Re: [PEN-TEST] websence bypass ?

From: Beauregard, Claude Q (CQBeauregardat_private)
Date: Thu Apr 26 2001 - 08:18:09 PDT

Next message: Mike Kikkert: "Re: [PEN-TEST] websence bypass ?"

Previous message: Joseph Nicholas Yarbrough: "[PEN-TEST] "Intercept""
Maybe in reply to: francois RAYNAUD: "[PEN-TEST] websence bypass ?"
Next in thread: Mike Kikkert: "Re: [PEN-TEST] websence bypass ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Say a site like packetstorm is being blocked. Use this to bypass Websense
security:

http://www.packetstorm.securify:80

Works everytime

-----Original Message-----
From: Penetration Testers [mailto:PEN-TESTat_private]On Behalf
Of Rebecca Kastl
Sent: Wednesday, April 25, 2001 8:37 PM
To: PEN-TESTat_private
Subject: Re: [PEN-TEST] websence bypass ?

On Wed, 25 Apr 2001, francois RAYNAUD wrote:

> while doing a penetration testing for my company, they ask if i could
> test Websence, which is a url proxy filter. Does somebody has any idea
> how to bypass it from the inside ?

Packet fragmentation, use IP address instead of DNS, Internet accessible
proxies/portals, tunneling via ssh, relaying, etc.

--Rebecca Kastl

Next message: Mike Kikkert: "Re: [PEN-TEST] websence bypass ?"
Previous message: Joseph Nicholas Yarbrough: "[PEN-TEST] "Intercept""
Maybe in reply to: francois RAYNAUD: "[PEN-TEST] websence bypass ?"
Next in thread: Mike Kikkert: "Re: [PEN-TEST] websence bypass ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 09:00:59 PDT