Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Processing of malformed HTTP header names

From: nnposter <nnposter () users sourceforge net>
Date: Sun, 23 Oct 2016 08:54:43 -0600
I would like to solicit input on modifying http.lua to allow processing
of HTTP responses even if they contain a malformed header, such as an
invalid character in the name or just superfluous whitespace between the
name and the colon. As of now http.lua rejects such responses.

A real-world example on which NSE scripts fail:

  HTTP/1.1 200 OK
  Server: Netgear
  Content-Type: text/html
  Pragma: no-cache
  Last Modified: Fri, 16 July 2001 01:01:01 GMT
  Connection: close


I am proposing for http.lua to process such responses, simply skipping
over the malformed header.

Details at https://github.com/nmap/nmap/issues/573


Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: