Nmap Development mailing list archives
Re: Nmap NSE: Bad Behaviour
From: Kris Katterjohn <katterjohn () gmail com>
Date: Fri, 30 May 2008 00:31:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brandon Enright wrote:
On Fri, 30 May 2008 04:02:11 +0100 or thereabouts jah <jah () zadkiel plus com> wrote: ...snip...There's always one that spoils it for the many, huh. Sorry about that.May I suggest that the HTTP library user-agent be changed to: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14In the meantime, I've uninstalled Nmap from my computer and I'm contacting its author for assistance.jahThat's too bad. I'd like to suggest though that we /not/ just hijack the Firefox user agent. Instead, this is probably a perfect place for us to make use of --script-args to provide an optional user agent override. Something like: --script-args http-user-agent="whatever you want" I'll hack this up in all my copious free time unless someone has a good nay or alternative.
What about adding a function to the HTTP library to return a random user agent? There can be a table of, say, 8-10 user agents ranging from IE to Firefox to Opera and with different OS's in the information. And maybe a generic name can be passed to the function to grab a specific browser's user-agent data, like http.get_user_agent("Firefox") (although maybe that's going overboard). Then the HTTP library can use it, and anybody else using HTTP, but not the library, can get it too. Of course the --script-args option can still be used for extra flexibility.
Brandon
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSD+RRf9K37xXYl36AQI5zxAAvNx/IZJkWPvqGvbe4VYUkA+BkWIGpRiB K0/eTmzft04K1aaAVaBngwffcYlYjWnbMUYdIH5DU+WSuesfYMHt4OP3ZKens1pz QBXihXjDWpfH3lmVrR0l70ilgvZpoddxfDj9rsZZSml/0x674ZNs+PXBiHqrvm8C JLTPO/zQgGhExIoN2jPsMl998PHmAKqiICRZpMwtw/UUJGcxqWjJ5aePIl2Gktj9 WuuZf2y6Nf6Is533VUzzSzdzSVruVmWCeVXrbGNCyIINbRioFHisRG+tzYtjMIUM pEMvNqcJzLZ5Uas+AptFU9JYDRF1WKSq9NgzOGt/M+KmX12HN9BZ4dnFfib6RbGu jjuex2DkjXKkaLiivKiVNUaVF/pZWykyW5METtDtvbHcMkKMT+2ysxndQFz0w/X+ vmNXF/zxFmpyLYpfWDkE2Fg0Dfe01Kmzh6q6J5MVC5Iw+mwZmS7VdMYv8rwl3aff WuxTIeX9oepEk8ZHYMV99wjgEj95R4P1v8A3MIgD1T8ejNZ5R3XyoB4kAJTEqWeC YHxIUcgUSyao2wJ+DHEdgp+Z6tGamTyqZtPXgOfpdK4xvoSuYY8qVAfPghkmUxhf nf2z36kpaWhzHN+3U3gvjyeujJWGHxq114xsXQcSL7NcaTBNjQAtFSaeCYMk6riv k4ucaJZLooA= =SXle -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap NSE: Bad Behaviour jah (May 29)
- Re: Nmap NSE: Bad Behaviour Brandon Enright (May 29)
- Re: Nmap NSE: Bad Behaviour Kris Katterjohn (May 29)
- Re: Nmap NSE: Bad Behaviour Kris Katterjohn (May 29)
- Re: Nmap NSE: Bad Behaviour bensonk (May 29)
- Re: Nmap NSE: Bad Behaviour jah (May 30)
- Re: Nmap NSE: Bad Behaviour Fyodor (May 30)
- Re: Nmap NSE: Bad Behaviour DePriest, Jason R. (Jun 09)
- Re: Nmap NSE: Bad Behaviour Kris Katterjohn (May 29)
- Re: Nmap NSE: Bad Behaviour Brandon Enright (May 29)