An update to ResponseCoder is available to allow manipulation of the HTTP version header - some examples are listed below:
HTTP/1.2 200 OK HTTP/12345 200 OK BLAH/1.1 200 OK
A quick test shows all three of the above examples work in the current version of Chrome, Internet Explorer supports the first two cases, whilst Firefox rejects all of them (displaying even the headers in the browser window).
This is significant, as many of the proxies, Intrusion Detection Systems, and next-generation firewalls we test have a fairly standard pattern match for the start of a HTTP response - typically this:
$match = /HTTP\/1\. 200 OK/
In other words, an adversary is likely to be able to bypass many filtering devices, simply by manipulating the version of HTTP in use.