Re: [NSE] tls-nextprotoneg

[Hani Benhabiles <kroosec () gmail com>]

On 07/07/2012 11:24 AM, Henri Doreau wrote:
> 2012/7/6 Hani Benhabiles <kroosec () gmail com>:
> > Tests and feedback are welcome.
> >
> > Cheers,
> > Hani.
> Hi Hani,
>
> that's a nice script, congratulations for the good work! There are a
> couple things I would change in the code though (patch attached):
>
>    - replaced randstring() function by a call to
> stdnse.generate_random_string(). Maybe there's a nicer way to specify
> the charset to the function though?
>    - the list of known protocols is only used in check_npn(), I see no
> need to pass it as a parameter from action().
>    - cli_h is defined in action() and used in client_hello(), moved it.
>    - defined client_hello() and check_npn() as local
>
> Concerning adding the script to the default category: currently,
> script will almost never return anything, so this would be one query
> per SSL port we find w/o anything reported back. OTOH this is
> relatively cheap and not having it in default would probably prevent
> many users from benefiting it.
>
> I'd be in favor of adding it to default.
>
> Regards.
Hi Henri,

Thanks for all the remarks, I have made the according changes to the 
script. As for the random string, stdnse.generate_random_string with the 
default charset is good enough.

Cheers,
Hani.

--
Hani Benhabiles

Twitter: https://twitter.com/#!/kroosec
Blog: http://kroosec.blogspot.com

Attachment: tls-nextprotoneg.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/