Re: How do I test framed web pages using NSE?

[Tom Sellers <nmap () fadedcode net>]

On 9/14/10 2:39 PM, Bob Radvanovsky wrote:
> I am trying to perform a test against a web page that redirects itself, and is a three-framed page:
>
> frame 1             frame 2 (largest)            frame 3
> XXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXX
>
> Redirect looks something like http://1.1.1.1/index.html?redirect=/home.asp

Ok, this looks like a META-REFRESH redirect or some code-level redirect.
I don't expect that nmap will follow this if it is just looking at the title
tag, pulling auth or doing version detection.

I *think* that the only time it handles forwarding is when this is done with
a HTTP 301 [1] response code or similar.

What results do you get from nmap that differ from what you would expect?



> ...and yet, if attempt to "GET" the file as "GET /home.asp HTTP/1.1" (via TELNET), or use the http.get() 
> function with the requested path of "/home.asp", I get a 400 error code.

That is an interesting question.  It would appear that either the page does not
exist or that it requires some other special conditions (referrer header,
cookie/session value established at index.html, etc)

Tom Sellers


1.  http://en.wikipedia.org/wiki/HTTP_301

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/