Nmap Development mailing list archives
Nmap service detection, http 1.1
From: Jak0b <djgreiz () gmail com>
Date: Mon, 24 Nov 2008 17:47:50 +0100
Hi. I've been having some trouble running service detection on an "Apache-Coyote/1.1" server. The problem seems to have somthing to do with nmap's service detection not supporting http 1.1, or not supporting it correctly. A typical tcp stream from nmap might look like this: --- GET / HTTP/1.0 HTTP/1.1 403 Forbidden Cache-Control: no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Proxy-Connection: close Connection: close Content-Length: 606 <HTML><HEAD> <TITLE>Access Denied</TITLE> </HEAD> <BODY> <FONT face="Helvetica"> <big><strong></strong></big><BR> ...(and so on) --- Of cource this isn't working, as nmap (in this particular case) seems to be using http 1.0, while the server apparently requries http 1.1. The service detection later fails. And my question is of course, does nmap support http 1.1? And if so, does it support it correctly or is it just this particular server that doesn't follow common standards? Nmap output: --- sudo nmap -PN -sV --version-all -p80 www.idg.se Password: Starting Nmap 4.76 ( http://nmap.org ) at 2008-11-24 03:00 CET Interesting ports on 213.132.126.26: PORT STATE SERVICE VERSION 80/tcp open http? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port80-TCP:V=4.76%I=9%D=11/24%Time=492A0ADD%P=x86_64-unknown-linux-gnu% SF:r(GetRequest,30C,"HTTP/1\.1\x20403\x20Forbidden\r\nCache-Control:\x20no SF:-cache\r\nPragma:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset SF:=utf-8\r\nProxy-Connection:\x20close\r\nConnection:\x20close\r\nContent SF:-Length:\x20606\r\n\r\n<HTML><HEAD>\n<TITLE>Access\x20Denied</TITLE>\n< SF:/HEAD>\n<BODY>\n<FONT\x20face=\"Helvetica\">\n<big><strong></strong></b SF:ig><BR>\n</FONT>\n<blockquote>\n<TABLE\x20border=0\x20cellPadding=1\x20 SF:width=\"80%\">\n<TR><TD>\n<FONT\x20face=\"Helvetica\">\n<big>Access\x20 SF:Denied\x20\(policy_denied\)</big>\n<BR>\n<BR>\n</FONT>\n</TD></TR>\n<TR SF:><TD>\n<FONT\x20face=\"Helvetica\">\nYour\x20system\x20policy\x20has\x2 SF:0denied\x20access\x20to\x20the\x20requested\x20URL\.\n</FONT>\n</TD></T SF:R>\n<TR><TD>\n<FONT\x20face=\"Helvetica\">\n\n</FONT>\n</TD></TR>\n<TR> SF:<TD>\n<FONT\x20face=\"Helvetica\"\x20SIZE=2>\n<BR>\nFor\x20assistance,\ SF:x20contact\x20your\x20network\x20support\x20team\.\n</FONT>\n</TD></TR> SF:\n</TABLE>\n</blockquote>\n</FONT>\n</BODY></HTML>\n")%r(FourOhFourRequ SF:est,30C,"HTTP/1\.1\x20403\x20Forbidden\r\nCache-Control:\x20no-cache\r\ SF:nPragma:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\ SF:nProxy-Connection:\x20close\r\nConnection:\x20close\r\nContent-Length:\ SF:x20606\r\n\r\n<HTML><HEAD>\n<TITLE>Access\x20Denied</TITLE>\n</HEAD>\n< SF:BODY>\n<FONT\x20face=\"Helvetica\">\n<big><strong></strong></big><BR>\n SF:</FONT>\n<blockquote>\n<TABLE\x20border=0\x20cellPadding=1\x20width=\"8 SF:0%\">\n<TR><TD>\n<FONT\x20face=\"Helvetica\">\n<big>Access\x20Denied\x2 SF:0\(policy_denied\)</big>\n<BR>\n<BR>\n</FONT>\n</TD></TR>\n<TR><TD>\n<F SF:ONT\x20face=\"Helvetica\">\nYour\x20system\x20policy\x20has\x20denied\x SF:20access\x20to\x20the\x20requested\x20URL\.\n</FONT>\n</TD></TR>\n<TR>< SF:TD>\n<FONT\x20face=\"Helvetica\">\n\n</FONT>\n</TD></TR>\n<TR><TD>\n<FO SF:NT\x20face=\"Helvetica\"\x20SIZE=2>\n<BR>\nFor\x20assistance,\x20contac SF:t\x20your\x20network\x20support\x20team\.\n</FONT>\n</TD></TR>\n</TABLE SF:>\n</blockquote>\n</FONT>\n</BODY></HTML>\n")%r(OfficeScan,316,"HTTP/1\ SF:.1\x20403\x20Forbidden\r\nCache-Control:\x20no-cache\r\nPragma:\x20no-c SF:ache\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nProxy-Connectio SF:n:\x20Keep-Alive\r\nConnection:\x20Keep-Alive\r\nContent-Length:\x20606 SF:\r\n\r\n<HTML><HEAD>\n<TITLE>Access\x20Denied</TITLE>\n</HEAD>\n<BODY>\ SF:n<FONT\x20face=\"Helvetica\">\n<big><strong></strong></big><BR>\n</FONT SF:>\n<blockquote>\n<TABLE\x20border=0\x20cellPadding=1\x20width=\"80%\">\ SF:n<TR><TD>\n<FONT\x20face=\"Helvetica\">\n<big>Access\x20Denied\x20\(pol SF:icy_denied\)</big>\n<BR>\n<BR>\n</FONT>\n</TD></TR>\n<TR><TD>\n<FONT\x2 SF:0face=\"Helvetica\">\nYour\x20system\x20policy\x20has\x20denied\x20acce SF:ss\x20to\x20the\x20requested\x20URL\.\n</FONT>\n</TD></TR>\n<TR><TD>\n< SF:FONT\x20face=\"Helvetica\">\n\n</FONT>\n</TD></TR>\n<TR><TD>\n<FONT\x20 SF:face=\"Helvetica\"\x20SIZE=2>\n<BR>\nFor\x20assistance,\x20contact\x20y SF:our\x20network\x20support\x20team\.\n</FONT>\n</TD></TR>\n</TABLE>\n</b SF:lockquote>\n</FONT>\n</BODY></HTML>\n"); Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 220.55 seconds --- Nmap version: 4.76 My os: Linux version 2.6.27-ARCH Have fun! /J _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap service detection, http 1.1 Jak0b (Nov 24)
- Re: Nmap service detection, http 1.1 doug (Nov 24)