HttPostNG 0.3 (/09/05) ====================== This project was originally released at Hitchhiker's World Issue #10 (have a look at http://www.infosecwriters.com/hhworld/). A funny poc to convert a text file into one or several png images and send them to a remote CGI in HTTP POST requests so that the network based "detector" has to figure if all POST images it monitors are legitimate or suspicious. =============================================================================== GRAY-WORLD.NET / HTTPOSTNG ========================== The HttPostNG program is part of the Gray-World.net projects. Our Gray-World Team uses the http://gray-world.net website to present the projects and publications we are working at. Our activity dwells in the NACS (Network Access Control System) bypassing research field and is related to computer and network security topics. =============================================================================== Got that funny idea while reading [ElimSteg] : "While there are several techniques currently in use that reactively attempt to detect steganography in images, this is understandably an impossible task to complete, as there are many places to hide data, and many ways to hide the data in thoses places." and "By definition, steganographic carriers are subliminal channels since the communication appears to be innocent, but really has ulterior information embedded below the threshold of perception". So, where can we hide data in an image carrier and below whom threshold of perception ? And what if the image itself is the message to transmit ? HttPostNG reads a text file, converts it in one or several PNG images and sends them to a remote location in one or several HTTP POST requests (a funny dictionary option allows to replace words with their pictural representation). And now PngShell ? :) [ElimSteg] : Eliminating Steganography in Internet Traffic with Active Wardens G. Fisky, M. Fisk, C. Papadopoulos, J. Neil (2002) http://www.gray-world.net/papers/ih02.pdf Playing ------- Update the provided CGI script to configure IMGDIR (web server location where the images will be stored), IMGWWW (DocRoot location to display images) and CODE (only to avoid someone to upload files while you play). This CGI script is only a basic cgi that accepts HTTP POST with images (i.e. : it doesn't execute any operation). Configure httpostng.pl (this script is the one reading from a textfile and generating the images) : o SERVER, PORT, CGI - location of the cgi on the remote webserver ; o USE_PROXY, PROXY_IP, PROXY_PORT - if you wanna use an HTTP proxy ; o CODE - same code as for the cgi ; o TXTIN - the name of the file to convert ; o IMOUT - the name of the image(s) (IMOUT-0.png, IMOUT-1.png, etc) ; o IMG_W, IMG_H - width and height of the images ; o IMG_I, IMG_C - interline and newline after x charachters parameters ; o IMGONLY : location of a textfile if you don't want to send images to the cgi ; o STARTGET : Do an HTTP GET for the remote CGI before sending POSTs ; o USE_DICT : Use the dictionary function (see Dictionary) ; o BINFILE : set to 1 if the file to read is a binary (each read() will be converted to hexa before writing in the image). Notes : o no images size check for cgi so take care to the size of txt file ; o the cgi aborts if the image name already exists. Enjoy ./httpostng.pl Dictionary ---------- Crazy idea from Andreas :) The concept lays on replacing words by their pictural representation. To play with that option, configure : o %DICT to add the word or phrase and the related png ; o DICT_orig_w and DICT_orig_h as original width and height of images ; o DICT_icon_w and DICT_icon_h as width and height that will be used in the generated image (you may configure these one to $IMG_I to have the icons match the interline space between lines of text). See examples/README.html Comments -------- I don't wanna captcha or fourier the images. This is a funny poc so anyone willing to play the stealth game can try what he wants. But don't forget that the message itself (whereas it is a text or an image) may be a carrier and not the *real* message. Thanks ------ Thanks to GWs guys and to Modu for comments.. and special thanks to CC for that gw september month ;) LICENSE ------- HttPostNG is distributed under the terms of the GNU General Public License v2.0 and is copyright (c) 2005 Simon Castro . See the file COPYING for details.