Nmap Development mailing list archives
Re: [NSE] NSE HTTP library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 31 Jan 2008 10:33:40 -0600
Thomas Buchanan wrote:
I adjusted the header handling so that multiline headers are now properly handled. Earlier versions ignored those lines. You can now also set arbitrary headers for the http.get() function e.g.: http.get(host, port, '/', {header={Authorization="Basic YWRtaW46C"}}) This way you can also overwrite the User-Agent or the Host used in the GET request. Cheers, SvenSounds good to me. I'll try and get some testing on your changes in the next day or so, but one thing I noticed in your patch is that the get_url() function in http.lua doesn't pass the options variable along to get(). I've got some other ideas on how to improve the HTTP Auth script that I hope to get implemented in the near future, but this looks like a step in the right direction. Thomas
Yeah, I see the same thing you mention with get_url() and options. Also: in request(), it is checked see if nmap.have_ssl() is true and if the service is https or SSL-tunneled. But what if the user requests the use of SSL, but nmap.have_ssl() is false? It will either fail anyway (non-SSL traffic to SSL port), or possibly worse: succeed and not go over SSL. My first thought is to return that nil/empty 'result' table that's further down the function, but I don't know what's best. Although for /most/ scripts I guess it's not a security threat to go unencrypted either way (and a lot of servers just reject non-SSL traffic to 443), I don't like the thought of thinking I'm sending encrypted data when I'm not :) Thanks, Kris Katterjohn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE] NSE HTTP library, (continued)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 18)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 18)
- RE: [NSE] NSE HTTP library Thomas Buchanan (Jan 18)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 18)
- Re: [NSE] NSE HTTP library Thomas Buchanan (Jan 19)
- RE: [NSE] NSE HTTP library Thomas Buchanan (Jan 19)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 20)
- Re: [NSE] NSE HTTP library Fyodor (Jan 31)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 31)
- RE: [NSE] NSE HTTP library Thomas Buchanan (Jan 31)
- Re: [NSE] NSE HTTP library Kris Katterjohn (Jan 31)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 31)
- Re: [NSE] NSE HTTP library Fyodor (Jan 31)
- Re: [NSE] NSE HTTP library Kris Katterjohn (Jan 31)
- Re: [NSE] NSE HTTP library Sven Klemm (Feb 01)
- Re: [NSE] NSE HTTP library Fyodor (Feb 01)