Skip to content

Commit

Permalink
added README
Browse files Browse the repository at this point in the history
  • Loading branch information
@noxxi
noxxi committed Jun 6, 2013
1 parent b105455 commit b4ecc70
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions README
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
While HTTP is defined in RFC2616 (HTTP/1.1) the specification does not address
every tiny detail. This makes browsers behave similar for the usual HTTP
traffic, but they differ in behavior regarding unusual or invalid traffic.

The same interpretation problems can be seen in security systems, e.g.
Intrusion Detection Systems (IDS), proxies or firewalls. Thus differences in the
interpretation of HTTP leave enough room for circumventing these security
systems.

This module contains predefined tests to generate dubious HTTP responses.
The distribution contains also a script C<dubious_http.pl> which can be used
as an HTTP server to serve these dubious HTTP responses. It can alternativly be
used to generate pcap-Files containg the dubious HTTP traffic, which instead of
life traffic can be fed for analysis into IDS systems.

0 comments on commit b4ecc70

Please sign in to comment.