Sign in to follow this  
Followers 0
c0rrupt3d

Http Request

24 posts in this topic

I have a Question. I have been trying to figure out how to do this for along time. When you use a high annomity proxy is dosen't send the HTTP_X_FORWARDED_FOR,

HTTP_VIA and HTTP_PROXY_CONNECTION variables. Now this means My ip will not be anywhere in the header thus hiding my ip and replaceing it with the proxys ip. Now here is my Question. When I view a http header of a web request I make it shows my os, and my browser in the header. Now I want to spoof this or try to. Now when I request a page on the internet here is the header. Now how would I spoof my os and browser. I have messed with the registry and still no luck, I have tried alot. Can someone tell me how it works? I am just wondering. sorry for any misspellings if there are any , Not a good speller.

REQUEST_METHOD = GETREMOTE_ADDR = 217.***.47.***DOCUMENT_ROOT=/home/u9749/helllabs.com.ua/wwwGATEWAY_INTERFACE=CGI/1.1HTTP_ACCEPT=text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.7HTTP_ACCEPT_ENCODING=gzip,deflateHTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5HTTP_CONNECTION=closeHTTP_HOST=www.helllabs.com.uaHTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)HTTP_X_FORWARDED_FOR=217.***.47.***LANG=ru_RU.CP1251MM_CHARSET=CP1251PATH=/usr/local/bin:/usr/bin:/binQUERY_STRING=REMOTE_ADDR=217.***.47.***REMOTE_PORT=25227REQUEST_METHOD=GETREQUEST_URI=/cgi-bin/textenv.plSCRIPT_FILENAME=/home/u9749/helllabs.com.ua/cgi-bin/textenv.plSCRIPT_NAME=/cgi-bin/textenv.plSERVER_ADDR=10.10.10.130SERVER_ADMIN=hostmaster@masterhost.ruSERVER_NAME=helllabs.com.uaSERVER_PORT=80SERVER_PROTOCOL=HTTP/1.1SERVER_SOFTWARE=CoffeeMaker/1.1 (Unix)
0

Share this post


Link to post
Share on other sites
I have a Question. I have been trying to figure out how to do this for along time. When you use a high annomity proxy is dosen't send the HTTP_X_FORWARDED_FOR,

HTTP_VIA and HTTP_PROXY_CONNECTION variables. Now this means My ip will not be anywhere in the header thus hiding my ip and replaceing it with the proxys ip. Now here is my Question. When I view a http header of a web request I make it shows my os, and my browser in the header. Now I want to spoof this or try to. Now when I request a page on the internet here is the header. Now how would I spoof my os and browser. I have messed with the registry and still no luck, I have tried alot. Can someone tell me how it works? I am just wondering. sorry for any misspellings if there are any , Not a good speller.

REQUEST_METHOD = GET

REMOTE_ADDR = 217.***.47.***

DOCUMENT_ROOT=/home/u9749/helllabs.com.ua/www

GATEWAY_INTERFACE=CGI/1.1

HTTP_ACCEPT=text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1

HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.7

HTTP_ACCEPT_ENCODING=gzip,deflate

HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5

HTTP_CONNECTION=close

HTTP_HOST=www.helllabs.com.ua

HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

HTTP_X_FORWARDED_FOR=217.***.47.***

LANG=ru_RU.CP1251

MM_CHARSET=CP1251

PATH=/usr/local/bin:/usr/bin:/bin

QUERY_STRING=

REMOTE_ADDR=217.***.47.***

REMOTE_PORT=25227

REQUEST_METHOD=GET

REQUEST_URI=/cgi-bin/textenv.pl

SCRIPT_FILENAME=/home/u9749/helllabs.com.ua/cgi-bin/textenv.pl

SCRIPT_NAME=/cgi-bin/textenv.pl

SERVER_ADDR=10.10.10.130

SERVER_ADMIN=hostmaster@masterhost.ru

SERVER_NAME=helllabs.com.ua

SERVER_PORT=80

SERVER_PROTOCOL=HTTP/1.1

SERVER_SOFTWARE=CoffeeMaker/1.1 (Unix)

the wonderful program 'wget' allows you to spoof headers and referer urls. check out 'man wget'. :)

0

Share this post


Link to post
Share on other sites

Is the program a text based program and do you have a direct link to it? I did a search on it here -> http://search.yahoo.com/search?fr=fp-pull-web-t&p=man+wget and I clicked on result 1 and 3. It looks like it is a linux application. I have linux on my other side, But it's not connected to the internet yet until i get driverloader installed and configured. Is there a program for windows that does the same thing?

0

Share this post


Link to post
Share on other sites

I suggest you read the official rfc on this, and remember that the prox does have access to your ip simply by you connecting to it.

The http version 1.1 spec would be the best start for you, or if you really want to get back to basics the http version 1 spec.

0

Share this post


Link to post
Share on other sites
I suggest you read the official rfc on this, and remember that the prox does have access to your ip simply by you connecting to it.

The http version 1.1 spec would be the best start for you, or if you really want to get back to basics the http version 1 spec.

I know a proxy has my ip when I connect to it, But when I go to sites my ip is not sent due to it dosen't send the HTTP_X_FORWARDED_FOR,HTTP_VIA and HTTP_PROXY_CONNECTION variables. Also, I know alot about hyper text protocal already and can issue commands directly without using a browser in telnet & So on. I am just wondering, How it 'detects' what kind of os you use. I have a program that uses iexplore that allows you to make a cookie for each site and when you go to there site you can spoof the fields i am wanting to spoof. See I dont understand what a cookie would do with any of that.

0

Share this post


Link to post
Share on other sites

well, you can specify your headers as a command-line arguement. then the program sends said headers.

also, say 'sends said headers' 5x fast.

0

Share this post


Link to post
Share on other sites
well, you can specify your headers as a command-line arguement. then the program sends said headers.

also, say 'sends said headers' 5x fast.

Ok I see, So this program basically let's me to configure what I want into those field for my browser and so on. Now I have one more question, Besides this program what tells windows what kind of browser it is and so on. For ie. I am using netscape where does it say to the header what browser i am using, I mean it must store it in some file or something.

0

Share this post


Link to post
Share on other sites

I would imagine it does this much the same way nmap does, by looking at the traffic and picking it apart using a complicated method of analysis.. or it could just look at your 'user-agent' header and guess ;)

0

Share this post


Link to post
Share on other sites

But then there is the Operating System. I thought the os version was stored in the registry. It Has somehow get the operating system from some source. I mean it just can't guess it... See what I am saying?

0

Share this post


Link to post
Share on other sites

okay, i understand entirely. fire up a traffic analyzer program and look at the headers. this header

HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

is the header that your browser, netscape/mozilla/whatever transmits to remote web servers. if you write or use a little web app that reads back received headers, you will see that. if you use the right proxy, the proxy will forward it's OWN headers. if you use wget correctly, wget can forward the headers that you tell it to (wget is sometimes called a non-interactive web browser).

i once played with http headers so long that it actually destroyed a large portion of my brain cells (so that I could foil whitesword's sig, MWAHAHA). if this doesn't clarify, see if you can state your question more succictly. :)

0

Share this post


Link to post
Share on other sites
But then there is the Operating System. I thought the os version was stored in the registry. It Has somehow get the operating system from some source. I mean it just can't guess it... See what I am saying?

The browser often sends this out in the connection process. I'd mention that some browsers such as Opera have spoof options as well, so you can look into them if you're interested.

0

Share this post


Link to post
Share on other sites

Thanks for your help. I appreciate it. I guess I still dont understand how the browser gets the infromation in the 1st place such as what kind of os your running or so on... I mean does it open the registry and gather the info, store it in a temp. variable and then when it request awebpage sends the headers.

0

Share this post


Link to post
Share on other sites

Yes it can guess it; Most browsers have the host os listed in the agent tag they send out, and tcp/ip is implemented differently on different systems; Its technical but it can be done, that’s how nmap does it.

