| Prev | Next |
This plugin detects and prevents HRS(HTTP Request Smuggling) attack. When HTTP request that matches one of the following conditions is found, this plugin disconnects the TCP connection and raises an alert.
- two or more "Content-Length"
- two or more "Transfer-Encoding"
- "Transfer-Encoding: chunked" and "Content-Length"
- Other methods than POST or PUT and "Content-Length" or "Transfer-Encoding"
And additionally, this plugin can be configured to execute a system command when it detects an HRS attack. If you want the plugin to do so, add a line to "control" file like this:
HRSDetector.command=/usr/local/bin/notifyMe
This plugin is stable. It is recommended that you use this plugin to all HTTP sessions.
The name of the class of this plugin is :
net.jumperz.app.MGuardian.plugin.MHRSDetector