Nmap Development mailing list archives
Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements
From: jah <jah () zadkiel plus com>
Date: Fri, 03 Oct 2008 15:47:24 +0100
Some more thoughts on following a redirection (which I never considered would turn out to be such a pain in the arse). What I hoped to achieve by using http.get_url() was to check that the redirection wasn't to a different box and then to pretty much follow any URI given. So really, the last iteration was checking the host and then just making sure that the URI was sane for get_url(). For example, if there was no scheme present: location = host.com/ it would add one. Similarly for path. This would allow us to follow redirects where the scheme, authority (perhaps the redirect includes userinfo - user:pass@host ), host (perhaps we're being asked to use the hostname rather than the IP), port or path changes. In theory, that is, because it turns out that get_url() ignores anything in url.authority except the hostname/IP and overrides the port number based on the scheme (http = 80, https = 443). On top of that, I've got some doubts as to whether we should even follow a redirection to a different port. If the user didn't specify the port in a scan, should we override their choice? Then again perhaps they'd like to know about this extra port. A common redirection is to https on port 443. Perhaps this should be the one exception to the rule that enforces no deviation from physical box and the port specified. Perhaps there should be no exceptions and just report the location to the user - as is done if we can't determine whether we're being redirected to a different box. This is what I'm tending toward: Disallow redirection to a different box or where we can't determine if the redirection is to a different box. Allow redirection to port 443 only if port 443 is not one of the user specified ports (since the script will also run against that port). Disallow redirection to any other port. I'm still not sure about these cases: Allow redirection where userinfo is given. Allow redirection where no part of the URI changes (server sets a cookie) or where a query string is added to an otherwise unchanged URI. Obviously, a debug statement would alert the user to any redirection found whether followed or not. I'm still in two minds about implementing a DNS lookup which might yield a vhost for the box in most cases and yield the name of a related box in others. Your thoughts much appreciated. Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements David Fifield (Oct 02)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements Sven Klemm (Oct 03)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements jah (Oct 03)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements Sven Klemm (Oct 03)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements jah (Oct 03)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements Fyodor (Oct 03)
- [PATCH] showHTMLTitle.nse jah (Oct 04)
- Re: [PATCH] showHTMLTitle.nse David Fifield (Oct 04)
- Re: [PATCH] showHTMLTitle.nse David Fifield (Oct 05)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements jah (Oct 03)
- Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements Sven Klemm (Oct 03)