0

Share this post


Link to post
Share on other sites
Yes it can guess it; Most browsers have the host os listed in the agent tag they send out, and tcp/ip is implemented differently on different systems; Its technical but it can be done, that’s how nmap does it.

the 'nmap' tactic that your refering to is frame size discovery (right?), or how a specific OS handles network traffic. I don't think this is the case on a local browser, as there are plenty of places to get OS info. web browsers probably have access to /proc or the windows registry.

0

Share this post


Link to post
Share on other sites
Yes it can guess it; Most browsers have the host os listed in the agent tag they send out, and tcp/ip is implemented differently on different systems; Its technical but it can be done, that’s how nmap does it.

the 'nmap' tactic that your refering to is frame size discovery (right?), or how a specific OS handles network traffic. I don't think this is the case on a local browser, as there are plenty of places to get OS info. web browsers probably have access to /proc or the windows registry.

Thats what i thought, But then when you change things in the registry it still sends windows xp. Like if you change the version of windows in the Nt key to something else it still says xp. I changed it in the key where the windows version and the registerd owner and so on is stored... If it's not getting it there where is it getting it.

0

Share this post


Link to post
Share on other sites

I know dillo does IPv6, so by tinkering with the dillo source you should be able to pretty much tell it to send and recieve packets as if it were any IP with any header really easily. Are there any windows browsers that are hip to IPv6?

(ermm, this was kinda unclear so I edited it)

Edited by Zeigenfus
0

Share this post


Link to post
Share on other sites
I know dillo does IPv6, so by tinkering with the dillo source you should be able to pretty much tell it to send and recieve packets as if it were any IP with any header really easily. Are there any windows browsers that are hip to IPv6?

(ermm, this was kinda unclear so I edited it)

i have no idea what you mean. send and receive packets as any IP? if you send a packet as an IP that is not your own, the responses will be sent to said IP, not you. also, what does IPV6 have to do with HTTP headers.... maybe I just haven't heard of this?

0

Share this post


Link to post
Share on other sites

I am referring to the ability to modify every single packet sent through an IP based protocol, incoming and outgoing.

0

Share this post


Link to post
Share on other sites
okay, i understand entirely. fire up a traffic analyzer program and look at the headers. this header
HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

is the header that your browser, netscape/mozilla/whatever transmits to remote web servers.

correct...

to see this header in action, check out my error page...notice the "Agent string" field.

http://www.binrev.com/fhqwhgads

It tells the web server what kind of client you are using. The client, programmed around established internet protocols (as White_raven explained) will send that information with each request.

As far as how the client determines your OS to send in that packet (which I think is what you are asking) that is a little tricky. The short answer is that the client polls the system that it is running to determine what Os it is. It may be a simple query to itself (You *did* download an OS specific version right?) So it knows because you downloaded that particular version for that OS and it may be built into the configuration files. If not there, then in Windows, there is always the registry with exact variables. In linux, there is usually some sort of "version" file.

If you want the more technical reason (as far as writing a program to determine the OS), it is the details of the query based on known characteristics of the OS. By default, things like TTL (Time to Live) standards are different on windows versus linux. This is one of many system variables that can be checked to see what the default setting is. By checking all of them, you can get a pretty good idea of what OS they are using and many, many more things! IT is too detailed to discuss here, but if you really want to know, you will need a good programming resource (book, teachers, or web sites) and a good knowledge of hardware as well system variables.

0

Share this post


Link to post
Share on other sites

stank, could you perhaps let me steal the code (I assume it's PHP) that dumps your headers? i've really wanted to write something that would dump ALL received headers from a remote webserver, but I really don't know anything about that type of programming.

also, on a lightly related note, masakari once got some nasty phone calls after scanning for web proxies with nmap. we beleive this was because nmap sends it's own http headers.... ones that are easily detectable. i don't have a webserver to test this on, so someone correct me if i'm wrong.

0

Share this post


Link to post
Share on other sites
stank, could you perhaps let me steal the code (I assume it's PHP) that dumps your headers? i've really wanted to write something that would dump ALL received headers from a remote webserver, but I really don't know anything about that type of programming.

well of course I *would* share, were there anything *to* share.

I simply use the built in functions of apache server...basically an "ECHO" of the proper variable names. Nothing to it!

 <!--#echo var="HTTP_USER_AGENT" -->

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0