Tuesday, August 26, 2008

Senspost reDuh released


Finally!

I've been waiting to play with this tool since the presentation at Defcon. Tunneling TCP through well formed HTTP which decodes it on the other end back into TCP is a pretty handy option.

"What Does reDuh Do?
reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests.

Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially"

Here's the link(s).
http://www.sensepost.com/blog/2399.html

http://www.sensepost.com/research/reDuh/

expect some more info soon.
CG

2 comments:

Anonymous said...

Wow..excellent. This really changes things. Cant wait to get this rolled up.

Morgan Storey said...

Damn, now all you need is someone to allow their site to upload files and you are set.
Nice find.