OWASP AppSec Asia 2008: Proxy Caches and Web Application Security
Tim Bass
10-03-2008 04:05 AM
Back to travelling a bit, I have accepted an invitation from Wayne Huang, Chapter Leader, OWASP Taiwan,* to give the following presentation at OWASP AppSec Asia 2008, October 27 - 28, 2008, in Taipei:
Proxy Caches and Web Application Security
Abstract:* Proxy caches, combined with poorly written session management code, can easily lead to serious Internet security breaches. Web application developers cannot know whether their content is consumed directly or via a proxy cache. Developers cannot assume that the HTTP responses will be delivered to the intended browser. Moreover, developers cannot be sure that the intended browser even receives the intented content. Consequently, proxy caches are a serious theat to web application security. *In the presentation, we will discuss the recent security breach Tim found in Google Docs and review web application security and session management topics related to proxy caching.
Net::Proxy::Connector::connect_ssl(3pm) User Contributed Perl Documentation Net::Proxy::Connector::connect_ssl(3pm)NAME
Net::Proxy::Connector::connect_ssl - Create SSL/CONNECT tunnels through HTTP proxies
SYNOPSIS
# sample proxy using Net::Proxy::Connector::tcp
# and Net::Proxy::Connector::connect_ssl
use Net::Proxy;
# listen on localhost:6789
# and proxy to remotehost:9876 through proxy.company.com:8080
# using the given credentials
my $proxy = Net::Proxy->new(
in => { type => 'tcp', port => '6789' },
out => {
type => 'connect_ssl',
host => 'remotehost',
port => '9876',
proxy_host => 'proxy.company.com',
proxy_port => '8080',
proxy_user => 'jrandom',
proxy_pass => 's3kr3t',
proxy_agent => 'Mozilla/4.04 (X11; I; SunOS 5.4 sun4m)',
},
);
$proxy->register();
Net::Proxy->mainloop();
DESCRIPTION
"Net::Proxy::Connecter::connect_ssl" is a "Net::Proxy::Connector" that uses the HTTP CONNECT method to ask the proxy to create a tunnel to
an outside server. The data is then encrypted using SSL.
Obviously, you'll need a server that understands SSL (or a proxy using "Net::Proxy::Connector::ssl") at the other end.
This connector is only an "out" connector.
In addition to the options listed below, this connector accepts all "SSL_..." options to "IO::Socket::SSL". They are transparently passed
through to the appropriate "IO::Socket::SSL" methods when upgrading the socket to SSL.
CONNECTOR OPTIONS
"Net::Proxy::Connector::connect" accepts the following options:
"out"
o host
The destination host.
o port
The destination port.
o proxy_host
The web proxy name or address.
o proxy_port
The web proxy port.
o proxy_user
The authentication username for the proxy.
o proxy_pass
The authentication password for the proxy.
o proxy_agent
The user-agent string to use when connecting to the proxy.
AUTHOR
Philippe 'BooK' Bruhat, "<book@cpan.org>".
HISTORY
Because "Net::Proxy" blocks when it tries to connect to itself, it wasn't possible to pass an SSL-encrypted connection through a proxy with
a single script: you needed one for the SSL encapsulation, and another one for bypassing the proxy with the "CONNECT" HTTP method.
See "Net::Proxy::Connector::connect" and "Net::Proxy::Connector::ssl" for details.
COPYRIGHT
Copyright 2007 Philippe 'BooK' Bruhat, All Rights Reserved.
LICENSE
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
perl v5.10.1 2009-10-18 Net::Proxy::Connector::connect_ssl(3pm)