Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Signature for nmap issue 168

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 19 Jun 2015 21:52:09 -0500
Thanks, Michał! I added a couple signatures based on this response in
r34684, and I rearranged the Apache signatures that detect its similar
response. Both these servers will respond with plaintext to a plaintext
HTTP request on a port which has been configured for HTTPS. In most cases
(i.e. port 443) we will send the SSLSessionReq probe first, but in the case
of unusual ports (like 6666), the GetRequest probe is sent first. Now,
Apache and nginx will be correctly detected as ssl/http in this
configuration.

For the rest of the list who may have missed out on the discussion over on
Github, #168 was a repeat of the common question: Why won't
ssl-enum-ciphers run on this odd port? The standard answer has been: use
"-sV --version-intensity 1", but in Michał's case (because of the issue
above), this didn't work either. He challenged me to make ssl-enum-ciphers
work as simply as the other SSL test programs out there, and I believe we
made it work. Now, using the capability that Patrick Donnelly introduced in
r33423 to use sockets within the rule function, ssl-enum-ciphers will send
probes to determine if a port has an SSL/TLS service if version detection
was not run. Check it out!

Dan

On Fri, Jun 19, 2015 at 11:55 AM, Michał Staruch <michal.staruch () gmail com>
wrote:


As discussed on https://github.com/nmap/nmap/issues/168, attaching output
of the command mentioned in issue. Using nginx 1.8.0, port changed by
setting
listen       6666 ssl spdy;
option in proper .conf file.

# (echo -e 'GET / HTTP/1.0\r\n\r\n'; sleep 3) | ncat localhost 6666
HTTP/1.1 400 Bad Request
Server: nginx/1.8.0
Date: Fri, 19 Jun 2015 15:04:18 GMT
Content-Type: text/html
Content-Length: 270
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS
port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: