Nmap Development mailing list archives
Re: How do I test framed web pages using NSE?
From: Martin Holst Swende <martin () swende se>
Date: Wed, 15 Sep 2010 08:42:19 +0200
On 09/15/2010 03:36 AM, Tom Sellers wrote:
On 9/14/10 2:39 PM, Bob Radvanovsky wrote:I am trying to perform a test against a web page that redirects itself, and is a three-framed page: frame 1 frame 2 (largest) frame 3 XXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXX Redirect looks something like http://1.1.1.1/index.html?redirect=/home.aspOk, this looks like a META-REFRESH redirect or some code-level redirect. I don't expect that nmap will follow this if it is just looking at the title tag, pulling auth or doing version detection. I *think* that the only time it handles forwarding is when this is done with a HTTP 301 [1] response code or similar. What results do you get from nmap that differ from what you would expect?...and yet, if attempt to "GET" the file as "GET /home.asp HTTP/1.1" (via TELNET), or use the http.get() function with the requested path of "/home.asp", I get a 400 error code.That is an interesting question. It would appear that either the page does not exist or that it requires some other special conditions (referrer header, cookie/session value established at index.html, etc) Tom Sellers
If you want to analyse the traffic a bit more, and experiment with it, I would recommend you use a http proxy; Websvarab, Burp or Paros. They allow you to capture, modify, replay etc, so you can pinpoint exactly what is the problem (by comparing your requests with the ones produced by/in nmap/telnet. One thing you are probably not doing in telnet is send a host-header (?). In case the server has virtual domains, the host header is required in order for the server to know what app should be called. /Martin Holst Swende _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- How do I test framed web pages using NSE? Bob Radvanovsky (Sep 14)
- Re: How do I test framed web pages using NSE? Tom Sellers (Sep 14)
- Re: How do I test framed web pages using NSE? Martin Holst Swende (Sep 14)
- Re: How do I test framed web pages using NSE? Tom Sellers (Sep 14)