Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[PATCH] Follow redirect to find HTML Title

From: jah <jah () zadkiel plus com>
Date: Mon, 16 Jun 2008 16:43:19 +0100
Hi folks,

Sometimes, when running showHTMLTitle.nse, the default page (at which
the script is targeted) is not at "/" and the host returns HTTP Status
301 or 302.  On the basis that the server may be telling us where the
default page is at, the attached patch allows the script to follow the
redirect (once only) as long as it's at the same host.
Of course, there could be some other reason for the redirect, such as
preventing access to "/" based on User-Agent, but I thought I'd throw
the patch out there in case...

Regards,

jah


--- showHTMLTitle.nse.orig      2008-06-15 02:10:56.640625000 +0100
+++ showHTMLTitle.nse   2008-06-15 02:09:34.515625000 +0100
@@ -12,6 +12,7 @@
 categories = {"default", "demo", "safe"}
 
 require 'http'
+require 'url'
 
 portrule = function(host, port)
        if not (port.service == 'http' or port.service == 'https') then
@@ -29,6 +31,14 @@
        local data, result, title, protocol
 
        data = http.get( host, port, '/' )
+       -- follow ONE redirect if host is not some other host
+       if data.status == 301 or data.status == 302 then
+               local url = url.parse( data.header.location )
+               if url.host == host.targetname or url.host == ( host.name ~= '' and host.name ) or url.host == host.ip 
then
+                       stdnse.print_debug("showHTMLTitle.nse: Default page is located at " .. url.scheme.. "://" .. 
url.authority .. url.path)
+                       data = http.get( host, port, url.path )
+               end
+       end
        result = data.body
 
        -- watch out, this doesn't really work for all html tags
@@ -38,7 +48,7 @@
 
        if title ~= nil then
                result = string.gsub(title , "[\n\r\t]", "")
-               if string.len(title) > 50 then
+               if string.len(title) > 65 then
                        stdnse.print_debug("showHTMLTitle.nse: Title got truncated!");
                        result = string.sub(result, 1, 62) .. "..."
                end



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: