[thelist] Changing HTTP Headers
Judah McAuley
judah at wiredotter.com
Fri Sep 20 21:53:01 CDT 2002
Mircea Bogdan wrote:
> The problem with this challenge is that the cgi script detects the fact that my
> ISP is not in NZ, as it is my ISP that serves the request to Arcanum(the
> server). If I use a remote proxy in NZ, that means that my requests are sent to
> the NZ proxy and the proxy then submits my request to Arcanum. All Arcanum will
> detect is an NZ server requesting a page. All great till now..
>
> BUT, the sad part is that the script will detect this level of attack.(I've
> heard this from users that passed the challenge)
> That's the reason why I have to spoof the HTTP headers somehow. And I don't
> have a clue how...and I don't imagine what headers to change. Maybe I should
> sniff the headers sent by the server and start from there..
I don't think they can get any information via the HTTP headers about
your location.
Take a look at the W3C spec:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14
There are two headers about proxies, but nothing that specifies your IP
address. I suppose that proxy configuration could add on headers
specifiying the origination of the request, but that would seem to
defeat the purpose of a proxy. They people you talked to may have been
bullshitting you. I don't think that there is any way from an HTTP
header that they could detect your originating address.
They may have a list of popular NZ proxies though and eliminate all
connections originating from those machines.
The SSH tunnel should take care of it though. There is no modification
of the request at all, it just forwards the request.
If you want to take a look at the HTTP request at a more raw level, I'd
recommend the online tools at: http://www.delorie.com/web/
Hope this helps,
Judah
More information about the thelist
mailing list