Re: HTTP shimmed to HTTPS
On Mon 22 Jul 2019 at 15:48:08 (-0400), rhkramer@gmail.com wrote:
> On Monday, July 22, 2019 11:52:59 AM Greg Wooledge wrote:
> > On Mon, Jul 22, 2019 at 11:40:59AM -0400, rhkramer@gmail.com wrote:
> > > * but when I view source in my email client (kmail 3.n), I see just
> > > the "*
> > >
> > > From: Reco" that I see when viewing the email "normally".
> > >
> > > So, it seems, something is filtering out a lot of the content of the
> > > email before it gets to me (I don't think anything else in my system
> > > would be filtering anything out -- emails come directly from my ISP to
> > > my email client.
> > >
> > > A mystery that I won't dig into any deeper for now.
> >
> > Well, there are two possibilities. One is that the messages are actually
> > being truncated during transmission. The other is that your email user
> > agent is not showing you the full message text.
> >
> > The obvious way to figure out which one it is would be to read the email
> > in a different way (cat, less, mutt, mailx, ...).
>
> Ok, that fooled me -- I expected that the kmail command "view source" would
> let me see the entire email regardless of how it might be "rendered" in the
> kmail text box, but I was wrong.
>
> When I view that email in kwrite, I see all of the content, and, then around
> the email address (recoverym4n@enotuniq.net, after the * From: Reco in the
> body of the email I see two characters that look like triangles -- I'll try
> looking at those in hexedit...
>
> Ok, it looks like there is a 0x00 in the byte before the email address (which
> is presumably disabling all further rendering in this version of kmail
> (1.13.7, on kde 4.8.4), and a 0x09 in the byte after the email address.
>
> So, I guess I have a way to send secret messages (to, at least, myself ;-)
Here's what I see in mutt:
Date: Mon, 22 Jul 2019 06:32:36 -0700
From: peter@easthope.ca
Subject: Re: HTTP shimmed to HTTPS
X-Original-To: deblis@lionunicorn.co.uk
X-Original-To: lists-debian-user@bendel.debian.org
* From: Reco \200recoverym4n@enotuniq.net\200
* Date: Sun, 21 Jul 2019 10:47:18 +0300
wget -O - http://<siet>
curl -vL http://<siet> >/dev/null
nmap -sT -p 80 <siet>
Running emacs on the cached message, you can of course get help on
that that \200 actually is. I attach the result because it probably
has raw occurrences of the problematical character within it.
Cheers,
David.
position: 6244 of 12653 (49%), column: 19
character: � (displayed as �) (codepoint 4194176, #o17777600, #x3fff80)
preferred charset: tis620-2533 (TIS620.2533)
code point in charset: 0x80
syntax: w which means: word
category: L:Left-to-right (strong)
to input: type "C-x 8 RET HEX-CODEPOINT" or "C-x 8 RET NAME"
buffer code: #x80
file code: #x80 (encoded by coding system raw-text-unix)
display: no font available
Character code properties: customize what to show
general-category: Cn (Other, Not Assigned)
decomposition: (4194176) ('�')
There are text properties here:
fontified t
Reply to: