GRAY-WORLD.NET TEAM
Unusual firewall bypassing techniques, network and computer security.

In another moment down went Alice after it, never once considering how in the world she was to get out again. The rabbit-hole went straight on like a tunnel for some way, and then dipped suddenly down, so suddenly that Alice had not a moment to think about stopping herself before she found herself falling down a very deep well.

Lewis Carroll "Alice In Wonderland"
Alice
Chinese French Russian Spanish Polish Italian
Home | Projects | Papers | Forum | Team | Links | Contributions
 Projects 

Cctde is a first implementation of the Gray-World.net Covert Channel and Tunneling over the HTTP protocol Detection : GW implementation theoretical design' paper.

The main goal of this project is to provide a way to register and disclose informations leading to the detection of unauthorized tunnels and covert channels embedded into the HTTP protocol but the concepts could also be applied to the detection of arbitrary data flows inside other high level protocols.

Located between a mandatory http proxy server and the http clients (or before the NACS if no proxy exists), cctde is trying to detect if someone on the internal located network is using a CC|T (Covert Channel OR Tunneling) tool to bypass the NACS.

Located in front of corporate servers in DMZ, cctde is trying to detect if someone located on the Internet is using server side tools such as WebShell or Firepass to run across the NACS boundaries.

Cctde is currently designed as an analysis back-end for the Snort NIDS tool. Snort acts as a network sensor - recording data streams or not in tcpdump format binary files - and communicates with the cctde part using an Unix socket. Cctde then reads Snort alerts and pcap packets from the Unix socket and store them into memory. It is then possible to correlate recorded data in order to detect specific network activities.

Simon Castro
Current Cctde version: 0.2; README, CHANGELOG, EXAMPLES
Download | md5sum: a0fd7e48315d3e38b1c6a3fd689fb47a
http://gray-world.net/projects/cctde/cctde-0.2.tar.gz

Index of projects



Firepass - is a Perl tunneling tool, allowing to bypass firewall restrictions through the use of HTTP POST requests in order to build TCP or UDP tunnels.
[learn more]


Team member's sites: www.infosecwriters.com/ hhworld/ The Hitchhiker's World e-zine


GNU  GNU General Public License
 GNU Free Documentation License
IRC://irc.gray-world.net:6677/gray-world.net
CHANGELOG, MIRRORS, LEGAL NOTICE