Nmap Development mailing list archives
Re: nmap 3.48 RPM includes SSL support?
From: Paul Johnston <paul () westpoint ltd uk>
Date: Mon, 13 Oct 2003 10:01:02 +0100
Hi, Apache has a cool feature where it detects plain HTTP on an SSL port: [paul@fester paul]$ telnet localhost 443 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 400 Bad Request Date: Mon, 13 Oct 2003 08:49:37 GMT Server: Apache Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>400 Bad Request</TITLE> </HEAD><BODY> <H1>Bad Request</H1> Your browser sent a request that this server could not understand.<P> Reason: You're speaking plain HTTP to an SSL-enabled server port.<BR> Instead use the HTTPS scheme to access this URL, please.<BR><BLOCKQUOTE>Hint: <A HREF="https://fester:443/";><B>https://fester:443/</B></A></BLOCKQUOTE><P>
</BODY></HTML> Connection closed by foreign host.That is how nmap got the banner! This only works for 1.0/1.1 requests, not 0.9.
Paul Todd wrote:
Fyodor, Since I was having problems compiling nmap 3.48 on Red Hat 9 I went ahead and installed your RPM, which claims not to be linked to OpenSSL. Why then is it able to determine my Apacke version as shown below? Thanks! -Todd [root@localhost root]# nmap -p 443 -sV www.mydomain.foo Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-10-10 09:38 EDT Interesting ports on xx.xx.xx.x: PORT STATE SERVICE VERSION 443/tcp open http Apache httpd 2.0.40 ((Red Hat Linux)) Nmap run completed -- 1 IP address (1 host up) scanned in 10.626 seconds ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- nmap 3.48 RPM includes SSL support? Todd (Oct 10)
- Re: nmap 3.48 RPM includes SSL support? MadHat (Oct 10)
- Re: nmap 3.48 RPM includes SSL support? Todd (Oct 10)
- Re: nmap 3.48 RPM includes SSL support? Paul Johnston (Oct 13)
- Re: nmap 3.48 RPM includes SSL support? MadHat (Oct 10)