SQLite is probably the most popular embedded database in use today; it
is also known for being very well-tested and robust.
Because of its versatility, SQLite sometimes finds use as the
mechanism behind SQL-style query APIs that are exposed between
privileged execution contexts and less-trusted
Yello,
The recent release of Firefox 32 fixes another interesting image
parsing issue found by afl [1]: following a refactoring of memory
management code, the past few versions of the browser ended up using
uninitialized memory for certain types of truncated images, which is
easily measurable
Hey all,
Since I haven't really ever properly done it, i wanted to officially
announce american fuzzy lop, a novel instrumentation-driven fuzzer
that, among other things, had some luck finding a bunch of fairly
interesting image parsing security issues (e.g., CVE-2013-6629,
CVE-2013-6630).
OK, this is more fun than any immediate risk...
Those of you who follow web security topics probably remember that
until mid-2010, you could extract very substantial chunks of one's
browsing history by applying distinctive styling to thousands of
off-screen :visited links and then reading that
Dearly beloved,
So, for one reason or another, the IJG jpeg library has gained some
notoriety as one of the most robust pieces of complex,
security-critical C code. Despite countless fuzzing efforts, I don't
recall any reports of serious vulnerabilities at least since the
release of jpeg6b in
for doing this features in httpd.conf you can use AllowOverride None instead
of AllowOverride all
AllowSymlinks is a red herring here (hardlinks should do, unless you
have stuff partitioned in a very thoughtful way, which most don't),
similarly to suexec.
In general, sharing web hosting
Another moderately interesting tidbit, I guess...
It is an important and little-known property of web browsers that one
document can always navigate other, non-same-origin windows to
arbitrary URLs. Perhaps more interestingly, you can also navigate
third-party documents to resources served with
IMHO, anyone who willingly, knowingly places customer data at risk by
inviting attacks on their production systems is playing a very dangerous
game. There is no guarantee that a vuln discovered by a truly honest
researcher couldn't become a weapon for the dishonest researcher through
A you-only-get-it-when-successful 20,000$ budget from Google is
insulting, considering the perhaps massive time investment from
the researcher. [...] and yet they only pay a nice researcher 20
grand? You can't even live on that. Researchers aren't just kids
with no responsibilities, they have
Hey,
Hopefully this won't offend the moderators:
http://googleonlinesecurity.blogspot.com/2012/04/spurring-more-vulnerability-research.html
I suspect I know how the debate will be shaped - and I think I can
offer a personal insight. I helped shape our vulnerability reward
program from the start
So just for the record, version 3.00 is now officially out:
http://lcamtuf.coredump.cx/p03/. Many thanks to countless people who
submitted signatures and bug fixes, including:
Phil Ames
Jason DePriest
Dalibor Dukic
Mark Martinec
Damien Miller
Nibbler
Bernhard Rabe
Chris John Riley
Hi folks,
I wanted to share the news of p0f v3, a complete rewrite and redesign
of my passive fingerprinting tool.
== Synopsis ==
P0f is a tool that utilizes an array of sophisticated, purely passive
traffic fingerprinting mechanisms to identify the players behind any
incidental TCP/IP
With the growing enthusiasm about CSP and other script containment
frameworks, I tried to put down some rough notes about the fundamental
exploitation vectors that would be available in absence of the ability
to execute scripts - and tried to see how these attacks correspond to
what XSS attacks
[ Resubmitting - I think the original post did not go through last
week, but some of the responses did, so probably an accident. ]
---
I think we greatly underappreciate the extent to which JavaScript
allows you to exploit the limits of human perception. On modern
high-performance systems,
Interesting stuff indeed. However, I don't see you talk about a solution.
Why is that?
Because it's bugtraq / full-disclosure, where people generally talk
about vulnerabilities...
I'm not sure I follow your drift about Firefox, I don't believe it's
mentioned anywhere.
Anyhow, correct me if
And you don't believe that people would think that's suspicious?
What part? The change of a URL that is not associated with the
repainting of window contents? I believe that they are very unlikely
to catch this after initially examining the URL, in absence of other
indicators (change in URL
Just another short note... this is a somewhat compelling and entirely
unnecessary phishing opportunity - and a tiny symptom of the mess with
URL handling.
