|
Index of /ru/projects/httpostng
|
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 04-Sep-2007 18:52 -
![[ ]](/icons/unknown.gif)
ChangeLog 24-Sep-2005 13:32 1k
![[DIR]](/icons/folder.gif)
examples/ 24-Sep-2005 13:44 -
![[ ]](/icons/compressed.gif)
httpostng-0.3.tgz 01-Dec-2005 02:57 56k
HttPostNG 0.3 (/09/05)
======================
This project was originally released at Hitchhiker's World Issue #10 (have
a look at http://www.infosecwriters.com/hhworld/).
A funny poc to convert a text file into one or several png images and send
them to a remote CGI in HTTP POST requests so that the network based "detector"
has to figure if all POST images it monitors are legitimate or suspicious.
===============================================================================
GRAY-WORLD.NET / HTTPOSTNG
==========================
The HttPostNG program is part of the Gray-World.net projects.
Our Gray-World Team uses the http://gray-world.net website to present the
projects and publications we are working at. Our activity dwells in the NACS
(Network Access Control System) bypassing research field and is related to
computer and network security topics.
===============================================================================
Got that funny idea while reading [ElimSteg] : "While there are several
techniques currently in use that reactively attempt to detect steganography in
images, this is understandably an impossible task to complete, as there are
many places to hide data, and many ways to hide the data in thoses places." and
"By definition, steganographic carriers are subliminal channels since the
communication appears to be innocent, but really has ulterior information
embedded below the threshold of perception".
So, where can we hide data in an image carrier and below whom threshold of
perception ? And what if the image itself is the message to transmit ?
HttPostNG reads a text file, converts it in one or several PNG images and
sends them to a remote location in one or several HTTP POST requests (a funny
dictionary option allows to replace words with their pictural representation).
And now PngShell ? :)
[ElimSteg] : Eliminating Steganography in Internet Traffic with Active Wardens
G. Fisky, M. Fisk, C. Papadopoulos, J. Neil (2002)
http://www.gray-world.net/papers/ih02.pdf
Playing
-------
Update the provided CGI script to configure IMGDIR (web server location where
the images will be stored), IMGWWW (DocRoot location to display images) and
CODE (only to avoid someone to upload files while you play). This CGI script is
only a basic cgi that accepts HTTP POST with images (i.e. : it doesn't execute
any operation).
Configure httpostng.pl (this script is the one reading from a textfile and
generating the images) :
o SERVER, PORT, CGI - location of the cgi on the remote webserver ;
o USE_PROXY, PROXY_IP, PROXY_PORT - if you wanna use an HTTP proxy ;
o CODE - same code as for the cgi ;
o TXTIN - the name of the file to convert ;
o IMOUT - the name of the image(s) (IMOUT-0.png, IMOUT-1.png, etc) ;
o IMG_W, IMG_H - width and height of the images ;
o IMG_I, IMG_C - interline and newline after x charachters parameters ;
o IMGONLY : location of a textfile if you don't want to send images to the
cgi ;
o STARTGET : Do an HTTP GET for the remote CGI before sending POSTs ;
o USE_DICT : Use the dictionary function (see Dictionary) ;
o BINFILE : set to 1 if the file to read is a binary (each read() will be
converted to hexa before writing in the image).
Notes :
o no images size check for cgi so take care to the size of txt file ;
o the cgi aborts if the image name already exists.
Enjoy ./httpostng.pl
Dictionary
----------
Crazy idea from Andreas :) The concept lays on replacing words by their
pictural representation. To play with that option, configure :
o %DICT to add the word or phrase and the related png ;
o DICT_orig_w and DICT_orig_h as original width and height of images ;
o DICT_icon_w and DICT_icon_h as width and height that will be used in the
generated image (you may configure these one to $IMG_I to have the icons
match the interline space between lines of text).
See examples/README.html
Comments
--------
I don't wanna captcha or fourier the images. This is a funny poc so anyone
willing to play the stealth game can try what he wants. But don't forget that
the message itself (whereas it is a text or an image) may be a carrier and not
the *real* message.
Thanks
------
Thanks to GWs guys and to Modu for comments.. and special thanks to CC for
that gw september month ;)
LICENSE
-------
HttPostNG is distributed under the terms of the GNU General Public License
v2.0 and is copyright (c) 2005 Simon Castro <scastro [at] entreelibre.com>. See
the file COPYING for details.