Tuesday, August 26, 2008

Senspost reDuh released

Finally!

I've been waiting to play with this tool since the presentation at Defcon. Tunneling TCP through well formed HTTP which decodes it on the other end back into TCP is a pretty handy option.

"What Does reDuh Do?
reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests.

Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially"

Here's the link(s).
http://www.sensepost.com/blog/2399.html

http://www.sensepost.com/research/reDuh/

expect some more info soon.

2 comments:

  1. Wow..excellent. This really changes things. Cant wait to get this rolled up.

    ReplyDelete
  2. Damn, now all you need is someone to allow their site to upload files and you are set.
    Nice find.

    ReplyDelete