Interesting `CONNECT` line in my syslog

[877jj0]

I'm used to seeing users attempt file enumeration on my pb server, but today I saw an interesting CONNECT line in my syslog.

Jul 04 uwsgi[ ]: [pid: |app: 0|req: ] 192.168.0.12 () { vars in bytes} [Tue Jul 4 2017] CONNECT encrypted.google.com:443 => generated 233 bytes in 1 msecs (HTTP/1.1 404) 3 headers in 104 bytes (1 switches on core 4)

Usually it's POST or GET. Could you possibly provide some insight into what kind of request it is, how it might effect the pb server and how it was create? I could't manage to replicate it.

[buhman]

CONNECT isn't supported by any pb route; you should be getting a 405 response from flask:

$ curl -X CONNECT http://localhost:10002
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method is not allowed for the requested URL.</p>

CONNECT encrypted.google.com:443 => generated 233 bytes in 1 msecs (HTTP/1.1 404) 3 headers in 104 bytes (1 switches on core 4)

The route encrypted.google.com:443 does not exist, so you got a 404 response I guess? The exact request was something like this, if you want to repro yourself:

printf "CONNECT encrypted.google.com:443 HTTP/1.1\r\n\r\n" | netcat $HOST $PORT`

---

TLDR: probably a bot seeing if you're running an open HTTP proxy (you are not).