Nmap Development mailing list archives

[NSE] Patch for html-title.nse and http.lua to query http-alt and https-alt ports

From: jah <jah () zadkiel plus com>
Date: Tue, 11 Nov 2008 03:06:14 +0000

Hi folks,

The attached html-title.nse.patch adds http-alt and https-alt as
port.service values for html-title.nse.
It also allows a redirect to be followed with a change in url scheme if
url.port is present in the location header and that port is the same
scanned port.

A common application found running atop various httpds on tcp port 8443
is Parallels Plesk Control Panel and with this change, html-title can
often grab the title of the login page regardless of whether version
detection has been performed.

In order to be able to talk ssl to an https-alt port, http.lua would be
modified accordingly with the attached http.lua.patch

https-alt and http-alt are at --top-ports positions 116 and 117
respectively and I believe this could be a worthwhile addition.

Regards,

jah

--- http.lua.orig       2008-11-11 01:20:03.750000000 +0000
+++ http.lua    2008-11-11 01:51:42.015625000 +0000
@@ -105,8 +105,9 @@
 -- host table passed to a portrule or hostrule. The second argument is either
 -- the port number or a table like the port table passed to a portrule or
 -- hostrule. SSL is used for the request if <code>port.service</code> is
--- <code>"https"</code> or <code>port.version.service_tunnel</code> is
--- <code>"ssl"</code>. The third argument is the request. The fourth argument is
+-- <code>"https"</code> or <code>"https-alt"</code> or
+-- <code>port.version.service_tunnel</code> is <code>"ssl"</code>.
+-- The third argument is the request. The fourth argument is
 -- a table for further options.
 -- @param host The host to query.
 -- @param port The port on the host.
@@ -127,7 +128,7 @@
       stdnse.print_debug(1, "http.request() supports the TCP protocol only, your request to %s cannot be completed.", 
host)
       return nil
     end
-    if port.service == 'https' or ( port.version and port.version.service_tunnel == 'ssl' ) then
+    if port.service == 'https' or port.service == 'https-alt' or ( port.version and port.version.service_tunnel == 
'ssl' ) then
       protocol = 'ssl'
     end
     port = port.number

--- html-title.nse.orig 2008-11-11 01:34:53.109375000 +0000
+++ html-title.nse      2008-11-11 01:42:41.156250000 +0000
@@ -27,15 +27,18 @@
 local stdnse = require 'stdnse'
 
 portrule = function(host, port)
-       if port.protocol ~= 'tcp' or not (port.service == 'http' or port.service == 'https') then
-               return false
-       end
-       -- Don't bother running on SSL ports if we don't have SSL.
-       if (port.service == 'https' or port.version.service_tunnel == 'ssl')
-               and not nmap.have_ssl() then
-               return false
-       end
-       return true
+    local svc = { std = { ["http"] = 1, ["http-alt"] = 1 },
+                ssl = { ["https"] = 1, ["https-alt"] = 1 } }
+    if port.protocol ~= 'tcp'
+    or not ( svc.std[port.service] or svc.ssl[port.service] ) then
+        return false
+    end
+    -- Don't bother running on SSL ports if we don't have SSL.
+    if (svc.ssl[port.service] or port.version.service_tunnel == 'ssl')
+    and not nmap.have_ssl() then
+        return false
+    end
+    return true
 end
 
 action = function(host, port)
@@ -51,7 +54,7 @@
     local loc = redirect_ok( url, host, port )
     if loc then
       -- follow redirect
-      redir = ("Requested resource was %s://%s%s"):format( url.scheme or port.service, loc.host, loc.path )
+      redir = ("Requested resource was %s://%s%s%s"):format( url.scheme or port.service, loc.host, (url.port and 
(":%s"):format(url.port)) or "", loc.path )
       data = http.get( loc.host, loc.port, loc.path )
     else
       loc = nil -- killed so we know we didn't follow a redirect
@@ -92,12 +95,6 @@
   -- redirected to. They incrementally fill in loc.host, loc.port, and loc.path.
   local rules = {
     function (loc, url, host, port)
-      -- if url.scheme is present then it must match the scanned port
-      if url.scheme and url.scheme ~= port.service then return false end
-      return true
-    end,
-
-    function (loc, url, host, port)
       -- bail if userinfo is present
       return ( url.userinfo and false ) or true
     end,
@@ -131,6 +128,13 @@
     end,
 
     function (loc, url, host, port)
+      -- if url.scheme is present then it must match the scanned port
+      if url.scheme and url.port then return true end
+      if url.scheme and url.scheme ~= port.service then return false end
+      return true
+    end,
+
+    function (loc, url, host, port)
       -- path cannot be unchanged unless host has changed
       -- loc.path must be set if returning true
       if ( not url.path or url.path == "/" ) and url.host == ( host.targetname or host.ip) then return false end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE] Patch for html-title.nse and http.lua to query http-alt and https-alt ports jah (Nov 10)
- Re: [NSE] Patch for html-title.nse and http.lua to query http-alt and https-alt ports David Fifield (Nov 17)
  - Re: [NSE] Patch for html-title.nse and http.lua to query http-alt and https-alt ports jah (Nov 17)