Previous  bell    Next
bell Warning: JavaScript is turned off! Some features on this website will not work without it.

What is Apache Synapse - User-Agent Mozilla/4.0 (compatible; Synapse)

I kept getting the error below in my ASP.net application whenever a request is made to my website with the name 'Synapse' in the HTTP request header User-Agent string. I googled this name and found some interesting articles that claimed that Synapse is a form of SQL Injection tool that probe the internet looking for vulnerabilities. But, this is a crawler that is actually used to post spam to websites through HTML form input.
What is Apache Synapse - User-Agent Mozilla/4.0 (compatible; Synapse)
Online Threat Alerts

What is Apache Synapse - User-Agent Mozilla/4.0 (compatible; Synapse)


Rating - Thumb up Rating - Thumb down 0   
What is Apache Synapse - User-Agent Mozilla/4.0 (compatible; Synapse)

I kept getting the error below in my ASP.net application whenever a request is made to my website with the name 'Synapse' in the HTTP request header User-Agent string. I googled this name and found some interesting articles that claimed that Synapse is a form of SQL Injection tool that probe the internet looking for vulnerabilities. But, this is a crawler that is actually used to post spam to websites through HTML form input.

Please continue reading below.

The Error Generated when Synapse makes a Request to my Website

Invaild ViewState Error

The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
======

The request contains the following User-Agent string: 
User-Agent Mozilla/4.0 (compatible; Synapse)

The invalid viewstate is generated when data is submitted to a website by a service created by piece of software called Apache Synapse

What is Apache Synapse?

In a nutshell, this is a free and open source software that provides services that have the ability to post data to websites it crawls.  You can click here to read more about it.

The service is commonly used in an abusive way by cybercriminals to post spam to websites that take HTML form input. The service seems to mainly target ASP.NET web forms and seems to be one of the main tools used for ASP.NET spamming, since it can send pre-configured viewstate values. 

In the case of the "Invaild ViewState" error message, the service sent a "-1" as the value for viewstate. Spammers use this value and long strings of random characters in an attempt to get past the viewstate errors, and this is what generates those failed ViewState, Base64 or MAC error messages.

For ASP.net webmasters, it is recommended that you do not turn off “EnableViewState” by setting it to false. By default, this feature is enabled and is also recommended by Microsoft that it should be turned on in a production environment.

This is because this feature actually prevents malicious crawlers and other tools used by hackers from tampering with the ASP.net viewstate.

Thanks to Chris Porter at ASP.net for this information.

Remember to leave your question or comment, and read the ones made by others below. And, please report malicious, phishing or scam email messages, social media posts and websites to us. You may click here to contact us, or forward the email messages to: info@onlinethreatalerts.com .

Alert and help your family and friends by sharing this article with them:
Submit Your Comment or Question

Submit your comment or question in the box below to share what you know or to get answers about this article.

CommentComments or Questions (0)