Handle limited payload size #4187
Labels
Feature
Issue that describes a new feature to be implemented.
Comments
mssalvatore
added a commit
to guardicode/agentpluginapi
that referenced
this issue
Jun 10, 2024
UUIDs are 128 bits long and, in string format, consist of 36 characters. This is a much larger set of possible values than is required for our purposes. Furthermore, we can increase entropy by increasing the character set used in generating ReservationIDs. This will allow us to have a large enough set of possible values using much less characters, allowing agent binary download URLs to be significantly shortened. Issue guardicore/monkey#4187
mssalvatore
added a commit
that referenced
this issue
Jun 10, 2024
Per Issue #4187, there are cases when download strings must be shorter. In order to achieve this, random strings from a set of 62 characters are generated. Using 5 characters gives something like 916M possible values, which is more than enough for any single agent.
5 tasks
mssalvatore
added a commit
to guardicode/agentpluginapi
that referenced
this issue
Jun 11, 2024
mssalvatore
added a commit
that referenced
this issue
Jun 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Some exploits have a limited payload size. Right now our payloads are long, they contain OTP's, binary download ID's, etc.
Describe the solution you'd like
Add infrastructure or shorten the payloads to be able to use exploits with limited size payload. The current goal is that the payload wouldn't exceed 64 characters (tied to https://www.exploit-db.com/exploits/47984)
Describe alternatives you've considered
The text was updated successfully, but these errors were encountered: