Nmap Development mailing list archives
Processing of malformed HTTP header names
From: nnposter <nnposter () users sourceforge net>
Date: Sun, 23 Oct 2016 08:54:43 -0600
I would like to solicit input on modifying http.lua to allow processing of HTTP responses even if they contain a malformed header, such as an invalid character in the name or just superfluous whitespace between the name and the colon. As of now http.lua rejects such responses. A real-world example on which NSE scripts fail: HTTP/1.1 200 OK Server: Netgear Content-Type: text/html Pragma: no-cache Last Modified: Fri, 16 July 2001 01:01:01 GMT Connection: close I am proposing for http.lua to process such responses, simply skipping over the malformed header. Details at https://github.com/nmap/nmap/issues/573 Cheers, nnposter _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Processing of malformed HTTP header names nnposter (Oct 23)
- Re: Processing of malformed HTTP header names Paulino Calderon (Oct 24)