Nmap Development mailing list archives
Re: [NSE] NSE HTTP library
From: Sven Klemm <sven () c3d2 de>
Date: Fri, 18 Jan 2008 01:26:14 +0100
Kris Katterjohn wrote:
I had this very idea a while ago, but I never did it. I haven't tested it yet (it's past my bedtime now), but it looks really cool! :)
Thank you. I've attached a new version which has two minor bugfixes: Multiple Headers with the same name are now handled properly. The newlines in the body that are stripped during receiving are now added back. But I've run into problem that let's nmap segfault reproducible. Somehow that's related to my http library at least it does not occur without the library. I am also getting cannot resume dead coroutine errors. But currently I have no idea what causes these. Maybe someone can help me here. Here are the backtraces I get: Program received signal SIGSEGV, Segmentation fault. 0x0fa76528 in ?? () from /lib/libc.so.6 (gdb) bt #0 0x0fa76528 in ?? () from /lib/libc.so.6 #1 0x0fa763ec in ?? () from /lib/libc.so.6 #2 0x0fa78f5c in ?? () from /lib/libc.so.6 #3 0x0fa7a03c in ?? () from /lib/libc.so.6 #4 0x0fa7afac in realloc () from /lib/libc.so.6 #5 0x100c2040 in l_alloc () #6 0x100b8e50 in luaM_realloc_ () #7 0x100b5544 in luaD_reallocstack () #8 0x100b5864 in resume_error () #9 0x10072770 in process_mainloop (l=0x1016fc90) at nse_main.cc:297 #10 0x10073898 in script_scan (targets=@0x7fd89d30) at nse_main.cc:214 #11 0x1001c4f4 in nmap_main (argc=5, argv=0x7fd8ef64) at nmap.cc:1753 #12 0x10017dbc in main (argc=5, argv=0x7fd8ef64) at main.cc:227 *** glibc detected *** /home/sven/code/nmap/nmap: double free or corruption (!prev): 0x101bfc70 *** Program received signal SIGABRT, Aborted. 0x0fa2deec in raise () from /lib/libc.so.6 (gdb) bt #0 0x0fa2deec in raise () from /lib/libc.so.6 #1 0x0fa2fb5c in abort () from /lib/libc.so.6 #2 0x0fa6e534 in ?? () from /lib/libc.so.6 #3 0x0fa76378 in ?? () from /lib/libc.so.6 #4 0x0fa7a0d8 in ?? () from /lib/libc.so.6 #5 0x0fa7afac in realloc () from /lib/libc.so.6 #6 0x100c2040 in l_alloc () #7 0x100b8e50 in luaM_realloc_ () #8 0x100b5544 in luaD_reallocstack () #9 0x100b5864 in resume_error () #10 0x10072770 in process_mainloop (l=0x1016fc90) at nse_main.cc:297 #11 0x10073898 in script_scan (targets=@0x7fa875a0) at nse_main.cc:214 #12 0x1001c4f4 in nmap_main (argc=5, argv=0x7fa8c7d4) at nmap.cc:1753 #13 0x10017dbc in main (argc=5, argv=0x7fa8c7d4) at main.cc:227
It would be really cool if this could be integrated into nmap.Yeah it would... you're becoming a new NSE guy ;)
:) Cheers, Sven -- Sven Klemm http://cthulhu.c3d2.de/~sven/
-- See nmaps COPYING for licence module(...,package.seeall) require 'stdnse' require 'url' -- -- http.get( host, port, path ) -- http.request( host, port, request ) -- http.get_url( url ) -- -- host may either be a string or table -- port may either be a number or a table -- -- the format of the return value is a table with the following structure: -- {status = 200, header = {}, body ="<html>...</html>"} -- the header table has an entry for each received header with the header name being the key -- thee table also has an entry named "status" which contains the http status code of the request -- in case of an error status is nil -- fetch relative URL with get request get = function( host, port, path ) local hostname = host if type(host) == 'table' then hostname = ( host.name ~= '' and host.name ) or host.ip end local data data = "GET "..path.." HTTP/1.1\r\n" data = data .. "Host: "..hostname.."\r\n" data = data .. "User-Agent: Nmap NSE\r\n" data = data .. "Connection: close\r\n\r\n" return request( host, port, data ) end -- URL with get request get_url = function( u ) local parsed = url.parse( u ) local port = {} port.service = parsed.scheme port.number = parsed.port if not port.number then if parsed.scheme == 'https' then port.number = 443 else port.number = 80 end end local path = parsed.path or "/" if parsed.query then path = path .. "?" .. parsed.query end return get( parsed.host, port, path ) end -- send http request and return the result as table -- host may be a table or the hostname -- port may be a table or the portnumber request = function( host, port, data ) if type(host) == 'table' then host = ( host.name ~= '' and host.name ) or host.ip end local protocol = 'tcp' if type(port) == 'table' then if nmap.have_ssl() and ( port.service == 'https' or ( port.version and port.version.service_tunnel == 'ssl' ) ) then protocol = 'ssl' end port = port.number end socket = nmap.new_socket() socket:connect( host, port, protocol ) socket:send( data ) local buffer = stdnse.make_buffer( socket, "\r?\n" ) local status, line, result local header, body = {}, {} -- header loop while true do status, line = buffer() if (not status or line == "") then break end table.insert(header,line) end result = {status=nil,header={},body=""} -- build nicer table for header for key, value in pairs( header ) do if key == 1 then local code _, _, code = string.find( value, "HTTP/%d\.%d (%d+)") result.status = tonumber(code) else _, _, key, value = string.find( value, "(.+): (.*)" ) if key and value then value = value:gsub( '[\r\n]+', '' ) if result.header[key] then result.header[key] = result.header[key] .. ',' .. value else result.header[key] = value end end end end -- body loop while true do status, line = buffer() if (not status) then break end table.insert(body,line) end socket:close() result.body = table.concat( body, "\n" ) return result end
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] NSE HTTP library Sven Klemm (Jan 16)
- Re: [NSE] NSE HTTP library Kris Katterjohn (Jan 16)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 17)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 18)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 18)
- RE: [NSE] NSE HTTP library Thomas Buchanan (Jan 18)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 18)
- Re: [NSE] NSE HTTP library Thomas Buchanan (Jan 19)
- RE: [NSE] NSE HTTP library Thomas Buchanan (Jan 19)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 20)
- Re: [NSE] NSE HTTP library Fyodor (Jan 31)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 31)
- RE: [NSE] NSE HTTP library Thomas Buchanan (Jan 31)
- Re: [NSE] NSE HTTP library Sven Klemm (Jan 17)
- Re: [NSE] NSE HTTP library Kris Katterjohn (Jan 16)