Re: Fix for HTTP_open_proxy.nse

[Sven Klemm <sven () c3d2 de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Vlatko,

| I'va made small fixes to HTTP_open_proxy.nse.
|
| 1) better service portrule: script didn't check for all squid service
| findings. For example, nmap spits out:
| 5128/tcp open  squid-http
| and it wouldn't run. So, I made patch to match ".*squid.*" in
port.service

I think it's not necessary to do regular expression-matching here as
the service field can only have values from either nmap-services or
nmap-service-probes. A better fix for the portrule is probably

portrule =
shortport.port_or_service({3128,8000,8080},{'squid-http','http-proxy'})

which does the same as your change except for the regex matching.


| 2) fixed google checking: script checked for "Server: GWS/" which is not
| existant any more on google, but "Server: gws", look:
| $ nc www.google.com 80
| HEAD / HTTP/1.0
|
| HTTP/1.0 302 Found
| Location: http://www.google.hr/
| Cache-Control: private
| Content-Type: text/html; charset=UTF-8
| Set-Cookie:
| PREF=ID=e468038a5d1ffd95:TM=1222924066:LM=1222924066:S=OBsAwWeukoQJmdBa;
| expires=Sat, 02-Oct-2010 05:07:46 GMT; path=/; domain=.google.com
| Date: Thu, 02 Oct 2008 05:07:46 GMT
| Server: gws
| Content-Length: 218
| Connection: Close
|
| ...so I replaced that part to check for server: gws and to ignore
the case.

This looks good to me.

Cheers,
Sven

- --
Sven Klemm
http://cthulhu.c3d2.de/~sven/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjkt3cACgkQevlgTHEIT4ZMIQCeNOhY7WMFsBLE/3oPqDdR++VD
+KIAn0IYhQy9kfvWULXIqFQ2Of/6s68g
=xANS
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org