Nmap Development mailing list archives
Re: http-date.nse
From: Joao Correa <joao () livewire com br>
Date: Thu, 9 Jul 2009 18:51:07 -0300
Hi Rob,
I didn't add the Content-Length header to the POST request because the
function http.request already takes care of calculating and adding it
in case of the table field options.content not being 'nil'.
If you have applied the patch, I believe that you can see where it
happens in http.lua's lines 411-413:
if(options.content ~= nil and options.header['Content-Length'] == nil) then
data = data .. "Content-Length: " .. string.len(options.content) .. "\r\n"
end
Thanks for the comment,
Joao
On Thu, Jul 9, 2009 at 6:30 PM, Rob
Nicholls<robert () everythingeverything co uk> wrote:
Hi Joao, As you state, your patch is only slightly different to the one I sent to the list, but yours looks slightly better in my opinion. However, I would like to suggest you add a Content-Length header to the POST request. I don't think it's technically required as part of any standard (although they're mostly ambiguous), but it sounds like [1] some implementations expect to see one (and may return "411 Length Required" if it's missing). Rob [1] http://www.faqs.org/rfcs/rfc1867.html -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Joao Correa Sent: 09 July 2009 18:09 To: Jörg Wölke Cc: nmap-dev () insecure org Subject: Re: http-date.nse Hi guys, I've written POST and HEAD support for http.lua a few weeks ago. I never committed and never mentioned it on the list before because I didn't test it properly. I didn't know about this other patch mentioned by Jorg. Both HEAD methods are very similar (and honestly I can't think how this could be very different). Anyway, POST method is slightly different. I've tested HEAD using david's script (http-date.nse) and it worked properly (both script and method). Follows the patch. Thanks, Joao Correa On Wed, Jul 8, 2009 at 11:00 AM, "Jörg Wölke"<lumbricus () gmx net> wrote:Hi!Why not use HTTPs HEAD method? It should save some bandwidth.I agree HEAD would be better in this case, but http.lua doesn't support HEAD yet.Oh, I see. But there exists a patch: "http://seclists.org/nmap-dev/2009/q1/0889.html"; Except for a feature request, there wasn't any answer to that. Is something wrong with the patch (sorry, I'm new to lua), or was it just overlooked?David FifieldGreetings, J"o! P.S.: Sorry, Dave for not replying to the list the first time. My bad. -- Freedom, Freedom, Freedom, Oi! -- Zoidberg -- Freedom, Freedom, Freedom, Oi! -- Zoidberg GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- http-date.nse David Fifield (Jul 06)
- Re: http-date.nse Fyodor (Jul 11)
- Re: http-date.nse David Fifield (Jul 13)
- <Possible follow-ups>
- Re: http-date.nse Jörg Wölke (Jul 08)
- Re: http-date.nse David Fifield (Jul 08)
- Re: http-date.nse Jörg Wölke (Jul 08)
- Re: http-date.nse Joao Correa (Jul 09)
- RE: http-date.nse Rob Nicholls (Jul 09)
- Re: http-date.nse Joao Correa (Jul 09)
- Re: http-date.nse David Fifield (Jul 08)
- Re: http-date.nse Fyodor (Jul 11)