Jump to content

Metasploit/EvasionOptions/HTTP::compression

From Wikibooks, open books for an open world

HTTP compression insures that data transferred between web servers and client browsers uses minimum bandwidth. The most common compression methods are deflate and gzip which are negotiated by the browser and server before the data transfer begin. Browsers will send an accept encoding field specifying all the supported encoding schemes and the server will select any supported schemes to compress the data:
Accept-Encoding: gzip, deflate
Many IDS/IPS and firewall have static signatures for either normal HTTP request/response and/or HTTP data compressed with the most common compression schemes. Users can use more compression methods that are commonly supported by the browsers and servers but are not implemented within the IDS/IPS filters.