Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http.lua and delimiters

From: jah <jah () zadkiel plus com>
Date: Tue, 30 Sep 2008 22:22:02 +0100
On 30/09/2008 22:03, David Fifield wrote:

On Wed, Sep 24, 2008 at 03:43:21AM +0100, jah wrote:
  

I decided to knock-up a quick script which sends an HTTP request, uses
socket.receive() in a loop to collect the response as an unmolested
string and then detects the characters used to delimit the header and
body and the characters used to delimit lines in both the header and the
body.
    


Hi. This is intriguing research. Can you send me the script so I can try
to reproduce the results? I think it will help me evaluate the changes
to the http module.

  

Sure thing.  You'll want to change the output file location on line 16.

Regards,

jah

id="http newline"
author=""
runlevel="1"
description = ""

local comm   = require "comm"
local stdnse = require "stdnse"

portrule = function(host, port)
  return ( ( port.service == 'http' or ( port.service == 'https' or port.version.service_tunnel == 'ssl' and 
nmap.have_ssl() ) ) and true ) or false
end

action = function( host, port )
  -- put a file handle into the registry for sharing
  if not nmap.registry.nl then
    nmap.registry.nl = io.open( "U:\\jah\\desktop\\newline_services.txt", "a" )
  end
  o = nmap.registry.nl

  -- basic http request
  local status, data = manual_request(host, port)

  -- quit if we didn't get any data
  if type( data ) ~= "string" or data == "" then
    o:write( ("%s : responded with nothing\n"):format( host.ip ) )
    return nil
  end

  local out, header, body = {}

  out[#out+1] = ("%s"):format( host.ip )

  -- try and separate the head from the body
  if data:match( "\r\n\r\n" ) then

    header, body = data:match( "^(.-)\r\n\r\n(.*)$" )
    out[#out+1] = "header ends using CRLFCRLF"

  elseif data:match( "\n\n" ) then

    header, body = data:match( "^(.-)\n\n(.*)$" )
    out[#out+1] = "header ends using LFLF"

  else

    body = data
    print( "RESPONSE", ((data:gsub( "\n", "\\n" )):gsub( "\r", "\\r" )) )
    out[#out+1] = "cannot determine end of header"

  end

  if type( header ) == "string" then
    out[#out+1] = (( header:match( "\r\n" ) and "header (%s chars) lines delimited with CRLF" ) or
                   ( header:match( "\n" )   and "header (%s chars) lines delimited with LF" ) or
                   "header (%s chars) without line delimiter"):format( header:len() )
  end

  if type( body ) == "string" then
    out[#out+1] = (( body:match( "\r\n" ) and "body (%s chars) lines delimited with CRLF" ) or
                   ( body:match( "\n" )   and "body (%s chars) lines delimited with LF" ) or
                   "body (%s chars) without line delimiter"):format( body:len() )
  end

  o:write( (table.concat( out, " : " ) or "") .. "\n" )

end









function manual_request(host, port)

  local request = "GET / HTTP/1.0\r\n\r\n"
  --request = request:format( host.ip )

  local socket = nmap.new_socket()
  local catch = function()
    stdnse.print_debug( "%s Connection to %s failed or was aborted! No Output for this Target.", id, host.ip )
    socket:close()
  end

  local try = nmap.new_try( catch )

  socket:set_timeout( 10000 )
  try( socket:connect( host.ip, port.number ) )
  try( socket:send( request ) )

  local response = {}
  while true do
    local status, chunk = socket:receive()
    if not status then
      break
    else
      response[#response+1] = chunk
    end
  end

  socket:close()

  stdnse.print_debug(1, "%s Closed connection to %s.", id, host.ip, db)

  if #response == 0 then
    return false, nil
  end

  return true, table.concat( response )

end

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: