Nmap Development mailing list archives
Re: [NSE] http.lua and delimiters
From: David Fifield <david () bamsoftware com>
Date: Wed, 1 Oct 2008 22:00:55 -0600
On Thu, Oct 02, 2008 at 03:09:26AM +0100, jah wrote:
I've spent the evening on the rather arduous task of verifying that my proposed changes to the http library work as expected and comparing the results with the current version. I knocked-up a quick script which uses both versions of the library to perform http.get(), print the status code, each of the header values and the length of the body. I ran wireshark whilst this ran against 142 hosts and then manually verified that the script results matched the wireshark capture. I checked that the response code matched, that all of the headers were captured and that the body length was correct. Of the 142 hosts with port 80 open, the current library failed 34 times and the new version 0 times.
I have to say, those are compelling numbers. I may have been too quick to judge your patch earlier. I'm looking forward to seeing your updated patch.
I'm pretty much ready to submit an updated patch as used for this test, but there's just one thing I'm wondering about adding. The header value containing the status code (Status-Line) is currently discarded after the code itself is captured, but I'm tending toward keeping it to be more complete. Also, sometimes they're almost interesting: HTTP/1.1 403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. )
That's fine by me. I don't it should be part of the header, rather a separate table entry, because it appears it's not really considered part of the header: generic-message = start-line *(message-header CRLF) CRLF [ message-body ] start-line = Request-Line | Status-Line message-header = field-name ":" [ field-value ] David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE] http.lua and delimiters Sven Klemm (Oct 01)
- Re: [NSE] http.lua and delimiters Sven Klemm (Oct 01)
- <Possible follow-ups>
- Re: [NSE] http.lua and delimiters jah (Oct 01)
- Re: [NSE] http.lua and delimiters jah (Oct 01)
- Re: [NSE] http.lua and delimiters David Fifield (Oct 01)
- Re: [NSE] http.lua and delimiters jah (Oct 02)
- Re: [NSE] http.lua and delimiters David Fifield (Oct 02)
- Re: [NSE] http.lua and delimiters Sven Klemm (Oct 03)
- Re: [NSE] http.lua and delimiters jah (Oct 03)
- Re: [NSE] http.lua and delimiters David Fifield (Oct 03)
- Re: [NSE] http.lua and delimiters David Fifield (Oct 01)