view release on metacpan or  search on metacpan

bin/dubious_http.pl  view on Meta::CPAN

		   All remaining args are considered reports and a stream will
		   be included if at least one report shows a match.
		   This is the default if arguments are given.
 --filter-all      Like --filter-any, but include stream only if all reports
		   show a match.

Setting up your own payload:

The default payload for evasion tests is the EICAR test virus which gets served
as ZIP file eicar.zip and if this gets not detected as plain TXT file eicar.txt.
To verify that the firewall does not block innocent files novirus.txt is used.
All of these payloads are builtin.

It is possible to setup own payload as following:

 1. Reserve a directory for the payload files.
    The default is ./static but an alternative can be specified with --wwwroot

 2. Add your own payloads to this directory as files which contain HTTP header
    (without status line) and body. If the header line "X-Virus: ..." is given
    the file is considered a malicious payload (like EICAR) and otherwise the

lib/App/DubiousHTTP/Tests.pm  view on Meta::CPAN

safe to run this test.
</p><p>
But, the transfer is done with various kinds of uncommon or even invalid HTTP
responses to check if the inspection of the firewall can be bypassed this way.
The response from the server will then compared to the expected payload and
hopefully all transfers will be blocked either by the firewall or are considered
invalid by the browser.
</p><p>
The test uses XMLHttpRequests to issue the request and get the response. In most but
not all cases this shows the same behavior as other HTTP requests by the browser
(i.e. loading image, script,...). But to verify that an evasion is actually
possible with normal download one should use the provided link to actually test
the evasion.
</p>
<p id=test_virus class=runtest><a href="/auto/all/eicar">Run Test with <strong>EICAR test virus</strong> payload</a></p>

<a name=xhr_novirus>
<h2>Bulk test with innocent payload (XHR)</h2>
</a>

<p>