Re: [PEN-TEST] Websense bypass ?

From: Matthew Wagenknecht (Matthew.Wagenknechtat_private)
Date: Thu Apr 26 2001 - 16:04:42 PDT

Next message: Crist Clark: "Re: [PEN-TEST] Websense bypass ?"

Previous message: Brian: "[PEN-TEST] Software Test Procedures Request for Assistance"
Next in thread: Crist Clark: "Re: [PEN-TEST] Websense bypass ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

or more simply:
for firstOctet.secondOctet.thirdOctet.fourthOctet:

longIP = (firstOctet*(256 * 256 * 256))+(secondOctet*(256 *
256))+(thirdOctet * 256) + (fourthOctet)

Matt Wagenknecht
Internet Security Analyst	 	 


-----Original Message-----
From: John Bumgarner [mailto:JBumgarnerat_private]
Sent: Thursday, April 26, 2001 9:13 AM
To: PEN-TESTat_private
Subject: Re: [PEN-TEST] Websense bypass ?


Tony,

Here the information concerning converting to IP address to a number string:

With some firewall implementations, you can bypass the URL filtering rules:
 
Obtain IP address of a filtered URL:  http://www.netaddress.com or
http://204.68.24.100 
Convert IP address to binary using calc.exe - 11001100 01000100 00011000
01100100 
Concatenate the binary together 11001100010001000001100001100100 
Convert this number to decimal using calc.exe - 3427014756 
Enter this in your browser - http://3427014756

John Bumgarner, CISSP


-----Original Message-----
From: Tony King [mailto:tonykingat_private]
Sent: Thursday, April 26, 2001 08:20
To: PEN-TESTat_private
Subject: Re: websence bypass ?


You can sometimes add :80 to the end of a url http://www.yahoo.com:80
You can also use the ip address of the webserver http://xxx.xxx.xxx.xxx
Maybe even add a :80 to the end of the ip url.
There is also a way to convert the ip address into a number string, I have
to go talk to some
people to remember how to do that one, but email me back so that I remember.
Tony


At Wed, 25 Apr 2001 13:57:56 +0200, =?iso-8859-1?q?francois=20RAYNAUD?=
<francois_raynaudat_private> wrote:

>
>hi folks,
>
>while doing a penetration testing for my company, they
>ask if i could test Websence, which is a url proxy
>filter.
>Does somebody has any idea how to bypass it from the
>inside ?
>please no answer with the traditional "change your
>proxy !"
>
>cheers
>
>=====
>François Raynaud
>England       \!/
>             (@ @)
>mobile 0044 (0)7754 749971
>      ----oOO-(_)-OOo--------
>
>___________________________________________________________
>Do You Yahoo!? -- Pour faire vos courses sur le Net,
>Yahoo! Shopping : http://fr.shopping.yahoo.com
>
Free, encrypted, secure Web-based email at www.hushmail.com

Next message: Crist Clark: "Re: [PEN-TEST] Websense bypass ?"
Previous message: Brian: "[PEN-TEST] Software Test Procedures Request for Assistance"
Next in thread: Crist Clark: "Re: [PEN-TEST] Websense bypass ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 20:32:51 PDT