Nmap Development mailing list archives
Re: [NSE] new scripts and libraries: http
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Mon, 6 Sep 2010 18:00:14 -0500
Re: return code for valid vs. invalid login All of the web apps developed in house by my employer return 200 OK on both success and failure. This is by design. Failed logins are redirected to a login page and the 403 error page is never displayed. Something like that would break this script. Would it be possible to have a user definable success / fail criteria that includes regex or custombreturn codes? -Jason On Aug 12, 2010 11:49 PM, "David Fifield" <david () bamsoftware com> wrote: On Sun, Aug 08, 2010 at 05:31:36PM +0200, Patrik Karlsson wrote:
x http-brute - performs password guessing against basic authentication x http-form-brute - performs form-based password guessing
http-brute looks good. My first idea was to make it have a default path of /, but requiring a script argument for that is fine too. In checking for a successful login, I think that it should do more than check for a 200 response. A 302 and probably others would be interesting as well. How about checking for not 4xx and not 5xx? Something like an IDS may start detecting all the requests and start returning 403, and that would ideally be detected, but that can wait until we get some actual reports. Could the cached credentials in in nmap.registry.credentials.http be indexed by the domain and realm? My idea is to introduce a more capable default http.get function that is capable of following redirects and using cached authentication automatically. If it knows the domain and realm it can do this just like a web browser. http-form-brute looks good, just like I would expect. I suspect that looking for the nonexistence of uservar and passvar in the body will be more robust than looking for the nonexistence of 'type=\"password\"'. You can commit these when you like. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] new scripts and libraries: brute library, (continued)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 20)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 20)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 21)
- Re: [NSE] new scripts and libraries: vnc Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: vnc Henri Salo (Aug 14)
- Re: [NSE] new scripts and libraries: vnc Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: http Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: http David Fifield (Sep 06)
- Message not available
- Re: [NSE] new scripts and libraries: http DePriest, Jason R. (Sep 06)
- Re: [NSE] new scripts and libraries: http David Fifield (Sep 06)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 18)
- Re: [NSE] new scripts and libraries: svn David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 18)
- Re: [NSE] new scripts and libraries: svn Patrick Donnelly (Aug 19)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: svn David Fifield (Aug 19)
- Re: [NSE] new scripts and libraries: domino, informix, oracle, giop Patrik Karlsson (Aug 19)