HTTP Traffic Redirection v0.1
Nowadays, navigating the Internet with an oudated version of a browser could be harmful to your computer as many malwares spread by exploiting vulnerabilities in browers.
With Haka, we can avoid such attacks. The idea is simple and consists in redirecting http requests issued by outdated browsers by modifying the http content on the fly.
We need to create a group named 'safe_update' with two rules:
- The first rule will only authorise http traffic to update servers (e.g. mozilla.org). This is done by checking the 'Host' header.
- The second rule will redirect requests to an update server if the 'User-Agent' header is detected as obsolete. This rule shows Haka capabilities to modify http headers response on the fly in order to redirect requests.
safe_update:rule{
hooks = { 'http-response' },
eval = function (self, http)
local host = http.request.headers['Host'] or ''
for _, dom in ipairs(update_domains) do
if string.find(host, dom) then
haka.log("Filter", "Requesting an update domain")
return true
end
end
end
}
safe_update:rule{
hooks = { 'http-response' },
eval = function (self, http)
local UA = http.request.headers["User-Agent"] or "No User-Agent header"
haka.log("Filter", "UA detected: %s", UA)
local FF_UA = (string.find(UA, "Firefox/"))
if FF_UA then -- Firefox was detected
local version = tonumber(string.sub(UA, FF_UA+8))
if not version or version < last_firefox_version then
haka.alert{
description= "Firefox is outdated, please upgrade",
severity= 'medium'
}
-- redirect browser to a safe place where updates will be made
http.response.status = "307"
http.response.reason = "Moved Temporarily"
http.response.headers["Content-Length"] = "0"
http.response.headers["Location"] = firefox_web_site
http.response.headers["Server"] = "A patchy server"
http.response.headers["Connection"] = "Close"
http.response.headers["Proxy-Connection"] = "Close"
-- dump the response for illustrative purpose
http.response:dump()
end
else
haka.log("Filter", "Unknown or missing User-Agent")
end
end
}
Refer to the filter tutorial to see the full script.