Nmap Development mailing list archives
Re: Signature for nmap issue 168
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 19 Jun 2015 21:52:09 -0500
Thanks, Michał! I added a couple signatures based on this response in r34684, and I rearranged the Apache signatures that detect its similar response. Both these servers will respond with plaintext to a plaintext HTTP request on a port which has been configured for HTTPS. In most cases (i.e. port 443) we will send the SSLSessionReq probe first, but in the case of unusual ports (like 6666), the GetRequest probe is sent first. Now, Apache and nginx will be correctly detected as ssl/http in this configuration. For the rest of the list who may have missed out on the discussion over on Github, #168 was a repeat of the common question: Why won't ssl-enum-ciphers run on this odd port? The standard answer has been: use "-sV --version-intensity 1", but in Michał's case (because of the issue above), this didn't work either. He challenged me to make ssl-enum-ciphers work as simply as the other SSL test programs out there, and I believe we made it work. Now, using the capability that Patrick Donnelly introduced in r33423 to use sockets within the rule function, ssl-enum-ciphers will send probes to determine if a port has an SSL/TLS service if version detection was not run. Check it out! Dan On Fri, Jun 19, 2015 at 11:55 AM, Michał Staruch <michal.staruch () gmail com> wrote:
As discussed on https://github.com/nmap/nmap/issues/168, attaching output of the command mentioned in issue. Using nginx 1.8.0, port changed by setting listen 6666 ssl spdy; option in proper .conf file. # (echo -e 'GET / HTTP/1.0\r\n\r\n'; sleep 3) | ncat localhost 6666 HTTP/1.1 400 Bad Request Server: nginx/1.8.0 Date: Fri, 19 Jun 2015 15:04:18 GMT Content-Type: text/html Content-Length: 270 Connection: close <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx/1.8.0</center> </body> </html> _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Signature for nmap issue 168 Michał Staruch (Jun 19)
- Re: Signature for nmap issue 168 Daniel Miller (Jun 19)