%timeout 10
# FILE 20 - protocol violations

%test Invalid request line 1 
#####################################################
%status 400
%event 981227
%request
	GET / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5


%test Invalid request line 2
#####################################################
%status 400
%event 981227
%request
GET \index.html HTTP\1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5


%test Invalid request line 3 
#####################################################
%status 501
%event 960911
%request
|GET / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5


%test POST without content length
#####################################################
%output 960012
%event 960012
%request
POST / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Type: application/x-www-form-urlencoded


%test Invalid Request Body (multipart) 1
#####################################################
%event 960912|960914
#%event 960914
%output 960912|960914
%request
POST / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.3.2/form.html
Content-Type: multipart/form-data; boundary=---------------------------265001916915724
Content-Length: $CONTENT_LENGTH

-----------------------------265001916915724
Contt-Disposition: form-data; name="file"; filename="test"
Content-Type: application/octet-stream

Rotem & Ayala

-----------------------------265001916915724
Content-Disition: form-data; name="name"

tt2
-----------------------------265001916915724
Content-Disposition: form-data; name="B1"

Submit
-----------------------------265001916915724--


%test Invalid Request Body (multipart) 2 
#####################################################
%event 960912|960914
%output 960912|960914
%request
POST / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.3.2/form.html
Content-Type: multipart/form-data; boundary=---------------------------265001916915724
Content-Length: $CONTENT_LENGTH

-----------------------------265001916915724
Content-Disposition: form-data; name='name; filename="'; name=payload;" 
Content-Type: application/octet-stream

Rotem & Ayala

-----------------------------265001916915724
Content-Disposition: form-data; name="name"

tt2
-----------------------------265001916915724
Content-Disposition: form-data; name="B1"

Submit
-----------------------------265001916915724--


%test Invalid Request Body (multipart) 3 
#####################################################
%event 960915
%output 960915
%request
POST / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.3.2/form.html
Content-Type: multipart/form-data; boundary=---------------------------265001916915724
Content-Length: $CONTENT_LENGTH

-----------------------------265001916915724
Content-Disposition: form-data; name="file"; filename="test"
Content-Type: application/octet-stream

Rotem & Ayala

-----------------------------265001916915724
Content-Disposition: form-data; name="name"

tt2
-----------------------------265001916915724
Content-Disposition: form-data; name="B1"

Submit
-----------------------------265001916915725--


%test Invalid Request Body (multipart) 4 
#####################################################
%event 960000
%output 960000
%request
POST / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.3.2/form.html
Content-Type: multipart/form-data; boundary=---------------------------265001916915724
Content-Length: $CONTENT_LENGTH

-----------------------------265001916915724
Content-Disposition: form-data; name="fi;le"; filename="test"
Content-Type: application/octet-stream

Rotem & Ayala

-----------------------------265001916915724
Content-Disposition: form-data; name="name"

tt2
-----------------------------265001916915724
Content-Disposition: form-data; name="B1"

Submit
-----------------------------265001916915724--


%test Invalid Request Body (XML)
#####################################################
%event 960912
%output 960912
%request
POST / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.3.2/form.html
Content-Type: text/xml
Content-Length: $CONTENT_LENGTH

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <SOAP-ENV:Body>
      <xkms:StatusRequest xmlns:xkms="http://www.w3.org/2002/03/xkms#" Id="_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659" ResponseId="_c1c36b3f-f962-4aea-bfbd-07ed58468c9b" Service="http://www.soapclient.com/xml/xkms2">
      <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism>
      <xkms:RespondWith>http://www.w3.org/2002/03/xkms#X509Cert</xkms:RespondWith>
      </xkms:StatusRequest>
  </SOAP-ENV:Body><error></err>
</SOAP-ENV:Envelope>


%test Accept only digits in content length 1
#####################################################
%status 413
%event 960016
%request
POST / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Type: application/x-www-form-urlencoded
Content-Length: 3
Content-Length: 3

abc


%test Accept only digits in content length 2 
#####################################################
%status 413
%event 960016
%request
POST / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Type: application/x-www-form-urlencoded
Content-Length: 3;

abc


%test GET/HEAD Request with Body 
#####################################################
%output 960011
%event 960011
%request
GET / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Type: application/x-www-form-urlencoded 
Content-Length: 3

abc


%test Identity Content Encodings
#####################################################
%output 960902
%event 960902
%request
GET / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Encoding: Identity 


%test Expect Header 
#####################################################
%output 960022
%event 960022
%request
GET / HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Expect: 100-continue


%test Pragma Header Requires Cache-Control 
#####################################################
%output 960020
%event 960020
%request
GET / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Pragma: no-cache


%test Range Header 
#####################################################
%output 958291
%event 958291
%request
GET / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Range: bytes=0-


%test Duplicate Connection Headers 
#####################################################
%output 958295
%event 958295
%var connection=keep-alive
%var connection=close
%request
GET / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: $connection, $connection 

%test Validate Encoding (Request URI) 
#####################################################
%output 950107
%event 950107
%var encoded_arg=%1G
%var encoded_arg=%7%6F%6D%65%74%65%78%74%5F%31%32%33%
%request
GET /?parm=$encoded_arg HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7


%test Validate Encoding (Request Body)
#####################################################
%output 950108
%event 950108
%var encoded_arg=%1G
%var encoded_arg=%7%6F%6D%65%74%65%78%74%5F%31%32%33%
%request
POST / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: $CONTENT_LENGTH

param=$encoded_arg


%test Multiple URL Encoding
#####################################################
%output 950109
%event 950109
%var encoded_arg=%25%37%33%25%36%46%25%36%44%25%36%35%25%37%34%25%36%35%25%37%38%25%37%34%25%35%46%25%33%31%25%33%32%25%33%33%25%33%34
#%var encoded_arg=%7%6F%6D%65%74%65%78%74%5F%31%32%33%
%request
GET /?parm=$encoded_arg HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7


%test Validate Encoding (XML)
#####################################################
%event 950108
%output 950108
%request
POST / HTTP/1.1
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Content-Type: text/xml
Content-Length: $CONTENT_LENGTH

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <SOAP-ENV:Body>
      <xkms:StatusRequest xmlns:xkms="http://www.w3.org/2002/03/xkms#" Id="_6ee48478-fdd6-4d7d-b1bf-e7b4c3254659" ResponseId="_c1c36b3f-f962-4aea-bfbd-07ed58468c9b" Service="http://www.soapclient.com/xml/xkms2">
      <xkms:ResponseMechanism>http://www.w3.org/2002/03/xkms#Pending</xkms:ResponseMechanism>
      <xkms:RespondWith>%1Gwww.attack.org</xkms:RespondWith>
      </xkms:StatusRequest>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>


%test Validate encoding (negative, %u in req)
#####################################################
#%status 200
%event !50107
%request
GET / HTTP/1.1
X-Real-Content-Length: 803
Accept: */*
X-Original-Client: 212.199.066.195:01078
X-Unique-Transaction-Id: 54222
x-flash-version: 8,0,22,0
Cache-Control: no-transform
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 04 Aug 2004 13:45:45 GMT
If-None-Match: "2c011d-1708-4110e889"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: galim.org.il
Connection: Keep-Alive
Cookie: _HangMan=%u05D0%u05D0%u05D1%u05D2%u05D3%u05D4%u05D5%u05D6%u05D7%u05D8%u05D9%u05DB%u05DC%u05DE%u05E0%u05E1%u05E2%u05E4%u05E6%u05E7%u05E8%u05E9%u05EA%u05DC%u05D9%u05D1%20%u05D4%u05D0%u05D8%u05DC%u05D4*; request_uri=http%3A%2F%2Fpopup.galim.org.il%2Fcgi-bin%2Fgalim%2Fmywaves%2Fclick_milon.pl%3Fword%3D%EE%F9%E7%F7%E9%ED%26act%3Dhh%26visual%3D0


%test Validate utf-8 encoding
#####################################################
%output 950801
%event 950801
%var arg=%c0%af
%var arg=%c0
%var arg=%F5%80%BF%BF
%request
GET /?param=$arg HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7


%test Identify full-width unicode encoding
#####################################################
%output 950116
%event 950116
%request
GET /?param=foo%uFF01 HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7


%test Proxy access attempt
#####################################################
%output 960014
%event 960014
%request
GET http://www.some_remote_site.com/ HTTP/1.0
Host: www.some_remote_site.com 
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7


%test Validate Byte Range 1 (NulBytes) 
#####################################################
%output 960901
%event 960901
%request
GET /?param=foo%00 HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7


%test Validate Byte Range 2 (NulBytes)
#####################################################
%output 960018
%event 960018
%request
GET /?param=foo%09 HTTP/1.0
Host: local
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

%endtest