).ToLower();filterValue = ConsoleBuffer.filter.Substring(Ret + 1).ToLower().Trim();if((filterName == "requestpath" &&RequestedPath.ToLower().IndexOf(filterValue)>=0) ||(filterName == "requesttype" &&HttpRequestType.ToLower().IndexOf(filterValue)>=0) ||(filterName == "requestversion" &&HttpVersion.ToLower().IndexOf(filterValue)>=0)){ConsoleBuffer.buffer.Add(ConsoleBuffer.filter + " DETECTED");SendBlockedRequest();return;}else if(HeaderFields.ContainsKey(filterName) &&HeaderFields[filterName].ToLower().IndexOf(filterValue)>=0){ConsoleBuffer.buffer.Add(ConsoleBuffer.filter + " DETECTED");SendBlockedRequest();return;}}catch {}}}//implement signature checkingstring signature = "";if(true){Ret = ConsoleBuffer.filter.IndexOf(":");if (true){try{//Operaif(HeaderFieldsSignature.ContainsKey("User-Agent") &&Convert.ToInt16(HeaderFieldsSignature["User-Agent"])==0){if((HeaderFields.ContainsKey("Connection") &&HeaderFields["Connection"].IndexOf("Keep-Alive")>=0)||(HeaderFields.ContainsKey("Proxy-Connection") && HeaderFields["Proxy-Connection"].IndexOf("Keep-Alive")>=0)||HttpVersion == "HTTP/1.0"){signature = "opera";}}