Project

General

Profile

Actions
Copy link

Bug #427

closed

CONNECT request followed by 200 Connection Established not handled properly

Added by Victor Julien over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
1.3beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

A CONNECT request followed by 200 ok leads to 2 http.log entries, instead of the expected 1.

03/05/2012-17:31:21.098550 <hostname unknown> [**] <hostnameredacted>:443 [**] Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322) [**] 10.3.x.x:1114 -> 10.160.x.x:8080
03/05/2012-17:31:21.098550 <hostname unknown> [**] \xF2\xBB5\x8Fh>\x18\xF0\xEA|\xDB\x81\xC3\x08 [**] <useragent unknown> [**] 10.3.x.x:1114 -> 10.160.x.x:8080

It turns out that our libhtp never sets the state STREAM_STATE_TUNNEL. This has been fixed in the libhtp master branch. Backporting the fix is required.

Files

0001-Return-STREAM_STATE_TUNNEL-after-entering-a-tunnel.patch (4.38 KB) 0001-Return-STREAM_STATE_TUNNEL-after-entering-a-tunnel.patch Victor Julien, 03/20/2012 07:00 AM
Actions
Copy link

Also available in: Atom PDF