Firefox and Opera allow you to omit MIME type in data: URLs, possibly
put random garbage into that section, and still get a valid HTML
Hello world,
Another whimsical browser proof-of-concept:
http://lcamtuf.coredump.cx/switch/
It seems that relatively few people realize that holding a JavaScript
handle to another window (either because we opened it, or because the
window was at some point displaying our content) allows the
Chrome shows this: http://pastebin.com/iNYAwkY4 in the address bar.
That's the intended effect.
/mz
Evening,
This party trick is not particularly exciting, but hopefully
highlights a vaguely interesting point:
http://lcamtuf.coredump.cx/cachetime/
In essence, in the past few years, browser vendors have severely
crippled CSS :visited selectors in order to prevent CSS-based history
snooping
Ubuntu's reseed(8) can be used to seed the PRNG state of a host. The
script is run when the package installed, and anytime su executes the
script.
reseed(8) performs a unsecured HTTP request to random.org for its
bits, despite random.org offering HTTPS services.
This resulted in a couple of
[ But for what it's worth, I am willing to bet that the script was
added without analyzing these subtle considerations, and that makes it
somewhat scary on its own accord. ]
/mz
Hi all,
Thanks for all the submissions. Here's the official lineup:
http://www.usenix.org/events/woot11/tech/
/mz
is 11:59 p.m. Pacific time on
Monday, May 2, 2011.
We look forward to your submissions.
David Brumley, Carnegie Mellon University
Michal Zalewski, Google
A lot of people are failing to see the vendors customer side of things.
Industrial Control Systems (ICS), SCADA users, historically have their
focus on availability (you don`t want you electricity/water/petrocehmicals
being cut now do you) and safety (no one want to die making sure you get
Analogy: Car owner has his car speed up ending up in almost near
catastrophe. Car owner goes to media outlets condemning the
manufacturer: How could you be so reckless! Thousand of lives...
Reality: Car manufacturer was never made aware of the issue. How do you
propose a manufacturer fix an
I believe the best course of action for a SCADA vulnerability would be to
let the vendor know first,
That's fine, but the controversy around the proper mode of disclosure
is here to stay. For every good argument you make, there is an equally
compelling counter-argument that other reasonable
University
Michal Zalewski, Google
Hi list,
== SUMMARY ==
I am happy to announce the availability of cross_fuzz - an amazingly
effective but notoriously annoying cross-document DOM binding fuzzer that
helped identify about one hundred bugs in all browsers on the market - many
of said bugs exploitable - and is still finding more.
Hi folks,
Two minor things that do not deserve a lengthy discussion, but are
probably mildly interesting and worth mentioning for the record:
1) Chrome browser is an interesting example of the perils of using
minimalistic window chrome, allowing multiple windows to be spliced
seamlessly to
1) Yup, pretty unconvincing. Though one could separate window shadows,
I'm guessing you have your window manager configured to render window
shadows. In this case, this is less plausible, yup, unless you do the
inverted gradient trick.
2) Where is here? :)
I tried to dig something up, but
Hi folks,
Firefox 3.6.13 fixes an interesting bug in their same-origin policy
logic for pseudo-URLs that do not have any inherent origin associated
with them. These documents are normally expected to inherit the
context from their parent, or be assigned a unique one. This didn't
work as expected
body onload=location='';alert('DoS');
Welcome to the world of browsers. You could just as easily do
while(1) alert(1). See:
http://code.google.com/p/browsersec/wiki/Part2#Defenses_against_disruptive_scripts
/mz
This reminded me of a bunch of problems I spotted in Juniper SSL VPN a
while ago; they are apparently fixed, but I don't recall seeing any
public vendor advisory / credit for reporting them - so here you go,
even if just for the record...
These were fixed by Juniper in IVE 6.3R1, 6.2R3, 6.1R5,
Eh, you can see where it came from though. Design bugs like this are
absolutely miserable to fix (see how we'll never get rebinding out of the
browser) and letting identical IP's script against eachother lets an awful
lot of legitimate traffic through while blocking almost all attacks.
Security-Assessment.com follows responsible disclosure
and promptly contacted Oracle after discovering
the issue. Oracle was contacted on August 1,
2010.
My understanding is that Stefano Di Paola of Minded Security reported
this back in April; and further, the feature was a part of reasonably
Not to rain on your parade, but...
