Praetorian Prefect » CPL http://praetorianprefect.com Information security, a little slower...a little deeper Thu, 29 Jul 2010 16:38:31 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 RickRoll Everyone with BlueCoat http://praetorianprefect.com/archives/2009/04/rickroll-everyone-with-bluecoat/ http://praetorianprefect.com/archives/2009/04/rickroll-everyone-with-bluecoat/#comments Thu, 16 Apr 2009 14:51:03 +0000 JD McCloud https://praetorianprefect.com/blog/?p=5 Bluecoat SGOS can do a fair amount of stuff just like any web-proxy should, but my favorite is to RickRoll the whole company. ( People spend to much time on youtube as is ).]]> BlueCoat Proxy

The Bluecoat SGOS can do a fair amount of stuff just like any web-proxy should, but my favorite is to RickRoll the whole company. ( People spend to much time on youtube as is ).

In this example users are authenticated with NTML back ended by Windows Active Directory. See the docs from Bluecoat on how to set this up.

Definitions Conditions

Conditions allow you to control when things should happen. They do nothing by themselves, but get put together later to preform some real fun.

The first definition here matches only member of the group DOMAINpxy_rickrolld. You could make this users or just about that think you would like. I choice the group method to make it simple to add and remove effected users.

define condition group_to_be_rickrolled
    realm=active_directory group=DOMAIN\pxy_rickrolld 
end

The second definition just matches does a REGEX to match the domain “youtube” and looks for the string “watch” in the url path. The use of REGEX really is not the best way to do this, but I figured showing both methods of matching was worth the slight performance hit.

define condition match_url_to_rickroll
    url.host.regex="youtube" url.path.substring=watch 
end

Definitions Actions

Actions are define something to do with a request. In this case we are going to rewrite the request and change the video to the “oHg5SJYRHA0“.

define action youtube_change_to_rickroll
  rewrite( url, "(http://.*/watch?v=)([^&]+)(.*)", "$(1)oHg5SJYRHA0$(3)" )
end

Given the initial url of “http://www.youtube.com/watch?v=OBghD0XBN5M&feature=related“.

The rewrite functions second argument is a REGEX that stores the following:

  • http://www.youtube.com/watch?v=” in variable “$(1)“.
  • &feature=related” in variable “$(3)“.

The third argument is the Newly created url that simply puts the data back together with our selected Video ID.

Proxy Section

Now that you have everything defined you need to put it all to use.

<Proxy> 
    condition=match_url_to_rickroll condition=group_to_be_rickrolled 
action.youtube_change_to_rickroll(yes)

This will pull all the define from above to select when to preform the rewrite function. Putting this in place is fun, but it really does make people mad for some reason.

Completed Fun

define condition group_to_be_rickrolled
    realm=active_directory group=DOMAIN\pxy_rickrolld 
end
define condition match_url_to_rickroll
    url.host.regex="youtube" url.path.substring=watch 
end 
define action youtube_change_to_rickroll
  rewrite( url, "(http://.*/watch?v=)([^&]+)(.*)", "$(1)oHg5SJYRHA0$(3)" )
end

<Proxy> 
    condition=match_url_to_rickroll condition=group_to_be_rickrolled 
action.youtube_change_to_rickroll(yes)

Results

Well of course it had to be done.

Related Posts:


]]> http://praetorianprefect.com/archives/2009/04/rickroll-everyone-with-bluecoat/feed/ 0