Nmap Development mailing list archives
Re: How do I test framed web pages using NSE?
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 14 Sep 2010 20:36:25 -0500
On 9/14/10 2:39 PM, Bob Radvanovsky wrote:
I am trying to perform a test against a web page that redirects itself, and is a three-framed page: frame 1 frame 2 (largest) frame 3 XXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXX Redirect looks something like http://1.1.1.1/index.html?redirect=/home.asp
Ok, this looks like a META-REFRESH redirect or some code-level redirect. I don't expect that nmap will follow this if it is just looking at the title tag, pulling auth or doing version detection. I *think* that the only time it handles forwarding is when this is done with a HTTP 301 [1] response code or similar. What results do you get from nmap that differ from what you would expect?
...and yet, if attempt to "GET" the file as "GET /home.asp HTTP/1.1" (via TELNET), or use the http.get() function with the requested path of "/home.asp", I get a 400 error code.
That is an interesting question. It would appear that either the page does not exist or that it requires some other special conditions (referrer header, cookie/session value established at index.html, etc) Tom Sellers 1. http://en.wikipedia.org/wiki/HTTP_301 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- How do I test framed web pages using NSE? Bob Radvanovsky (Sep 14)
- Re: How do I test framed web pages using NSE? Tom Sellers (Sep 14)
- Re: How do I test framed web pages using NSE? Martin Holst Swende (Sep 14)
- Re: How do I test framed web pages using NSE? Tom Sellers (Sep 14)