[PEN-TEST] websense bypass does not work

From: priya subramanian (pentestingat_private)
Date: Thu May 03 2001 - 02:14:31 PDT

Next message: Joe Shaw: "Re: [PEN-TEST] wireless LAN traffic sniffing"

Previous message: Magnus Bodin: "Re: [PEN-TEST] wireless LAN traffic sniffing"
Next in thread: Matthew Leeds: "Re: [PEN-TEST] websense bypass does not work"
Reply: Matthew Leeds: "Re: [PEN-TEST] websense bypass does not work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

going by what is said below, we tried it with websense
with version 4.2.3 with checkpoint firewall. the
decimal no. and also the binary no. gets converted to
the ip and get blocked by websense.

could anyone pl suggest some other alternative.

Priya

--- Robert Shea <robert.sheaat_private> wrote:
>
> In addition to decimal addresses, and appending the
> port number... this
> works against many systems like this (just depends
> on how they match)
> http://trustedsite.com@actual-target-site
>
> so say cnn.com is allowed, but www.hitlist.com is
> not
> cnn.comat_private">http://cnn.comat_private
> and of course mixing
> http://cnn.com@2704981249:80
>
> Some systems (it should be noted, that I have not
> tested the one in
> question) will match the first domain "cnn.com" and
> move on, ignoring the
> rest...
> Robert
>
> %
> %>You can sometimes add :80 to the end of a url
> http://www.yahoo.com:80
> %>You can also use the ip address of the webserver
> %http://xxx.xxx.xxx.xxx
> %>Maybe even add a :80 to the end of the ip url.
> %>There is also a way to convert the ip address into
> a number
> %string, I have
> %>to go talk to some
> %>people to remember how to do that one, but email
> me back so
> %that I remember.
> %>Tony
> %
> %Converting to a numeric value is done by
> 'pretending' that the
> %dotted quad is a
> %base 256 number. Thus the first byte is multiplied
> by
> %256*256*256, the second by
> %256*256 the third by 256 and the last is not
> multiplied at
> %all. Add these up and
> %then try and connect to it using that number.
> %
> %66.38.151.10
> %= 66 * 256 * 256 * 256
> %+ 38 * 256 * 256
> %+ 151 *256
> %+ 10
> %= 1109825290
> %
> %Can then connect to this as http://1109825290
> apparantly
> %that'll skip past a
> %number of validators which check against IP and
> 'name'
> %
> %(Or you could just use an IP-to-DWORD calculator
> such as that on
> %http://www.fichtner.net/tools/ip2dword/
> %More info: http://www.pc-help.org/obscure.htm )
> %
> %--
> %Ed Rolison
> %System Administrator
>

> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s



____________________________________________________________
Do You Yahoo!?
For regular News updates go to http://in.news.yahoo.com

Next message: Joe Shaw: "Re: [PEN-TEST] wireless LAN traffic sniffing"
Previous message: Magnus Bodin: "Re: [PEN-TEST] wireless LAN traffic sniffing"
Next in thread: Matthew Leeds: "Re: [PEN-TEST] websense bypass does not work"
Reply: Matthew Leeds: "Re: [PEN-TEST] websense bypass does not work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 03 2001 - 15:14:43 PDT