Nmap Development mailing list archives
[nse] #212 - http.get_url makes plain text request for HTTPS urls
From: jah <jah () zadkiel plus com>
Date: Thu, 17 Sep 2015 23:43:25 +0100
List, Issue [#212] on github is reproduced below. The first HTTP request made by an NSE script which calls http.get_url with an https url is a plaintext request, instead of an encrypted one. I'm not sure of the best way to solve it. jah [#212]: https://github.com/nmap/nmap/issues/212 - http.get_url parses the url to produce a port table: {service: "https", number: 443} - http.request is eventually called with the port table and this is passed to comm.tryssl - comm.tryssl passes the port table to comm.bestoption, which calls comm.is_ssl, which calls shortport.ssl - shortport.ssl calls shortport.port_or_service which returns false because both the port_checker and service_checker demand that port.state be either "open" or "open|filtered", but port.state is not set in this case - thus comm.tryssl uses opts.proto="tcp" instead of "ssl" when calling comm.opencon I can think of four fixes:- 1. shortport.includes, used by the checker functions, could return true if a nil value is being checked for inclusion in a set 2. the shortport checker functions could avoid testing port.state for inclusion in a set of states if port.state is not set (and return true when the other demands are met). 3. http.get_url could add port.state="open" after parsing its url argument. 4. http.request could set port.state Doing option 3 seems appropriate, but it doesn't help script writers using other http.lua functions such as get or head. Option 1 seems like the right thing to do, except that it arguably violates the principle of least surprise. Options 2 and 4 are probably not the appropriate places to solve this problem.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [nse] #212 - http.get_url makes plain text request for HTTPS urls jah (Sep 17)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls Daniel Miller (Sep 17)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls jah (Sep 18)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls Daniel Miller (Sep 21)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls jah (Sep 18)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls Daniel Miller (Sep 17)