Shared Dictionary Compression over HTTP (SDCH) - Bypassing your Filtering Devices

Following Cyberis’ recent articles on bypassing perimeter filtering devices (e.g. proxies, IDS and next-generation firewalls) by manipulating HTTP response headers, we’ve taken a closer look at some more obscure Content-Encoding mechanisms. This article discusses Shared Dictionary Compression over HTTP (SDCH), and the implications for perimeter security controls designed to protect your network from unwanted content.

Update to ResponseCoder

An update to ResponseCoder is available to allow manipulation of the HTTP version header - some examples are listed below:

HTTP/1.2 200 OK
HTTP/12345 200 OK
BLAH/1.1 200 OK

A quick test shows all three of the above examples work in the current version of Chrome, Internet Explorer supports the first two cases, whilst Firefox rejects all of them (displaying even the headers in the browser window).