Netscape v9.0.0.6
AOL formally stopped development of Netscape Navigator on December
28, 2007, but continued supporting the web browser with security
updates until March 1, 2008, when AOL canceled technical support.
If you are using a browser abandoned by the
Err, the subject should read hijacking, not spoofing. Sorry, not
very awake today.
/mz
Hi,
This may be of some interest to people on the list:
http://lcamtuf.blogspot.com/2010/08/on-designing-uis-for-non-robots.html
In general, there is a class of UI design problems that trace back to
the failure to account for the inherent limitations of human
cognition; the specific example
Originally developed in 2008, crashed every browser on the market back then:
http://lcamtuf.blogspot.com/2010/06/announcing-reffuzz-2yo-fuzzer.html
The release of MS10-035 probably fixes the last of the known
exploitable issues it triggered.
/mz
Hi folks,
I am happy to announce the availability of skipfish - our open-source,
fully automated, active web application scanner. There are several
things that probably make it interesting:
1) High speed: pure C code, highly optimized HTTP handling, minimal
CPU footprint - easily achieving 2000
[ I promise to post something more interesting shortly - but in the
meantime, I wanted to drop a quick note about something kinda amusing.
]
There was a considerable amount of buzz around clickjacking [1] in the
past year or so. It is commonly believed that this simple attack can
only be
From the post:
Checkmarx Research Labs has identified a new critical vulnerability in
Internet Explorer (other browsers are probably exposed the same way) that
would allow hackers to easily compromise web applications.
I'm sorry if this response sounds harsh, but phrases such as critical
Aditya,
Video: http://www.secniche.org/videos/google_chrome_link_inj.html
You might find it informative to review the section of BSH on URL parsing:
http://code.google.com/p/browsersec/wiki/Part1#Uniform_Resource_Locators
There are many known quirks related to URL parsing; the practice of
The W3C DOM specifies the select.length attribute to be *read only*.
Does not seem to be the case in HTML5 at least?
http://dev.w3.org/html5/spec/Overview.html#the-select-element
In fact, it has the behavior for writes defined:
On setting, it must act like the attribute of the same name on
http://www.w3.org/TR/REC-DOM-Level-1/level-one-html.html
--
readonly attribute long length;
--
That was DOM Level 1 (1999). Even level 2 (2000) has this as read-write:
+ The bug was present in a 9 year old version of Netscape - draw your own
conclusions.
There are literally thousands of HTML- and JavaScript-related denial
of service vectors in modern browsers. If you want a silly, ad hoc
example I just made up on the spot (and so could any reader of the
Yes, we all know that. The flaw here was not looping on itself a
thousands of times, wow. It was a DOM implementation flaw.
The code created an oversized list, which does not seem to be that far
from creating an overly nested DOM tree, or drawing an oversized
CANVAS shape, or any
To bypass protection from JavaScript code execution via refresh header it's
needed to use data: URI, which will be containing requisite JS code.
[...] After I informed Mozilla, they declined to fix this vulnerability.
Refresh or Location redirection in Firefox will not bestow a
security
refresh: 0; URL=javascript:alert(document.cookie)
The code will work in context of this site.
...which happens to be covered here for half a year or so:
http://code.google.com/p/browsersec/wiki/Part2#Redirection_restrictions
I can't see how this could be a vulnerability per se, although
Hi all,
I am way behind on this, so I wanted to drop a quick note regarding
some of my vulnerabilities recently addressed by browser vendors - and
provide some possibly interesting PoCs / fuzzers to go with them:
Summary : MSIE same-origin bypass race condition (CVE-2007-3091)
Impact :
.html can be crafted to force a unaware user to read file from local, and
then possibly send it to a server.
Yup, this is an unfortunate, legacy property, not specific to any
particular browser; it is also fairly well-known and documented; see:
Bugzilla entry: https://bugzilla.mozilla.org/show_bug.cgi?id=465615
Isn't that a duplicate of Guninski's bug from 2007?
https://bugzilla.mozilla.org/show_bug.cgi?id=393832
/mz
Browsers like MOZILLA, Chrome etc are having well
designed and effective status address bars.
None of which had ever served, nor is meant to serve, as a security indicator.
