{"id":276,"date":"2011-08-15T13:27:17","date_gmt":"2011-08-15T12:27:17","guid":{"rendered":"http:\/\/www.floyd.ch\/?p=276"},"modified":"2011-07-28T13:29:22","modified_gmt":"2011-07-28T12:29:22","slug":"how-webservers-react-on-specific-characters","status":"publish","type":"post","link":"https:\/\/www.floyd.ch\/?p=276","title":{"rendered":"How webservers react on specific characters"},"content":{"rendered":"<p>One thing I did during my Master Thesis a while ago, was to test how different webservers react to all kind of characters. One of the first things I tested was all characters represented by one byte (00 to FF) and their percent encoded equivalents (%00 to %FF). Of course the results may vary with other server versions, server configurations, server side code, client libraries or the sent HTTP headers. For example python&#8217;s urllib2 is not able to send 0A (line feed) in an URI (which makes sense). I tried to use standard components as best as I could. The webservers I used were:<\/p>\n<ul>\n<li>An Apache 2.2.12 server (port 80), Ubuntu 9.10 machine with PHP 5.2.10<\/li>\n<li>On the same machine a Tomcat 6.0.26 server (port 8080) with JSP (Java Server Pages)<\/li>\n<li>On a Microsoft-IIS\/6.0, Windows 2003 Server R2\/SP2 with ASP.NET 2.0.50727 a script in C# on Virtualbox 3.1.8<\/li>\n<\/ul>\n<p>So here are the main results in one picture:<\/p>\n<p><a href=\"https:\/\/www.floyd.ch\/wp-content\/uploadedFilesToWordpress\/character_table.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.floyd.ch\/wp-content\/uploadedFilesToWordpress\/character_table-519x1024.png\" alt=\"character_table_for_testing_webservers\" title=\"character_table_for_testing_webservers\" width=\"519\" height=\"1024\" class=\"alignnone size-large wp-image-277\" srcset=\"https:\/\/www.floyd.ch\/wp-content\/uploadedFilesToWordpress\/character_table-519x1024.png 519w, https:\/\/www.floyd.ch\/wp-content\/uploadedFilesToWordpress\/character_table-152x300.png 152w, https:\/\/www.floyd.ch\/wp-content\/uploadedFilesToWordpress\/character_table.png 1057w\" sizes=\"auto, (max-width: 519px) 100vw, 519px\" \/><\/a><\/p>\n<p>The &#8216;Name&#8217; column means that the character was injected into the parameter name, e.g. na%00me=value&#038;a=b. The fields with &#8216;S&#8217; are explained in another section of my Master Thesis, but some of the time you can guess the behavior. E.g. I think you know what &amp; stands for in GET parameters, right? \ud83d\ude09<\/p>\n<p>This kind of information is useful when you are trying to write a fuzzer, that is more focused to do some tests that make sense. Would be interesting if this table is useful for someone else.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One thing I did during my Master Thesis a while ago, was to test how different webservers react to all kind of characters. One of the first things I tested was all characters represented by one byte (00 to FF) &hellip; <a href=\"https:\/\/www.floyd.ch\/?p=276\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,3],"tags":[16,15,14],"class_list":["post-276","post","type-post","status-publish","format-standard","hentry","category-web-application-fuzzing","category-web-penetration-testing","tag-control-characters","tag-fuzzing","tag-webserver-testing"],"_links":{"self":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=276"}],"version-history":[{"count":5,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/276\/revisions"}],"predecessor-version":[{"id":282,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=\/wp\/v2\/posts\/276\/revisions\/282"}],"wp:attachment":[{"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.floyd.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}