Nmap Development mailing list archives

[PATCH] Added matching of body content to http-open-proxy for better detection

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 7 Mar 2009 02:56:49 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey all, attached is a patch to Arturo's excellent http-open-proxy.nse
script to hopefully improve detection of open proxies that strip some
headers.

Currently the script sends a request to www.google.com through a
suspected HTTP proxy and checks to see if it gets Google's signature
"Server: gws" header back.

Unfortunately we have several open Squid Proxies on campus that strip
this header causing a false negative. The attached patch allows the
script to match Google's "I'm Feeling Lucky" button if the "Server:
gws" header isn't there.

I know this is a English-specific addition but I wasn't sure what else
could be matched on.  I suppose we could look at the "Set-Cookie:"
header for something that looks Googlish.

I'd appreciate comments and ideas on how to better detect open HTTP
proxies.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmx4ncACgkQqaGPzAsl94I3qgCgtlky2/ap1ojWIi+2GTtzmQxM
eQAAoIUioaLr3xexrL3julNYtsEOM/w7
=ovxZ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[PATCH] Added matching of body content to http-open-proxy for better detection Brandon Enright (Mar 06)
- Re: [PATCH] Added matching of body content to http-open-proxy for better detection Brandon Enright (Mar 06)
- Re: [PATCH] Added matching of body content to http-open-proxy for better detection ithilgore (Mar 10)