• Your recent searches
App-DubiousHTTP
2 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

- better description for some tests
- enforce download via download attribute for eicar.txt etc
- according to RFC2616 a content-encoding header with 'identity' should not
  be used, moved to UNCOMMON_INVALID and added variations with double
  encoding etc
- complain if the firewall blocks sane response without virus, because that
  might indicate that they employ a URL filter only or similar
- If one evasion failed re-check with novirus.txt if it failed because of the
  firewall or because the browser considered the response invalid. Also add
  these information to the summary for the user and tell the user again how to
  check for false positives and how EICAR looks like.
- give summary and offer a way to give feedback with product details
- log response header we got for initial innocent and test virus request
2015/09/04 0.024
- if in the automated evasion test the initial simple request to eicar.txt
  results in the expected failure add the error message to the results sent
  in /submit_results
- track different request headers, i.e order of fields etc to distinguish browsers 
  and changes done by proxies
- by default garble URLs so firewalls can not simply block all URLs with 
  eicar.txt inside, switch off with --no-garble-url. It will still accept

lib/App/DubiousHTTP/Tests.pm  view on Meta::CPAN 

	return status;
    }


    if (test['isbad']) {
	// check for evasion
	if (status == 'match') {
	    if (test['expect_bad']) {
		// assume no or stupid content filter
		var msg = "<div>" +
		    "It looks like no malware filtering is done by the firewall since " + bad_name +
		    " could not be detected when transferred using a valid and typical HTTP response.</div><div>" +
		    "The tests will continue but it is assumed that there is no malware filter available. " +
		    "This means no firewall bypasses can be detected (there is nothing to bypass) but instead " +
		    "it will only check the behavior of the browser regarding atypical or malformed responses." +
		    "</div>";
		if (bad_name == 'EICAR') {
		    msg += "<div>If you feel that your firewall should be able to detect the malware please check your " +
			"firewall configuration and make sure that antivirus is enabled. This test uses only " + bad_name +
			" which any antivirus product should be able to detect." +
			"</div>";

lib/App/DubiousHTTP/Tests.pm  view on Meta::CPAN 

		+ evasions_blocked + " evasions attempts were blocked by the firewall and "
		+ browser_invalid + " attempts failed because the browser considered the response invalid or because the firewall blocks (invalid) responses even if there is no malware payload."
		+ "Please note that these might be considered valid by other browsers and might lead to possible evasions, so better try with other browsers too."
		+ "For this reason I would recommend to check with at least Firefox, Chrome, Safari, Internet Explorer, Edge and Opera because they all behave differently."
		+ "<br><br>To get an overview which products behave that nicely "
		+ "it would be helpful if you provide us with information about the firewall product you use. "
		+ "Please add as much details as you know and like to offer, i.e. model, patch level, specific configurations. ";
	} else if (evasions == 0) {
	    results = results + "NO EVASIONS BUT OVERBLOCKING\n";
	    div = document.getElementById('overblock');
	    div.innerHTML = "<h1>Suspicious!<br>No evasions detected but it looks like overblocking.</h1>"
		+ evasions_blocked + " evasions attempts were blocked by the firewall but in at least "
		+ overblocked + " cases the firewall blocked perfectly valid and innocent responses."
		+ browser_invalid + " attempts failed because the browser considered the response invalid or because the firewall blocks (invalid) responses even if there is no malware payload."
		+ "Please note that these might be considered valid by other browsers and might lead to possible evasions, so better try with other browsers too."
		+ "For this reason I would recommend to check with at least Firefox, Chrome, Safari, Internet Explorer, Edge and Opera because they all behave differently."
		+ "<br><br>To get an overview which products behave that nicely "
		+ "it would be helpful if you provide us with information about the firewall product you use. "
		+ "Please add as much details as you know and like to offer, i.e. model, patch level, specific configurations. ";
	} else {
	    div = document.getElementById('evadable');



( run in 0.649 second using v1.01-cache-2.11-cpan-64827b87656 )