Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script http-methods.nse

From: David Fifield <david () bamsoftware com>
Date: Tue, 23 Feb 2010 12:45:18 -0700
On Tue, Feb 23, 2010 at 08:26:21PM +0100, Bernd Stroessenreuther wrote:

That has some good ideas. I like the idea of using a nonexistent method
for enumeration. You can use that to get the methods from an Ncat HTTP
proxy:

$ ncat -l --proxy-type http
$ ncat localhost
BOGUS http://test/ HTTP/1.0
HTTP/1.0 405 Method Not Allowed
Allow: CONNECT, GET, HEAD, POST

$ ncat localhost
OPTIONS http://test/ HTTP/1.0
HTTP/1.0 405 Method Not Allowed
Allow: CONNECT, GET, HEAD, POST


Using a non existant method has - from my point of view - one major 
disadvantage: A reverse proxy might notice this invalid request and might 
drop it, e. g. giving a 403 or something else. You might not even get trough 
to the target system. A valid HTTP method like OPTIONS has much better 
chances to get through.

And I think currently more and more companies build up revese proxies
in front of their web applications to better protect them.


We could possibly do both. But we're just brainstorming here, none of
this has to happen.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: