Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: --proxies oddities

From: David Fifield <david () bamsoftware com>
Date: Tue, 30 Apr 2013 12:36:15 -0700
On Tue, Apr 30, 2013 at 09:24:39PM +0200, Henri Doreau wrote:

2013/4/30 David Fifield <david () bamsoftware com>:

http-title works, ssl-cert doesn't.

[...]

I can accept that maybe there is a technical reason why ssl-cert isn't
working, because the socket it has isn't really an SSL socket.
http-title on an HTTPS port doesn't seem to work either.

./nmap --proxies=socks4://localhost:9050 -n -Pn --script=http-title -p 443 secwiki.org -d


Yeah, I know about this one... and I'm not sure what to do.

As you said, the current architecture of nsock doesn't make it easy at
all to properly hook SSL connection requests, as it internally already
mixes several operations. I think not supporting it for now is better
than having super intrusive checks everywhere in the code.

I don't think that we should accept this limitation forever though.
First because it's annoying, second because it has no actual reason to
be. I plan to rework nsock SSL code, I'll make a design proposal here
when ready. Proper proxy support is one of the goals.

What do we want meanwhile? I'm not sure, given the very early stage of
the proxy support... I can make nsock_connect_ssl() return a
NSE_STATUS_ERROR[1] if nsp->px_chain != NULL for instance. What do you
think?


Let's just ignore it for now.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: