Closed 877jj0 closed 7 years ago
CONNECT
isn't supported by any pb route; you should be getting a 405 response from flask:
$ curl -X CONNECT http://localhost:10002
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method is not allowed for the requested URL.</p>
CONNECT encrypted.google.com:443 => generated 233 bytes in 1 msecs (HTTP/1.1 404) 3 headers in 104 bytes (1 switches on core 4)
The route encrypted.google.com:443
does not exist, so you got a 404 response I guess? The exact request was something like this, if you want to repro yourself:
printf "CONNECT encrypted.google.com:443 HTTP/1.1\r\n\r\n" | netcat $HOST $PORT`
TLDR: probably a bot seeing if you're running an open HTTP proxy (you are not).
I'm used to seeing users attempt file enumeration on my pb server, but today I saw an interesting
CONNECT
line in my syslog.Usually it's POST or GET. Could you possibly provide some insight into what kind of request it is, how it might effect the pb server and how it was create? I could't manage to replicate it.