Nmap Development mailing list archives
[PATCH] http-open-proxy - improvement to pattern for matching response status-line
From: jah <jah () zadkiel plus com>
Date: Mon, 29 Jun 2009 01:53:16 +0100
Evening All, Attached is a patch for http-open-proxy which prevents some false positives when testing the http status-line in a response. (This usually happens when testing a target with the CONNECT method, but also if the user supplies --script-args openproxy.url, but not openproxy.pattern) The current patterns used to match the http status-line are not restricted to matching a valid http status-line. An example is the pattern "^http.*200.*" which matched the following in a response: http/1.1 501 not supported server: microsoft-iis/5.1 date: sun, 28 jun 200 and resulted in: 8080/tcp open http Microsoft IIS webserver 5.1 | http-open-proxy: Potentially OPEN proxy. |_ Methods succesfully tested: CONNECT The patch also tidies-up a few stray variables and typo's. Regards, jah
--- http-open-proxy.nse.orig 2009-06-28 01:17:28.390625000 +0100
+++ http-open-proxy.nse 2009-06-28 01:14:52.500000000 +0100
@@ -51,10 +51,8 @@
--@param result connection result
--@return true if any of the status is found, otherwise false
function check_code(result)
- local status = false
- if string.match(result:lower(),"^http.*200.*") then return true end
- if string.match(result:lower(),"^http.*301.*") then return true end
- if string.match(result:lower(),"^http.*302.*") then return true end
+ if string.match(result:lower(),"^http/%d\.%d%s*200") then return true end
+ if string.match(result:lower(),"^http/%d\.%d%s*30[12]") then return true end
return false
end
@@ -63,9 +61,9 @@
--@param pattern The pattern to be searched
--@return true if pattern is found, otherwise false
function check_pattern(result, pattern)
- lines = stdnse.strsplit("\n", result)
- i = 1
- n = table.getn(lines)
+ local lines = stdnse.strsplit("\n", result)
+ local i = 1
+ local n = table.getn(lines)
while true do
if i > n then return false end
if string.match(lines[i]:lower(),pattern) then return true end
@@ -90,14 +88,9 @@
portrule = shortport.port_or_service({8123,3128,8000,8080},{'polipo','squid-http','http-proxy'})
action = function(host, port)
- local response
- local i
local retval
- local supported_methods = "\nMethods succesfully tested: "
+ local supported_methods = "\nMethods successfully tested: "
local fstatus = false
-
- -- Default url = nmap.org
- -- Default host = nmap.org
local test_url = "http://www.google.com";
local hostname = "www.google.com"
local pattern = "^server: gws"
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] http-open-proxy - improvement to pattern for matching response status-line jah (Jun 28)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line jah (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line jah (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)