Nmap Development mailing list archives
Re: [NSE] Avoid caching http-form-fuzzer results?
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 6 Jul 2012 21:19:48 -0500
I will apply it, but to make sure the fix is complete, should I also use bypass_cache? It doesn't have as much advantage, but for the same reasons it is unlikely the script will find anything relevant in the cache. Dan On Fri, Jul 6, 2012 at 5:48 PM, Patrick Donnelly <batrick () batbytes com> wrote:
On Fri, Jul 6, 2012 at 5:47 PM, Daniel Miller <bonsaiviking () gmail com> wrote:List, I was running a scan with http-form-fuzzer, and got to thinking about the http cache. Not long into the scan, I had hit the maximum cache size. Since http-form-fuzzer sends random strings, the chance that something else will need to get the cached response for those requests is very low. I propose something like this patch:index a43d0af..c5914cc 100644 --- a/scripts/http-form-fuzzer.nse +++ b/scripts/http-form-fuzzer.nse @@ -157,7 +157,7 @@ local function fuzz_form(form, minlen, maxlen, host, port, path) if form["method"]=="post" then sending_function = function(data) return http.post(host, port, form_submission_path, nil, nil, data) end else - sending_function = function(data) return http.get(host, port, form_submission_path..generate_get_string(data)) end + sending_function = function(data) return http.get(host, port, form_submission_path..generate_get_string(data), {no_cache=true}) end end for _,field in ipairs(form["fields"]) doPost requests don't need changing, since they are not (and should not be) cached anyway. I'm not sure if this is the best way to go about making this change, so I would welcome any input or other modifications.This is a good change. Please apply it Daniel. -- - Patrick Donnelly
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Paulino Calderon (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Peter O (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Patrick Donnelly (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Patrick Donnelly (Jul 07)
- Re: [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 07)
- Re: [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 06)