Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script http-methods.nse

From: Bernd Stroessenreuther <berny1 () users sourceforge net>
Date: Tue, 23 Feb 2010 20:26:21 +0100
Hi David,


That has some good ideas. I like the idea of using a nonexistent method
for enumeration. You can use that to get the methods from an Ncat HTTP
proxy:

$ ncat -l --proxy-type http
$ ncat localhost
BOGUS http://test/ HTTP/1.0
HTTP/1.0 405 Method Not Allowed
Allow: CONNECT, GET, HEAD, POST

$ ncat localhost
OPTIONS http://test/ HTTP/1.0
HTTP/1.0 405 Method Not Allowed
Allow: CONNECT, GET, HEAD, POST


Using a non existant method has - from my point of view - one major 
disadvantage: A reverse proxy might notice this invalid request and might 
drop it, e. g. giving a 403 or something else. You might not even get trough 
to the target system. A valid HTTP method like OPTIONS has much better 
chances to get through.

And I think currently more and more companies build up revese proxies in front 
of their web applications to better protect them.

Best regards,
   Bernd Stroessenreuther
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: