Nmap Development mailing list archives
http-trace fails
From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 28 Apr 2010 18:13:20 +0200
Hi all, I'm having some trouble with the http-trace script missing hosts that actually have the TRACE method enabled. I've been able to locate the problem and it occurs if the server does not return anything more than the TRACE / HTTP/1.0 line. Here's an example of a server that fails: --- snip ---
TRACE / HTTP/1.0
<HTTP/1.1 200 OK Date: Wed, 28 Apr 2010 07:27:41 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: message/http TRACE / HTTP/1.0 --- snip --- The current logic only returns a success if the HTTP data portion of the response is different from the original query. An alternative method of detection would be to stuff a header with random contents into the request and look for it in the response: --- snip --- <TRACE / HTTP/1.0 T-CHECK: bf4c521519dab73291eb13f27e1eb53540a656dd
HTTP/1.1 200 OK
Date: Wed, 28 Apr 2010 16:11:10 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: message/http TRACE / HTTP/1.0 T-CHECK: bf4c521519dab73291eb13f27e1eb53540a656dd --- snip --- Or the script could simply be corrected to handle the first request. Any thoughts? //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-trace fails Patrik Karlsson (Apr 28)
- Re: http-trace fails Kris Katterjohn (Apr 28)
- Re: http-trace fails Patrik Karlsson (Apr 28)
- Re: http-trace fails Kris Katterjohn (Apr 28)