Nmap Development mailing list archives
Re: Correction for nginx match line
From: Sven Klemm <sven () c3d2 de>
Date: Fri, 04 Jan 2008 19:57:39 +0100
Fyodor wrote:
On Mon, Dec 17, 2007 at 05:06:11PM +0100, Sven Klemm wrote:The applied patch still had a bug in that it wouldn't match every 4xx code except 400. The patch applied to this mail fixes this.Thanks for the report. I've applied this to nmap-service-probes in svn.
Thank you very much for applying. Unfortunately there was still a minor bug in it which causes the http status code being reported as version number. The attached patch fixes this. Cheers -- Sven Klemm http://cthulhu.c3d2.de/~sven/
Index: nmap-service-probes =================================================================== --- nmap-service-probes (revision 6668) +++ nmap-service-probes (working copy) @@ -4520,7 +4520,7 @@ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ o/Windows/ match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/ -match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ v/$1/ +match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4(\d[1-9]|[1-9]\d)) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ v/$3/ match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http proxy/ i/Simple, Secure Web Server $1/ d/firewall/ match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http proxy/ match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute Pro http proxy/ o/Windows/
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Correction for nginx match line Sven Klemm (Jan 04)
- Re: Correction for nginx match line Fyodor (Jan 04)