Re: Nmap service detection, http 1.1

[doug () hcsw org]

On Mon, Nov 24, 2008 at 05:47:50PM +0100 or thereabouts, Jak0b wrote:
> The service detection later fails. And my question is of course, does
> nmap support http 1.1?
> And if so, does it support it correctly or is it just this particular
> server that
> doesn't follow common standards?

No, service detection doesn't support HTTP/1.1. The
HTTP-related probes use HTTP/1.0. This is unfortunate
because of servers like yours that don't fall-back
to 1.0 gracefully (ie give enough information to
identify the server).

The biggest problem with 1.1 support is that -sV
doesn't usually know what to send in the Host: header
field (which is required for 1.1). In theory it could
use a reverse DNS lookup or any domain names provided
by the user on the Nmap command line. But such results
would be spotty at best and could generate confusing
and unreliable fingerprints.

Also, -sV doesn't parse chunked encoding which is
required for HTTP/1.1 support.

-sV never persists or pipelines HTTP connections.

Now-a-days, I think that most of this stuff should
probably be handled in NSE, not -sV.

Hope this helps,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org