Nmap Development mailing list archives
Re: Apache mod_negotiation
From: Hani Benhabiles <kroosec () gmail com>
Date: Thu, 8 Dec 2011 22:19:17 +0100
Hi Patrik, I've been thinking about leveraging it more too. When mod_negotiation is enabled, a request with an Accept header containing an unknown/unsupported MIME type (such as random/foo) would get a response with all matching results in alternates header and not just the first match in Content-location. This post [1] from w3af creator explains it well. [1] http://www.bonsai-sec.com/blog/index.php/exploiting-http-content-negotiation/ Cheers, Hani. On Thu, Dec 8, 2011 at 10:02 PM, Patrik Karlsson <patrik () cqure net> wrote:
Hi all, Testing the http-apache-negotiation script Hani wrote got me thinking. Wouldn't it be possible for script like http-enum to use this feature in order to do file and file-type guessing a lot more efficient? If the server supports negotiation, the script would simply remove the suffixes from the guessed files and the response would contain possible responses? //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: kroosec <https://twitter.com/#%21/kroosec> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Apache mod_negotiation Patrik Karlsson (Dec 08)
- Re: Apache mod_negotiation Hani Benhabiles (Dec 08)