update readme

README

@@ -1,12 +1,12 @@
-HTTP Evader - Automate Firewall and IDS Evasion Tests
+= HTTP Evader: Automate Firewall and IDS Evasion Tests, Analyse Browser Behavior
 
 While HTTP is defined in RFC2616 (HTTP/1.1) the specification does not address
 every tiny detail. This makes browsers behave similar for the usual HTTP
 traffic, but they differ in behavior regarding unusual or invalid traffic.
 
 The same interpretation problems can be seen in security systems, e.g.
 Intrusion Detection Systems (IDS), proxies or firewalls. Thus differences in the
-interpretation of HTTP leave enough room for circumventing these security
+interpretation of HTTP leave enough room for bypassing these security
 systems.
 
 This module contains predefined tests to generate dubious HTTP responses.
@@ -21,3 +21,12 @@ See http://noxxi.de/research/http-evader.html for on overview of the automatic
 evasion tests and http://noxxi.de/research/semantic-gap.html for more details on
 using interpretation differences between different browsers and security systems 
 to bypass the latter.
+
+= Quickstart Test Server
+
+To start a test server at localhost port 8001 simply use:
+
+  perl dubious_http.pl -M server --no-garble-url 127.0.0.1:8001
+
+Additional options are available, i.e. for https support and others.
+Start the script with --help to get more information.

lib/App/DubiousHTTP/Tests/Clen.pm

@@ -56,8 +56,8 @@ DESC
     [ INVALID, 'close,\042(clen)\042,content,junk' => "'Content-length: \"len\"', body content+junk" ],
     [ INVALID, 'close,(clen)A,content,junk' => '"Content-length: lenA", body content+junk' ],
     [ INVALID, 'close,A(clen),content,junk' => '"Content-length: Alen", body content+junk' ],
-    [ INVALID, 'close,(clen) A,content,junk' => '"Content-length: len A", body content+junk' ],
-    [ INVALID, 'close,A (clen),content,junk' => '"Content-length: A len", body content+junk' ],
+    [ INVALID, 'close,(clen)\040A,content,junk' => '"Content-length: len A", body content+junk' ],
+    [ INVALID, 'close,A\040(clen),content,junk' => '"Content-length: A len", body content+junk' ],
     [ INVALID, 'close,\240(clen),content,junk' => '"Content-length: \240len", body content+junk' ],
     [ INVALID, 'close,(clen)\240,content,junk' => '"Content-length: len\240", body content+junk' ],
     [ INVALID, 'close,(clen).0,content,junk' => '"Content-length: len.0", body content+junk' ],

lib/App/DubiousHTTP/Tests/Compressed.pm

@@ -56,7 +56,7 @@ DESC
     # these might be strange/unsupported
     [ 'VALID: less common but valid requests' ],
     [ UNCOMMON_VALID, 'ce:deflate;zlib' => 'content-encoding deflate, served with RFC1950 style deflate (zlib)'],
-    [ UNCOMMON_VALID, 'ce:deflate;zlib' => 'content-encoding deflate, served with RFC1950 style deflate (zlib) with 2 compressed blocks'],
+    [ UNCOMMON_VALID, 'ce:deflate;zlib2p' => 'content-encoding deflate, served with RFC1950 style deflate (zlib) with 2 compressed blocks'],
     [ UNCOMMON_VALID, 'ce:nl-gzip;gzip' => 'content-encoding gzip but with continuation line, served gzipped'],
     [ UNCOMMON_VALID, 'ce:nl-deflate;deflate' => 'content-encoding deflate but with continuation line, served with deflate'],
     [ UNCOMMON_VALID, 'ce:nl-nl-deflate;deflate' => 'content-encoding deflate but with double continuation line, served with deflate'],