/mz
Hi all,
I am happy to announce the availability of our Browser Security Handbook
- a comprehensive, 60-page document meant to provide web application
developers and information security researchers with a one-stop reference
to several hundred key security properties and sometimes
Hi all,
I am happy to announce that we've just open sourced ratproxy - a free,
passive web security assessment tool. This utility is designed to
transparently analyze legitimate, browser-driven interactions with tested
web applications - and automatically pinpoint, annotate, and prioritize
Hi,
I'd like to announce tmin - a free, quick, and handy tool to quickly and
effortlessly minimize the size and syntax of complex test cases in
automated security testing. I found the tool to be remarkably useful, as
it saved me from hours of manual guesswork a number of times already - so
I
Hi,
Along with my colleague Filipe Almeida, I'd like to announce the
availability of DOM Checker, an automated tool for validating browser
security policy enforcement. The project is hosted at:
http://code.google.com/p/dom-checker/
The tool features several fairly neat features, including
On Thu, 3 Jan 2008, avivra wrote:
http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
Although it's amusing Firefox filters '' in this prompt to begin with,
rather than designing it more wisely not to render attacker-controlled
text inline (use a table
On Tue, 20 Nov 2007, Kapetanakis Giannis wrote:
I would consider this a feature of the X509 standard and not a bug.
The behavior is remarkably counterintuitive. It could be reasonably
expected for the browser to properly communicate the situation (show a
list of aliases) to the user, or better
Hi all,
Just a quick note - I would like to announce the availability of our
general-purpose closed loop protocol-blind fuzzer for open source C code:
http://code.google.com/p/bunny-the-fuzzer/
Bunny uses automatically generated C-level instrumentation to focus on
runtime inputs observed to
On Sat, 4 Aug 2007, Michal Bucko wrote:
The results made me think the example is pretty nice and effective.
Yes, sure, I can imagine - but so is click this .exe to see a postcard
from your grandma type spam.
To clarify, I have three issues with your report:
1) Status bar text is inherently
On Fri, 3 Aug 2007, Michal Bucko wrote:
http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html
This is a very weak case, I would say. With the way things work, status
bar is not and cannot be a reliable indicator of the target URL, and this
is known and had been abused for years:
a
Hello again,
Microsoft Internet Explorer seems to have a soft spot for browser
entrapment vulnerabilities. Just to recap, in these attacks, the user is
made believe he had left a webpage (and the URL bar or SSL state data
reinforce him in this belief) - but in reality, is prevented from doing
so,
There is an interesting vulnerability in how Mozilla Firefox handles
internal wyciwyg:// pseudo-URIs. These cache-related resource identifiers
are meant to be inaccessible by the user - but there are at least three
routes to bypass these restrictionss, one of which - HTTP 302 redirect -
also
On Sat, 7 Jul 2007 [EMAIL PROTECTED] wrote:
1. Firefox 2.0.0.4 Remote Denial of Service Vulnerability
http://sapheal.hack.pl/phun/ff2die/
This does not crash on me, and I can't see a likely mechanism of action
that would lead to a DoS condition. The way I read it, the code does not
seem to be
On Mon, 25 Jun 2007, Larry Seltzer wrote:
It looks different on my system: http://www.larryseltzer.com/safe2.png
Safari 3.0.2 on XPSP2
Looks simply like a difference in system fonts used on your machines. The
attack relies on padding the hostname with Unicode characters that, for
the typeface
On Wed, 13 Jun 2007, Robert Swiecki wrote:
The flaw exists in the javascript's window.setTimeout() implementation.
Forgive me the rant, but... all other recently reported problems aside,
seeing this, I can only ask - which rock did Safari developers hide under
for the past 8 years or so?
I
Hello,
Will keep it brief. A couple of browser bugs, fresh from the oven, hand
crafted with love:
1) Title: MSIE page update race condition (CRITICAL)
Impact : cookie stealing / setting, page hijacking, memory corruption
Demo : http://lcamtuf.coredump.cx/ierace/
...aka the
On Tue, 17 Apr 2007, Michal Bucko wrote:
Function of a prototype isChecked (char*) (in toolbar.dll) is vulnerable
to buffer overrun. Arbitrary code execution might be possible.The
problem occurs when
767B49 MOV ECX,[EAX+140]
data is being copied into the buffer of an insufficient size.
On Sun, 25 Feb 2007, Stan Bubrouski wrote:
http://lcamtuf.coredump.cx/ietrap/testme.html
This bug was fixed in 2.0.0.2, released Friday Feb 23.
No it most certainly wasn't, do your homework next time.
Actually, the story is kinda funny, but yeah, it seems that it's fixed
now.
The story: I
On Fri, 23 Feb 2007, Jeffrey Katz wrote:
Just checked on IE 7.0.5730.11 -- doesn't exhibit problem.
Most certainly does; you might have scripting disabled, or be
experiencing some other anomaly, but for much of the population, the
attack works as advertised on that version.
/mz
On Fri, 23 Feb 2007, Michal Zalewski wrote:
Firefox isn't outright vulnerable to this problem, but judging from its
behavior, it is likely to be susceptible to a variant of this bug
And indeed, susceptible it is. On the surface, the problem is even more
serious: the unloaded page can run
While researching my previous report on MSIE7 browser entrapment, I
noticed that Firefox is susceptible to a pretty nasty, and apparently
easily exploitable memory corruption vulnerability. When a location
transition occurs and the structure of a document is modified from within
onUnload event
There is a cool combination-type vulnerability in MSIE7 that allows the
attacker to:
a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left
by normal means (this is a known brain-damaged design of onUnload
Javascript handlers),
b) Spoof transitions between pages
On Thu, 22 Feb 2007, pdp (architect) wrote:
michal, is that a feature or a bug? maybe it is not obivous to me what
you are doing but it i feel that it is almost like asking the user to
bookmark a bookmarklet.
Bookmarklets should be bookmarkable only manually, with user knowledge and
consent
On Thu, 22 Feb 2007, pdp (architect) wrote:
This vulnerability is cute but not very useful mainly because a lot of
social engineering is required.
Well, very little trickery is required - having a person bookmark an
interesting page and then reopen it later on, while the browser is still
on
Firefox suffers from a design flaw that can be used to confuse casual
users and evoke a false sense of authority when visiting a fraudulent
website. The flaw can be also used to bypass a fix for an old UI spoofing
bug that was thought to be addressed. This is a relatively minor issue,
but I
On Sat, 17 Feb 2007 [EMAIL PROTECTED] wrote:
I tested it in IE7 and has the same problem. Opera 9.10 blocks the
opening of the new window but fails in the second button.
With MSIE7, it is possible only if you check 'Allow websites to open
windows without address or status bar' for that
On Thu, 15 Feb 2007, 3APA3A wrote:
Mitigating factor: it doesn't work through proxy, because for proxy URI
is sent instead of URL and request will be incomplete.
Yup. Depends on the proxy, actually ('GET http://evil.com' might get
parsed as HTTP/0.9) - but Squid, both in direct and in reverse
On Tue, 13 Feb 2007, Andreas Beck wrote:
Let scripts and form parser handle upload fields just as usual form
fields. Prefilling them with VALUE, changing them from script, etc. pp.
BUT: Warn the user about uploading files.
The problem here is that a majority of users find browser warnings
On Tue, 13 Feb 2007, Gadi Evron wrote:
I have to agree with a previous poster and suspect (only suspect) it
could somehow be a backdoor rather than a bug.
You're attributing malice to what could be equally well (or better!)
explained by incompetence or gross negligence. The latter two haunt
On Sun, 11 Feb 2007, pdp (architect) wrote:
IE is vulnerable too, since I used to play around with this bug long
time ago.
Possibly MS00-093, but that's long fixed. But yes, MSIE variant is
possible, though more contrived.
/mz
On Sun, 11 Feb 2007, pdp (architect) wrote:
here is an idea... we can combine both techniques into a single
attack... the hardest part of your hack is to force the user to type
:// plus several other /
Actually, MSIE doesn't require drive specification in the filename, and
will probably
On Sun, 11 Feb 2007, Michal Zalewski wrote:
http://lcamtuf.coredump.cx/focusbug/index.html (FF)
http://lcamtuf.coredump.cx/focusbug/ieversion.html (MSIE)
Paul Szabo pointed out that this is related to exploits posted by Charles
McAuley and Bart van Arnhem in June 2006 (CVE-2006-2894
On Sun, 11 Feb 2007, Ben Bucksch wrote:
Filed as bug 370092 https://bugzilla.mozilla.org/show_bug.cgi?id=370092
As per my later posts, this problem might be already in Bugzilla (a
variant of it was reported in mid-2006, and possibly independently as
early as in 2000).
