What it detects

  • Detects the presence of a device that manipulated HTTP request headers


  • A backend to be used for checking the tampering


A set of different requests are sent to the backend. Through a covert channel the client reports to the server the request it made. These are the requests that are made:

  • For every HTTP request method the CaPitaLization is varied
  • The content of the request is compressed using gzip and the gzip encoding header is added (Add more details?)


  • The backend checks if the received request matches the one that the client claims to have sent.


  • What kind of requests are being tampered with and the logs of the sent data and received data.


apparently they often remove the 'gzip' encoding by replacing it in-line with 'xxxx' or something similar - apparently this is to stop it from having to waste CPU on gzip decoding

Last modified 7 years ago Last modified on Jun 16, 2012, 5:11:39 PM