Nmap Development mailing list archives
Re: A couple more issues with http.lua
From: Ron <ron () skullsecurity net>
Date: Fri, 21 Aug 2009 14:53:33 -0500
If nobody has any issues with this, I'll go ahead and commit it tonight or tomorrow.
For the first issue (443 not being listed), it looks like it and 22 were listed in the original release of the code, but at some point somebody removed them and added some others. If there was an actual reason for removing 443, please let me know; otherwise, I'll assume it was an accident.
Thanks! Ron On 08/20/2009 10:14 AM, Ron wrote:
Hi all, I was getting some weird errors when scanning some SSL-only servers (in particular, an embedded Arcsight system that runs some form of Apache Tomcat). I eventually realized it was trying to start a non-SSL conection on port 443. I traced it back to this code: -- local function is_ssl(port_number) local common_ssl_ports = {465, 989, 990, 992, 993, 994, 995, 587, 6697, 6679, 8443} ... -- The issue is that "tcp" is given priority over "ssl", since port 443 is missing from the list, and also that the server responds to a HTTP request on a HTTPS port with a 400 Bad Request, making Nmap think it worked. So I added 443 to that list (and I'll commit that change, unless there's some reason it was left off?), and now I get this error: -- NSE: http-enum against x.x.x.125:443 threw an error! ./nselib/http.lua:629: attempt to concatenate local 'limit' (a nil value) stack traceback: ./nselib/http.lua:629: in function 'pipeline' ./scripts/http-enum.nse:169: in function <./scripts/http-enum.nse:42> (tail call): ? -- I traced it back to this line: -- if response.header["keep-alive"] then local max = string.match( response.header["keep-alive"], "max\=(%d*)") return max else return 40 end -- While the server returns this: -- status-line: HTTP/1.1 404 Not Found header: connection: Keep-Alive keep-alive: timeout=15 date: Thu, 20 Aug 2009 15:07:31 GMT content-type: text/html; charset=iso-8859-1 server: Apache status: 404 cookies: body: -- So, the match is failing and 'nil' is being returned. The fix for it would be checking if max is nil and returning 40 if it is. I've made both those changes and tested them against a few known bad systems. They seem to work fine. A diff is attached; let me know if you want me to apply it. Ron (PS: Sorry if the linebreaks get screwed up, I am forwarding this from Outlook) ------------------------------------------------------------------------ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- A couple more issues with http.lua Ron (Aug 20)
- Re: A couple more issues with http.lua Ron (Aug 21)
- Re: A couple more issues with http.lua Joao Correa (Aug 21)
- Re: A couple more issues with http.lua Ron (Aug 21)