Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How do I test framed web pages using NSE?

From: Martin Holst Swende <martin () swende se>
Date: Wed, 15 Sep 2010 08:42:19 +0200
On 09/15/2010 03:36 AM, Tom Sellers wrote:

On 9/14/10 2:39 PM, Bob Radvanovsky wrote:
  

I am trying to perform a test against a web page that redirects itself, and is a three-framed page:

frame 1             frame 2 (largest)            frame 3
XXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  XXXXXXXXXXXXXXXXXXXXX

Redirect looks something like http://1.1.1.1/index.html?redirect=/home.asp
    

Ok, this looks like a META-REFRESH redirect or some code-level redirect.
I don't expect that nmap will follow this if it is just looking at the title
tag, pulling auth or doing version detection.

I *think* that the only time it handles forwarding is when this is done with
a HTTP 301 [1] response code or similar.

What results do you get from nmap that differ from what you would expect?



  

...and yet, if attempt to "GET" the file as "GET /home.asp HTTP/1.1" (via TELNET), or use the http.get() 
function with the requested path of "/home.asp", I get a 400 error code.
    

That is an interesting question.  It would appear that either the page does not
exist or that it requires some other special conditions (referrer header,
cookie/session value established at index.html, etc)

Tom Sellers

  


If you want to analyse the traffic a bit more, and experiment with it, I
would recommend you use a http proxy; Websvarab, Burp or Paros. They
allow you to capture, modify, replay etc, so you can pinpoint exactly
what is the problem (by comparing your requests with the ones produced
by/in nmap/telnet.

One thing you are probably not doing in telnet is send a host-header
(?). In case the server has virtual domains, the host header is required
in order for the server to know what app should be called.


/Martin Holst Swende

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: