We'll be plugging hogwash into the defcon CTF network in front of a stock, unpatched redhat-6.2 box. (WU-FTP, rpc.statd, etc) to see how long it lasts.
Jason
uni_scrub translates unicode encoded urls into plain text. For example %c0%af gets translated back into a "/". It defeats the unicode directory transversal attacks including the two pass ones.
The stock rules should work now. Sorry guys, editor problem :)
Jason
Jed has created a setup script that should work on most platforms. Just untar the tarball and type ./setup and it will create the executable in the main hogwash directory. E-mail Jed with problems.
This is it. We're putting up the official hogwash site. Look for CVS in the next couple of days.
This is it. We're putting up the official hogwash site. Look for CVS in the next couple of days.