Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http.request() ignores port.protocol and assumes "tcp" even when it's really "udp"

From: David Fifield <david () bamsoftware com>
Date: Mon, 10 Nov 2008 08:39:40 -0700
On Mon, Nov 10, 2008 at 03:07:34PM +0000, jah wrote:

I got a result where html-title ran against UDP port 80 and returned
with an html title which it obtained by talking TCP.  This occurs
because http.request() defines protocol = "tcp" but doesn't check that
port.protocol is actually tcp.

Easily fixed by returning nil from http.request() if port.protocol ==
"udp" and perhaps printing a debug info.
html-title might also be modified to avoid running for udp ports.

Do you think this is sufficient?


That sounds good to me. http shouldn't disregard a port protocol. If
someone ever needs to use an HTTP-like protocol over UDP then the debug
message will point them in the right direction.

Making html-title run only for TCP is a good idea too.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: