Nmap Development mailing list archives
Re: [NSE] tls-nextprotoneg
From: Hani Benhabiles <kroosec () gmail com>
Date: Mon, 09 Jul 2012 00:14:32 +0100
On 07/08/2012 10:10 PM, Toni Ruottu wrote:
Not really. However a browser vendor may experiment with new protocols despite other browsers not supporting that protocol. It is also a question of maintainability. Parsing the headers would remove the need to update the script when new protocols are introduced.Although Google is pushing NPN specifically for Spdy, maintanibility for future protocols is a good argument. Here is an updated version of the script.On Sunday, 8 July 2012, Hani Benhabiles wrote: On 07/08/2012 11:01 AM, Toni Ruottu wrote: By reading the script I get that it is currently searching the header for known protocol names. The problem here is that the not so well known extensions are often more likely to have security problems. To report custom protocols the script would need to parse the header for protocol fields rather than search for specific names. This might also make the script faster and more reliable, but I am not familiar with the header format and do not know how much work that would be. On Sat, Jul 7, 2012 at 6:13 PM, Toni Ruottu <toni.ruottu () iki fi> wrote: One more thing. Would it make sense to also report custom protocols that have not been reported to IANA? Is that possible? On Sat, Jul 7, 2012 at 5:42 PM, Hani Benhabiles <kroosec () gmail com> wrote: On 07/07/2012 03:31 PM, Henri Doreau wrote: 2012/7/7 Hani Benhabiles <kroosec () gmail com>: Hi Henri, Thanks for all the remarks, I have made the according changes to the script. As for the random string, stdnse.generate_random_string with the default charset is good enough. Cheers, Hani. -- Hani Benhabiles Looks good. Go ahead and commit. If anyone has concerns about having this script "default", please speak up. Thanks. Committed as r29144. Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec <https://twitter.com/#%21/kroosec> Blog: http://kroosec.blogspot.com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ Hi Toni, Do you have any examples of unknown protocols or servers that do so ? This wouldn't make much sense given that clients too have static values (from the specification) and wouldn't be able to recognize them (See Chromium as an example [1].) [1] https://code.google.com/searchframe#OAMlx_jo-ck/src/net/socket/ssl_client_socket.cc&q=kProtoUnknown&exact_package=chromium&l=19 Cheers, Hani.-- Hani BenhabilesTwitter: https://twitter.com/#!/kroosec <https://twitter.com/#%21/kroosec> Blog: http://kroosec.blogspot.com
Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com
Attachment:
tls-nextprotoneg.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] tls-nextprotoneg, (continued)
- Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 06)
- Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 06)
- Re: [NSE] tls-nextprotoneg Henri Doreau (Jul 07)
- Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 07)
- Re: [NSE] tls-nextprotoneg Henri Doreau (Jul 07)
- Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 07)
- Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 07)
- Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 08)
- Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 08)
- Re: [NSE] tls-nextprotoneg Toni Ruottu (Jul 08)
- Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 08)
- Re: [NSE] tls-nextprotoneg Hani Benhabiles (Jul 07)