Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question related to the Nmap script http-useragent-tester

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 10 Sep 2015 20:43:44 -0500
George,

I added a fix in r35233:

commit abcd910cd6952163774c3785693400cb4278e036
Author: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date:   Thu Sep 10 17:27:22 2015 +0000

    Fix http-useragent-tester, which did not test user agents

    Spotted by Raúl Fuentes, http-useragent-tester was only sending one
    query, but reporting status for all user agents. This was because the
    http.get call was not using the bypass_cache option, so the first
    (cached) response was used for all subsequent tests.

    git-svn-id: https://svn.nmap.org/nmap@35233
e0a8ed71-7df4-0310-8962-fdc924857419

diff --git a/scripts/http-useragent-tester.nse
b/scripts/http-useragent-tester.nse
index 20429c8..12a8a65 100644
--- a/scripts/http-useragent-tester.nse
+++ b/scripts/http-useragent-tester.nse
@@ -57,7 +57,7 @@ getLastLoc = function(host, port, useragent)

   local options

-  options = {header={}, no_cache=true, redirect_ok=function(host,port)
+  options = {header={}, no_cache=true, bypass_cache=true,
redirect_ok=function(host,port)
       local c = 3
       return function(url)
         if ( c==0 ) then return false end


Dan

On Thu, Sep 10, 2015 at 11:24 AM, George Chatzisofroniou <sophron () latthi com

wrote:



Hi Raul,

I'm glad you found a solution on this. Have you written a patch yet?

PS: I'm CC'ing nmap-dev.

On Wed, Sep 9, 2015 at 9:26 PM, Raul Fuentes <ra.fuentess.sam () gmail com>
wrote:

Hi George,

I had  a little free time to check again the script

http-useragent-tester.

And was able to make it run properly.

Bonsaiviking already identify the issue as a bug (Being honest, I'm still
.thinking I was crazy and with errors from my part).

The issue  is in the nselib/http.lua when is invoking the generic_request
(used by http.get) due that  is using " "  instead of the ' ' (Example:
"GET" instead of 'GET')


Sincerely, Raul Fuentes

2015-09-02 16:42 GMT+02:00 George Chatzisofroniou <sophron () latthi com>:


Hi Raul,

On Mon, Aug 31, 2015 at 6:07 PM, Raul Fuentes <

ra.fuentess.sam () gmail com>

wrote:

I will elaborated my question a little more, I was reviewing  the

script

and
in theory, the line
      74: local response = http.get(host, port, '/', options)
Should be in a loop with the content of HTTPlibs (a predefined
user-agent
list plus user-custom). Yet,  testing in my local server  I got  only
one
HTTP Header request each time the script is executed and the

user-agent

is a
different one from the list: "Mozilla/5.0 (compatible; Nmap Scripting
Engine; http://nmap.org/book/nse.html)".

I already tested with the -d2 and the script indeed, run the former

line

by
each element in the list.


I'll have a look the following days and I'll let you know.

Cheers,

--
George Chatzisofroniou





--
Ate. Raul FUENTES

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: