|
Brought to you by:
Suppliers of:
|
|
|
| |
| By spoofing the User-Agent header it is possible to bypass filtering and, to a lesser extent, monitoring in a Websense Enterprise. |
| |
Credit:
The information has been provided by Mr. HinkyDink.
The original article can be found at: http://mrhinkydink.blogspot.com/2007/12/websense-policy-filtering-bypass.html
|
| |
Vulnerable Systems:
* Websense Enterprise version 6.3.1
The following was tested in an unpatched 6.3.1 system using the ISA Server integration product. It is assumed it will work with other integration products but this has not been tested. Other User Agents may also work.
I. Install FireFox 2.0.x
II. Obtain and install the User Agent Switcher browser plug-in by Chris Pederick
III. Add the following User Agents to the plug-in
Description: RealPlayer
User Agent : RealPlayer G2
Description: MSN Messenger
User Agent : MSMSGS
Description: WebEx
User Agent : StoneHttpAgent
IV. Change FireFox's User Agent to any one of the preceding values
V. Browse to a filtered Web site
VI. Content is allowed
Content browsed via this method will be recorded in the Websense database as being in the "Non-HTTP" category.
Solution:
Websense has corrected the issue in database update 92938 as explained in article: How can I ensure that Websense Enterprise filters "all" requests (URL requests and tunneled protocol requests)?
|
| Subject:
|
not anymore |
Date: |
20 Dec. 2007 |
| From: |
2k3polgmail.com |
| not working anymore, has been fixed in all installations |
|
|
|
|
|
|
