Nmap Development mailing list archives
[NSE] HTTP TRACE script
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 31 Aug 2007 17:47:32 -0500
Hey everyone!I've attached an NSE script which sends an HTTP TRACE command to a server and examines the response for modifications.
Here's an example with mozilla.org: Starting Nmap 4.22SOC6 ( http://insecure.org ) at 2007-08-31 17:32 CDT Interesting ports on 63.245.209.11: PORT STATE SERVICE 80/tcp open http | HTTP TRACE: Response differs from request: | Sent: | TRACE / HTTP/1.0 | | Received: | TRACE / HTTP/1.0 | Connection: Keep-Alive | X-Forwarded-For: 74.227.50.254 | MOZ-REQ-METHOD: HTTP |_ Nmap done: 1 IP address (1 host up) scanned in 0.455 seconds And sony.com: Starting Nmap 4.22SOC6 ( http://insecure.org ) at 2007-08-31 17:36 CDT Interesting ports on 160.33.26.10: PORT STATE SERVICE 80/tcp open http | HTTP TRACE: Response differs from request: | Sent: | TRACE / HTTP/1.0 | | Received: | TRACE / HTTP/1.0 | Connection: Keep-Alive | NS_CLIENT_IP: 74.227.50.254 |_ Nmap done: 1 IP address (1 host up) scanned in 0.469 seconds There aren't any modifications between here and kernel.org: Starting Nmap 4.22SOC6 ( http://insecure.org ) at 2007-08-31 17:35 CDT Warning: Hostname kernel.org resolves to 2 IPs. Using 204.152.191.37. Interesting ports on 204.152.191.37: PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.414 seconds Please let me know what you think! Thanks, Kris Katterjohn
-- Send HTTP TRACE command and check for modifications -- 08/31/2007 id = "HTTP TRACE" description = "Send HTTP TRACE and check for modifications" author = "Kris Katterjohn <katterjohn () gmail com>" license = "Look at Nmap's COPYING" categories = {"safe", "discovery"} require "shortport" validate = function(response, original) local start, stop local data if not string.match(response, "HTTP/1.[01] 200") then return end start, stop = string.find(response, "\r\n\r\n") data = string.sub(response, stop+1) if original ~= data then return data end return end portrule = shortport.port_or_service({80, 8080}, "http") action = function(host, port) local cmd, response, ret local socket socket = nmap.new_socket() socket:connect(host.ip, port.number) cmd = "TRACE / HTTP/1.0\r\n\r\n" socket:send(cmd) response = "" while true do local status, lines = socket:receive_lines(1) if not status then break end response = response .. lines end socket:close() ret = validate(response, cmd) if ret then local output = "" output = output .. "Response differs from request:\n" output = output .. "Sent:\n" .. cmd .. "\n" output = output .. "Received:\n" .. ret .. "\n" return output end return end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] HTTP TRACE script Kris Katterjohn (Aug 31)
- Re: [NSE] HTTP TRACE script Kris Katterjohn (Sep 01)
- Re: [NSE] HTTP TRACE script Kris Katterjohn (Sep 01)
- Re: [NSE] HTTP TRACE script Kris Katterjohn (Sep 01)