Nmap Development mailing list archives
RE: Enhanced Version of HTTPtrace.nse
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Fri, 14 Dec 2007 08:15:08 -0000
Thanks Thomas, I've started adding support and a version I've got here appears to work a lot better on Linux now. However, has anyone got any good suggestions on how I can work out if a server on port 443 isn't using https, but is actually using http? If a service scan was performed, nmap correctly replaces https with http, but a default scan uses nmap-services and states that the service is https. I've seen servers without ssl that serve http on 443/tcp, and they often have TRACE enabled too, so I'd prefer to catch this scenario if possible. On Windows, it'll see "https" from nmap and think it needs ssl, and due to a lack of ssl support my updated script here will stop what it's doing (without giving any additional info). On clients with ssl support, however, it'll try and connect to the plaintext service using an ssl connection, and I suspect - as I haven't tried a newer version of my script yet on Linux - it might even come up with a false negative (which would be even worse). Is there any way an NSE script can do something like ask/force nmap to do a service scan for the port it's testing? Or should I assume that the user doesn't mind the odd lack of a result from the script if they haven't gone with a version scan to begin with? The same logic would probably be useful for other scripts, such as showHTMLTitle. Rob -----Original Message----- From: Thomas Buchanan [mailto:tbuchanan () thecompassgrp net] Sent: 14 December 2007 02:07 To: Rob Nicholls Cc: nmap-dev () insecure org Subject: Re: Enhanced Version of HTTPtrace.nse Rob Nicholls wrote: <snip>
I changed the portrule so it'll test any open tcp port that's detected by nmap as "http" or "https" (obviously, a version scan needs to be performed to identify unusual ports), as Kris' original script only tested 80 or 8080. It should also be obvious that the Windows client won't see "https", they'll get "ssl", so the script won't run against secure HTTP servers for Windows based nmap users. I haven't tested this script using nmap on a Linux host (yet), but I'm hoping adding the rule to support https shouldn't be a problem. I'm sure someone will let me know otherwise.
Rob, I think it takes a little more than this to enable SSL support. You have to pass a different protocol ("ssl" instead of "tcp") to the socket:connect() call for SSL connections. See showHTMLTitle.nse for an example. Also, you may want to use the recently introduced nmap.have_ssl() to test whether Nmap was compiled with SSL support. Hope this helps, Thomas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 13)
- Re: Enhanced Version of HTTPtrace.nse Kris Katterjohn (Dec 13)
- Re: Enhanced Version of HTTPtrace.nse jah (Dec 13)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 13)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 13)
- Re: Enhanced Version of HTTPtrace.nse Thomas Buchanan (Dec 13)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 14)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 14)
- Re: Enhanced Version of HTTPtrace.nse Fyodor (Dec 15)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 14)
- Re: Enhanced Version of HTTPtrace.nse Kris Katterjohn (Dec 13)