[SubWeb] NEW http proxy/reverse proxy

From: Stephane Aubert (Stephane.Aubert@hsc-labs.com)
Date: Mon Aug 13 2001 - 03:37:02 PDT

Next message: Joshua Wright: "RE: sniffing X traffic."

Previous message: Stephane Aubert: "[BabelWeb] NEW web scanner/analyzer/forcer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SubWeb v1.0

Stephane Aubert <Stephane.Aubert@hsc-labs.com>
kotao <kotaoat_private>
HSC security research labs
Hervé Schauer Consultants

Download: http://www.hsc-labs.com/tools/subweb/


SubWeb is a proxy (and also a reverse proxy). It allows to work on
HTTP flows in the line of HTTPush, RFProxy or Achilles.

It becomes possible with SubWeb to handle and visualize on the fly the
HTTP requests, the headers and/or HTML pages.

Main goal of SubWeb is to contribute to the tests of network applications
based on HTTP. HTTPS is not directly managed in SubWeb, it is necessary, 
in order to test a SSL server, to use the stunnel program, for example.

SubWeb has 3 operating modes:
  * proxy (classical HTTP proxy)
  * midproxy (HTTP proxy which requires the pages of another proxy)
  * rproxy (reverse proxy, SubWeb mimic an HTTP server)

  Another functionality, named virtual Web, allow SubWeb to answer 
  certain requests (depending on keywords contained in these
  requests) without requiering anything to the server.

It is possible to visualize all the traffic between the customers and the servers.
There are several options of visualization (only the headers, to display
binary pages in Hexa, to display only the requests or only the answers...)

In the three modes it is possible to apply filtering at all the
levels, ie. in the URL, the headers and the body of the pages, in the
requests and the answers.

Another type of filtering, named dynamic, is activable by adding the
string subweb=on in the URL. These dynamic filters are interesting, for 
example, to change fields like a cookie or a session_id in a session 
after passing the authentification.

An experimental functionality was added to the reverse relay mode.
It makes it possible to cipher the contents of the hidden fields sent 
by the server to the various customers and to decipher them when the
customers send them back to the server in requests GET or POST requests.

This mechanism forbidden the users to modify the value of the hidden 
fields, which makes it possible to protect them and use them for
example to manage the order of the requests required by a customer.


PS: SubWeb is not underground ;)
--------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Joshua Wright: "RE: sniffing X traffic."
Previous message: Stephane Aubert: "[BabelWeb] NEW web scanner/analyzer/forcer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 12:32:00 PDT