lordwelch/chasquid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

You must login to view /lordwelch/chasquid/src/commit/cbb620eec24de2fcd0a2d5ef1e598f0ff0b4d61f/go.mod.
The GitHub option should be usable for most people, it only links via username.

Files
master
chasquid/test/t-12-minor_dialogs/wrong_proto.cmy
Alberto Bertogli 8c8e64dc29 smtpsrv: Reject HTTP commands 
To help with defense-in-depth on cross-protocol attacks (e.g.
https://alpaca-attack.com/), this patch makes chasquid reject HTTP
commands.
2021-06-11 10:35:51 +01:00

16 lines
360 B
Plaintext
Raw Permalink Blame History

c tcp_connect localhost:1025
c <~ 220
c -> GET /evil HTTP/1.1
c <- 502 5.7.0 You hear someone cursing shoplifters
c tcp_connect localhost:1025
c <~ 220
c -> POST /evil HTTP/1.1
c <- 502 5.7.0 You hear someone cursing shoplifters
c tcp_connect localhost:1025
c <~ 220
c -> CONNECT www.evil.com:80 HTTP/1.1
c <- 502 5.7.0 You hear someone cursing shoplifters
Reference in New Issue View Git Blame Copy Permalink