Before we can evade, we must understand what we are up against.
The instructor loaded up a tool called HTTPtunnel . "If a firewall allows HTTP outbound, tunnel everything inside HTTP. But not normal HTTP— weird HTTP. Headers out of order. Chunked encoding with false lengths. Firewall's protocol decoder will give up and pass the raw stream to the web server. And the web server? It's yours."
Before we can evade, we must understand what we are up against.
The instructor loaded up a tool called HTTPtunnel . "If a firewall allows HTTP outbound, tunnel everything inside HTTP. But not normal HTTP— weird HTTP. Headers out of order. Chunked encoding with false lengths. Firewall's protocol decoder will give up and pass the raw stream to the web server. And the web server? It's yours."
