FHTTP Design rules for Evader Proxy (FHTTP v1.2) Let's start by explaining what options FHTTP gives us to "design rules" for evading the FHTTP proxy v1.2.
To start we have 2 methods: - reglas.txt
- proxymodulos.pm
the first being a more "easy" (requires regex knowledge) and the second the advanced option (requires programming skills in Perl).
reglas.txt structure is as follows: where: pattern => replacement \u0026lt;! - Comment
All this has to be on one line (no line breaks)
"where" would be part of the story was edited, the options accepted are:
- url - The url of the consultation
- reqline - The line of query (for example: GET / HTTP/1.1).
- header - Each of the headers of an individual (for example: Host: hackingtelevision.blogspot.com).
- postscript - The Post's sent data (data sent in POST).
- Rhead - All headers (including reqline) response but not individually.
- rcontenido - All content of the reply (obviously excluding headers)
the pattern is a perl regex ordinary with the difference that if you use html tags must be replaced by their respective value "html entitites", if used: \\ r \\ n you have to add an additional escape (\\ \\ r \\ \\ n), ie
is different \\ r \\ n which become FHTTP CRLF in a real (and not regex).
\\ \\ r \\ \\ n which FHTTP become \\ r \\ n (and be used in the regex).
there are slight differences between the use of either xD ...
The replacement as in the classic perl regex you can use "groups" such as:
reqline: GET ^ (\\ s rcontenido: nossl: window \\. location \\. replace \\ (([\\ s \\ \\ r \\ \\ n] *) "https: \\ / \\ / ([\\ s \\ \\ r \\ \\ n] *) \\ + ( [\\ s \\ \\ r \\ \\ n] *) window \\. location \\. hostname ([\\ s \\ \\ r \\ \\ n] *) \\ + ([\\ s \\ \\ r \\ \\ n] *) window \\. location \\. pathname ([\\ s \\ \\ r \\ \\ n] *) \\ + ([\\ s \\ \\ r \\ \\ n] *) window \\. location \\. hash ([\\ s \\ \\ r \\ \\ n] *) \\) => window.location.replace ("http://" + window.location.pathname window.location.hostname + + "? & 08dae2760be9fe48274a74c31fba5b0f" + window.location.hash) \u0026lt;! - Twitter and others: P (rule to break the "only HTTPS" xD twitter ...)
is using the where "rcontenido: nossl" which is only going to use when activated the "delete SSL."
As you can see is really easy to build a proxy rule for evading the FHTTP v1.2. We will now quickly
on proxymodulos.pm.
uricall
sub {
my $ uri = $ _ [0];
$ uri = ~ s / ^ http: \\ / \\ / ([\\ /]+)// g;
$ uri = "/". $ uri if ($ uri! ~ / ^ \\ / /);
return $ uri;}
Navy
this subroutine add it to proxymodulos.pm and add it to their respective "callback list" (@ uricallbacks).
my @ uricallbacks = (
uricall,
)
and ready, our subroutine is executed for each uri (url).
the moment we leave here, I hope you find it useful and will soon see more videos and papers published more uses of this tool: P. ..
Bytez!
xD First of all let me clarify that it is only a" tool "designed to study and testing of the protocol by which the responsibility to use that you will be placed entirely on the user. Scheduled 
Another thing is a module that integrates stress test (aka DoS Tool xD), which according to the evidence (as you have seen those who participated in the conference in FreeSecurity tuxtepec gave in xD) easily denied a server with 8 cores and 8 GB's of ram (thank you very much to @