Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: POST data in http-fingerprints.lua

From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Mon, 26 Sep 2016 15:06:22 +0300
Hi Gary,

See the patch below:

# diff http-enum.nse http-enum.nse~
400c400
<         local res = http.generic_request(host, port,
fingerprints[i].probes[j].method or 'GET', basepath ..
fingerprints[i].probes[j].path, fingerprints[i].probes[j].options or nil)
---

        local res = http.generic_request(host, port,

fingerprints[i].probes[j].method or 'GET', basepath ..
fingerprints[i].probes[j].path, nil)

You can create a fingerprint that sends POST data in http-fingerprints.lua
like this:

table.insert(fingerprints, {
    category = 'attacks',
    probes = {
      {
        path = '/vuln.php',
        method = 'POST',
        nopipeline = true,
        options = {
          header = {
            ["Content-Type"] = "application/x-www-form-urlencoded"
          },
          content = "par1=val1&par2=val2"
        }
      },
    },
    matches = {
      {
        match = 'test',
        output = 'POST request with content worked'
      }
    }
  });

- Josh

On Wed, Sep 21, 2016 at 8:20 PM, Daniel Miller <bonsaiviking () gmail com>
wrote:


Gary,

It doesn't look like that's supported right now. The code in http-enum.nse
uses http.pipeline_add or http.generic_request with the options parameter
set to nil. If we wanted to add this, it would probably be best to just
allow a fingerprint to define an options table and pass it along. In that
case, you could set the "content" key of the options table to your POST
data.

For now, your best bet would be to write a stand-alone script to do what
you want. Unless you'd like to make the change I outlined above and submit
it so that others can benefit as well!

Dan

On Wed, Sep 21, 2016 at 9:08 AM, Gary Madarm <gmadarm () gmail com> wrote:


How can I create a fingerprint in http-fingerprints.lua using the POST
method and include POST data in the request?

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: