Nmap Development mailing list archives
Correction for nginx match line
From: Sven Klemm <sven () c3d2 de>
Date: Mon, 17 Dec 2007 16:54:54 +0100
Hi nmap improperly detects nginx over ssl as http-proxy when doing service scan. The reason for this is that nginx answers with HTTP 400 Bad Request when it receives HTTP Requests on HTTPS ports. The attached patch adjusts the match line so that nginx over ssl will be properly detected as ssl/http-proxy. Result with patch: sven:~/code/nmap> nmap -p 80,443 23.23.23.23 -sV Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-17 16:45 CET Interesting ports on 23.23.23.23: PORT STATE SERVICE VERSION 80/tcp open http-proxy nginx http proxy 0.5.30 443/tcp open ssl/http-proxy nginx http proxy 0.5.30 Cheers Sven
Index: nmap-service-probes =================================================================== --- nmap-service-probes (revision 6557) +++ nmap-service-probes (working copy) @@ -4521,7 +4521,7 @@ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ o/Windows/ match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/ -match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: nginx/([\d.]+)\r\n| p/nginx http proxy/ v/$1/ +match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4([1-9]\d|0[1-9])) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ v/$3/ match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http proxy/ i/Simple, Secure Web Server $1/ d/firewall/ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http proxy/ match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute Pro http proxy/ o/Windows/
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Correction for nginx match line Sven Klemm (Dec 17)
- Re: Correction for nginx match line Sven Klemm (Dec 17)
- Re: Correction for nginx match line Fyodor (Dec 20)
- Re: Correction for nginx match line Sven Klemm (Dec 17)