printf("%02x", c[i])for each byte), and pass that as the value of an
__Q_
query variable.
That is, a full URL with an encrypted argument might look like:
http://192.168.117.3/httpfs-ls?__Q_=c6eaa023807b3220abee6df7ef743566bed09805d8b3cc745830ad1e771a2aac140ebf329790The Replay query encrypter actually adds an extra
mlg
argument, prior to encrypting, with a value that's a random number (5-30) of random material; this is probably to confuse plaintext-only attacks on the encryption. Nothing seems to check for the existance of this argument.
The parameter parser's support for the __Q_
option is rather limited; it must be the only variable. If it's not the first argument, it won't be recognized. If there are any other arguments, they're taken as part of the cyphertext, which of courseis then no longer valid. This is probably simply sloppy, but it makes it more complicated to write tools to support both 4.1 and 4.3 ReplayTVs.
-- ToddLarason - 10 Jun 2002
Attachment: | Action: | Size: | Date: | Who: | Comment: |
---|---|---|---|---|---|
diff.txt | action | 5837 | 19 Jun 2002 - 07:44 | ToddLarason | SwapDV? 0.7 patch (ugly code, but works) |
Topic HttpEncryptedQuery . { Edit | Attach | Ref-By | Printable | Diffs | r1.4 | > | r1.3 | > | r1.2 | More } |
Revision r1.4 - 01 Apr 2003 - 04:30 GMT - TWikiGuest Parents: WebHome > HTTPFS |
Copyright © 2001 by the contributing authors.
All material on this collaboration tool is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback. |