Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http Library Enhancements/Strategy

From: Marc Ruef <marc.ruef () computec ch>
Date: Tue, 04 May 2010 20:27:30 +0200
Hello David,


* On the other hand http-malware-host.nse uses a quick hack which may
lead to false-positives: Only the status code is compared. Bbecause no
further requests are initiated, this is no "danger" for the target site.


In the case of http-malware-host the quick check is enough, because the
mere presence of the redirect indicates an infection.
Yes, I see. But, however, an administrator might add some (external) re-directs to generate false-positives without intention. Of course, just a special case without severity/priority. 


Wouldn't it make sense to provide a redirect identification within the
http library? I would prefer a function that returns the new url as
string. Additional optional arguments could prevent access outside the
target host/port.


I think it's a good idea. Are you interested in writing this function
for the http library?


Thank you for asking.
Of course. I'll try to do some improvements in the next few days or next week(s). 


I had to write something like this for the http-favicon survey script. I
didn't implement external host checking. I attached the script in case
you want to use it for inspiration. The relevant functions are dirname,
parse_url_relative, and http_get_redirected. It is used like this:

        root_host, root_port, root_path, body =
                http_get_redirected(host, port, "/", name, ip, REDIRECT_LIMIT)


Thank you for your support!


Furthermore, I would appreciate a generic function for generating and
sending http requests. The definition of the target host, target port,
method, resource, protocol and additional headers would be great.


We have this now, with http.generic_request.
        http://nmap.org/nsedoc/lib/http#generic_request
The build_request that generates the request string is local to the http
library, but it could be exposed externally if needed.


Ah, great!

Regards,

Marc

--
Marc Ruef | marc.ruef () computec ch | http://www.computec.ch/mruef/
_________________________________________________________________
Meine letzte Publikation: "Industrialisierung des Auditing-Bereichs" - http://www.computec.ch/news.php?item.327 
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: