Nmap Development mailing list archives
Re: Question related to the Nmap script http-useragent-tester
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 10 Sep 2015 20:43:44 -0500
George, I added a fix in r35233: commit abcd910cd6952163774c3785693400cb4278e036 Author: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419> Date: Thu Sep 10 17:27:22 2015 +0000 Fix http-useragent-tester, which did not test user agents Spotted by Raúl Fuentes, http-useragent-tester was only sending one query, but reporting status for all user agents. This was because the http.get call was not using the bypass_cache option, so the first (cached) response was used for all subsequent tests. git-svn-id: https://svn.nmap.org/nmap@35233 e0a8ed71-7df4-0310-8962-fdc924857419 diff --git a/scripts/http-useragent-tester.nse b/scripts/http-useragent-tester.nse index 20429c8..12a8a65 100644 --- a/scripts/http-useragent-tester.nse +++ b/scripts/http-useragent-tester.nse @@ -57,7 +57,7 @@ getLastLoc = function(host, port, useragent) local options - options = {header={}, no_cache=true, redirect_ok=function(host,port) + options = {header={}, no_cache=true, bypass_cache=true, redirect_ok=function(host,port) local c = 3 return function(url) if ( c==0 ) then return false end Dan On Thu, Sep 10, 2015 at 11:24 AM, George Chatzisofroniou <sophron () latthi com
wrote:
Hi Raul, I'm glad you found a solution on this. Have you written a patch yet? PS: I'm CC'ing nmap-dev. On Wed, Sep 9, 2015 at 9:26 PM, Raul Fuentes <ra.fuentess.sam () gmail com> wrote:Hi George, I had a little free time to check again the scripthttp-useragent-tester.And was able to make it run properly. Bonsaiviking already identify the issue as a bug (Being honest, I'm still .thinking I was crazy and with errors from my part). The issue is in the nselib/http.lua when is invoking the generic_request (used by http.get) due that is using " " instead of the ' ' (Example: "GET" instead of 'GET') Sincerely, Raul Fuentes 2015-09-02 16:42 GMT+02:00 George Chatzisofroniou <sophron () latthi com>:Hi Raul, On Mon, Aug 31, 2015 at 6:07 PM, Raul Fuentes <ra.fuentess.sam () gmail com>wrote:I will elaborated my question a little more, I was reviewing thescriptand in theory, the line 74: local response = http.get(host, port, '/', options) Should be in a loop with the content of HTTPlibs (a predefined user-agent list plus user-custom). Yet, testing in my local server I got only one HTTP Header request each time the script is executed and theuser-agentis a different one from the list: "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)". I already tested with the -d2 and the script indeed, run the formerlineby each element in the list.I'll have a look the following days and I'll let you know. Cheers, -- George Chatzisofroniou-- Ate. Raul FUENTES_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Question related to the Nmap script http-useragent-tester George Chatzisofroniou (Sep 10)
- Re: Question related to the Nmap script http-useragent-tester Daniel Miller (Sep 10)
- Re: Question related to the Nmap script http-useragent-tester George Chatzisofroniou (Sep 10)
- Re: Question related to the Nmap script http-useragent-tester Daniel Miller (Sep 10)