Skip to content
GitLab
Explore
Sign in
This is an archived project. Repository and other project resources are read-only.
Legacy
Trac
Wiki
Doc
Ooni
Tests
HeaderFieldManipulation
HeaderFieldManipulation
· Changes
Page history
Apply conversion script to all *.md files.
authored
Jun 15, 2020
by
Alexander Færøy
Hide whitespace changes
Inline
Side-by-side
doc/OONI/Tests/HeaderFieldManipulation.md
View page @
a1a4b621
'''
What it detects
'''
**
What it detects
**
*
Detects the presence of a device that manipulated HTTP request headers
*
Detects the presence of a device that manipulated HTTP request headers
'''
Inputs
'''
**
Inputs
**
*
A backend to be used for checking the tampering
*
A backend to be used for checking the tampering
'''
Experiment
'''
**
Experiment
**
A set of different requests are sent to the backend. Through a covert channel the client reports to the server the request it made.
A set of different requests are sent to the backend. Through a covert channel the client reports to the server the request it made.
These are the requests that are made:
These are the requests that are made:
...
@@ -14,15 +14,15 @@
...
@@ -14,15 +14,15 @@
*
For every HTTP request method the CaPitaLization is varied
*
For every HTTP request method the CaPitaLization is varied
*
The content of the request is compressed using gzip and the gzip encoding header is added (Add more details?)
*
The content of the request is compressed using gzip and the gzip encoding header is added (Add more details?)
'''
Control
'''
**
Control
**
*
The backend checks if the received request matches the one that the client claims to have sent.
*
The backend checks if the received request matches the one that the client claims to have sent.
'''
Output
'''
**
Output
**
*
What kind of requests are being tampered with and the logs of the sent data and received data.
*
What kind of requests are being tampered with and the logs of the sent data and received data.
'''
Notes
'''
**
Notes
**
apparently they often remove the 'gzip' encoding by
apparently they often remove the 'gzip' encoding by
replacing it in-line with 'xxxx' or something similar - apparently this
replacing it in-line with 'xxxx' or something similar - apparently this
...
...