BTW: Your last bug
After some research, I can offer this clarification:
1) The MSIE 7 attack vector I described is a distinctive, new
vulnerability that differs from the attack reported by Charles
McAuley and Bart van Arnhem. Attacks described by them were
fixed in MSIE7 (although MSIE6 is still
On Mon, 12 Feb 2007, Paul Szabo wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=304480
https://bugzilla.mozilla.org/show_bug.cgi?id=56236
https://bugzilla.mozilla.org/show_bug.cgi?id=258875
This probably explains why the core of the problem wasn't fixed for
Firefox: reports were
On Mon, 12 Feb 2007, [ISO-8859-1] Claus Färber wrote:
A proper solution would be to keep a list of files explicitly selected
by the user and only allow uploads of files in this list. Then even if a
script can manipulate the field, the browser won't upload files that
have not been selected by
On Sun, 11 Feb 2007, Michal Zalewski wrote:
This was tested with 2.0.0.1. Opera is most likely not vulnerable;
Microsoft Internet Explorer is not vulnerable as-is, but might be
vulnerable to a variant of the attack.
And indeed - here's a MSIE 7.0 demo:
http://lcamtuf.coredump.cx/focusbug
There is an interesting logic flaw in Mozilla Firefox web browser.
The vulnerability allows the attacker to silently redirect focus of
selected key press events to an otherwise protected file upload form
field. This is possible because of how onKeyDown / onKeyPress events are
handled, allowing
On Tue, 6 Feb 2007, Chris Anley wrote:
http://www.ngssoftware.com/research/papers/Randomness.pdf
Nice paper, and quite certainly helpful for security testers as far as
showing the weakness of standard library PRNGs to others goes.
The idea is eventually to have a tool that performs
On Tue, 6 Feb 2007, Amit Klein wrote:
I don't think that the method described in the paper you referenced
above is applicable as-is [...] (only 32 bits out of the 48 are known).
There are attacks published for just about any variant of LCG imaginable,
including ones with missing MSB/LSB output
On Mon, 5 Feb 2007, pdp (architect) wrote:
You may as well use a QuickTime .mov/.qtl or a PDF document to open a
file:// link . I think it is easier.
Sure. You can probably have a file:// link in Open Office / MS Office
documents as well; but these all rely on external components, and as such,
On Mon, 5 Feb 2007, NGSSoftware Insight Security Research wrote:
Jetty generates a 64-bit session id by generating two 32-bit numbers in
this way, so we end up with an encoded 64-bit integer. By decoding the
integer and splitting it into its two component 32-bit integers, we can
easily
On Sat, 3 Feb 2007, Michal Zalewski wrote:
xmlhttp.open(GET\thttp://dione.ids.pl/\tHTTP/1.0\n\n;, x,true);
Funny enough, Paul Szabo was quick to point out that Amit Klein found the
same vector that I used here for client-side backdoors in May 2006 (still
not patched?! *shrieks in horror
On Sat, 27 Jan 2007, Michal Zalewski wrote:
I'd like to announce the availability of 'stompy', a free tool to perform
a fairly detailed black-box assessment of WWW session identifier
generation algorithms.
I'm genuinely surprised by the amount of (mostly positive ;-) feedback I
got! Just
Hi all,
I'd like to announce the availability of 'stompy', a free tool to perform
a fairly detailed black-box assessment of WWW session identifier
generation algorithms. Session IDs are commonly used to track
authenticated users, and as such, whenever they're predictable or simply
vulnerable to
On Tue, 9 Jan 2007, Alessandro Dellavedova wrote:
am I wrong or the mechanism that you implement is similar to the one
implemented in lft (Layer Four Traceroute http://pwhois.org/lft/ ) ?
No, what you describe is similar to tcptraceroute, from what I understand
(they use stray SYNs or RSTs or
I'd like to announce the availability of a free security reconnaissance /
firewall bypassing tool called 0trace. This tool enables the user to
perform hop enumeration (traceroute) within an established TCP
connection, such as a HTTP or SMTP session. This is opposed to sending
stray packets, as
1 - 100 of 180 matches
Mail list logo
