[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Detecting the use of "curl | bash" server side

Remote servers can change their payload depending on whether they detect curl used standalone or if its outputs are piped into bash.

https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

The final advice:

The better solution is never to pipe untrusted data streams into bash. If you still want to run untrusted bash scripts a better approach is to pipe the contents of URL into a file, review the contents on disk and only then execute it.

This doesn’t apply to anything Whonix does as files downloaded are always verified before being read/executed.

Good to advertise indeed.

HulaHoop:

Remote servers can change their payload depending on whether they detect curl used standalone or if its outputs are piped into bash.

Not very hard. From my varnish knowledge I’d know how to set up
something like this.

The final advice:

The better solution is never to pipe untrusted data streams into bash. If you still want to run untrusted bash scripts a better approach is to pipe the contents of URL into a file, review the contents on disk and only then execute it.

This doesn’t apply to anything Whonix does as files downloaded are always verified before being read/executed.

Yes.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]