125084 – [patch] dsniff 2.3/2.4beta might miss http POST passwords

Bug 125084 - [patch] dsniff 2.3/2.4beta might miss http POST passwords

Summary: [patch] dsniff 2.3/2.4beta might miss http POST passwords

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Netmon project

URL:
Whiteboard:
Keywords:	InVCS

Depends on:
Blocks:

Reported:	2006-03-05 06:48 UTC by Anton Bolshakov
Modified:	2006-04-16 18:09 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
http respond might be in different case. The patch fixes that. (2.3-decode_http.patch,675 bytes, patch) 2006-03-05 06:50 UTC, Anton Bolshakov	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Anton Bolshakov 2006-03-05 06:48:44 UTC

Some web servers (Server: nginx/0.3.29) returns http headers in the different case. Dsniff will fail to detect the post request and miss the the posted password in this case.
The patch to fix this is attached in the next message.

Comment 1 Anton Bolshakov 2006-03-05 06:50:51 UTC

Created attachment 81398 [details, diff]
http respond might be in different case. The patch fixes that.

Improvment.

Comment 2 Markus Ullmann (RETIRED) gentoo-dev

2006-04-16 18:09:35 UTC

Sent mail upstream but got no response and as it is pretty safe, applying it.

Fixed in CVS, thanks much :)