Re: [NSE] NSE HTTP library

[Kris Katterjohn <katterjohn () gmail com>]

Thomas Buchanan wrote:
> > I adjusted the header handling so that multiline headers are now
> > properly handled. Earlier versions ignored those lines.
> >
> > You can now also set arbitrary headers for the http.get() function
> > e.g.: http.get(host, port, '/', {header={Authorization="Basic
> > YWRtaW46C"}})
> >
> > This way you can also overwrite the User-Agent or the Host used in the
> > GET request.
> >
> > Cheers,
> > Sven
>
> Sounds good to me.  I'll try and get some testing on your changes in the
> next day or so, but one thing I noticed in your patch  is that the
> get_url() function in http.lua doesn't pass the options variable along
> to get().
>
> I've got some other ideas on how to improve the HTTP Auth script that I
> hope to get implemented in the near future, but this looks like a step
> in the right direction.
>
> Thomas 

Yeah, I see the same thing you mention with get_url() and options.

Also: in request(), it is checked see if nmap.have_ssl() is true and if 
the service is https or SSL-tunneled.  But what if the user requests the 
use of SSL, but nmap.have_ssl() is false?

It will either fail anyway (non-SSL traffic to SSL port), or possibly 
worse: succeed and not go over SSL.  My first thought is to return that 
nil/empty 'result' table that's further down the function, but I don't 
know what's best.  Although for /most/ scripts I guess it's not a 
security threat to go unencrypted either way (and a lot of servers just 
reject non-SSL traffic to 443), I don't like the thought of thinking I'm 
sending encrypted data when I'm not :)

Thanks,
Kris Katterjohn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org