                            hcovert

hcovert is a steganographic communications tool used to create a covert
channel using a HTTP GET request to convey it's message to a webserver and
webserver log parsing to retrieve the message. This tool will both send as
well as recieve messages.


INSTALLATION
------------

Make sure you have the most recent version of hcovert.  You should always
be able to obtain this from the following location:

	http://sourceforge.net/projects/hcovert/

Uncompress the source package, change directory into the directory it
creates, review the Makefile for your system, then execute "make".


OPERATION
---------

hcovert has two modes of operation; sending a message and receiving a
message.  One of these modes is required to execute properly.  From the
commandline, these modes are enabled as:

	-s <host>	To send a message to a host's webserver.
	-r <logfile>	To retrieve a message from a webserver log file.

Only one of these modes may be enabled per session.

Upon execution, hcovert will enter into an interactive mode, allowing you
to type your message directly into the tool.  The tool will send each
line of your message to the webserver obfuscated as a GET request.
Alternately, you may specify a message file to use instead of entering
into interactive mode.  To do this, provide the filename as the last
commandline argument.

Some general options you may want to use:

	-p <port>	The target webserver's port, in case it is not
			running on default port 80.

	-i <string>	An alternate identity string.  If you are sending
			multiple messages to the same webserver, they
			will concatenate together upon retrieval if you
			allow hcovert to use the default string every
			session.

	-k <key>	A key, or password, used to obfuscate your text
			payload.  This is done by generating a SHA1 hash
			of the key and then XOR'ing the payload with the
			hash.

	-e		List some example usage scenarios.


CONTACT
-------

Suggestions, bugs, source patches, flames, etc, to:

I)ruid <druid@caughq.org>

