Nmap Development mailing list archives
Port specification in the location data returned from http-headers and html-title.nse
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 15 Oct 2009 17:56:41 -0500
This email is a combination of a request for comments as well as a reminder for myself. Some time ago I noticed that the html-title.nse script did not return the proper value for location when it was run against a web server running on a port other than 80. For example: nmap -sV --script=html-title.nse -p 8080 www.someserver.com would return this 8080/tcp open http Apache httpd 2.0.46 ((Red Hat)) | html-title: My Site |_ Requested resource was http://www.someserver.com/ That last line should actually be |_ Requested resource was http://www.someserver.com:8080/ I noticed this due to a service I was seeing on a regular basis that redirects via a HTTP 302 to a subdirectory on the same host and port. Digging around a bit I see what I think is the cause in http.lau at the following lines in the "buildGet" function: header = { --> Host = get_hostname(host), ["User-Agent"] = "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)" } This syntax also shows up in a couple other, similar functions such as buildHead and buildPost. When building the headers to send the hostname is set, but the port number is not on it. The value of the Host: header is returned as part of the Location server header. The result trickles down in the Location values of a couple scripts like html-title.nse and http-headers.nse. I did some preliminary testing and found that changing the line to Host = get_hostname(host) .. port.number, corrected the problem without breaking anything. If I am right, the fix seems to be easy. I don't have time at the moment to test this change with the depth that it needs so I figured I would toss this out to see what you folks had to say. I will probably work on changing and testing this sometime this weekend. Thanks, Tom _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Port specification in the location data returned from http-headers and html-title.nse Tom Sellers (Oct 15)
- Re: Port specification in the location data returned from http-headers and html-title.nse David Fifield (Nov 09)