Nmap Development mailing list archives

Re: [NSE] redirect support in http.lua

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 11 Feb 2012 18:52:22 +0100

On Sat, Feb 11, 2012 at 4:13 PM, David Fifield <david () bamsoftware com>wrote:

On Sat, Feb 11, 2012 at 02:41:13PM +0100, Patrik Karlsson wrote:

On Fri, Feb 10, 2012 at 12:16 AM, David Fifield <david () bamsoftware com
wrote:

On Thu, Feb 09, 2012 at 05:08:29PM +0100, Patrik Karlsson wrote:

Hi all,

I'm attaching a patch that I would like to apply to the http

library. It

adds support for HTTP redirects to the http.get and http.head

functions.

The default behavior will be to follow 5 levels of redirects before

bailing

out. The no_follow_redirect can be passed as an option to disable

redirect

support.


How about instead of no_follow_redirect, passing a redirect_ok function
as an option. The default value of redirect_ok would be the built-in
sensible default in http.lua. To turn off redirect following, you could
pass a function that always returns false, but it should also accept
this as a synonym:
       redirect_ok = false

(Generally I hate turning off options by saying "no_option = true"
rather than "option = false".)

The limit of 5 redirects might be done better by making it part of the
redirect_ok function. It can be a closure that has a variable in its
environment that it decrements every time it is called. Then your loop
can be just
       repeat .. until not redirect_ok
instead of having to check two conditions.


Ok, I committed the redirect code in r28047 with the changes you

suggested.

http.get and http.head should now transparently handle redirects.
Although I've done a bunch of tests, please keep an eye out and report

any

bugs related to this change.


Thanks, nice job.

I got this error:
$ ./nmap --script=http-favicon www.nmap.org -p80 -d
Initiating NSE at 07:11
NSE: Got icon URL /shared/images/tiny-eyeicon.png.
NSE: http-favicon against 74.207.254.18:80 threw an error!
/home/david/nmap-git/nselib/http.lua:1264: attempt to index local 'port'
(a number value)
stack traceback:
       /home/david/nmap-git/nselib/http.lua:1264: in function 'rule'
       /home/david/nmap-git/nselib/http.lua:1293: in function 'redir_check'
       /home/david/nmap-git/nselib/http.lua:1382: in function 'get'
       /home/david/nmap-git/scripts/http-favicon.nse:84: in function
</home/david/nmap-git/scripts/http-favicon.nse:45>
       (tail call): ?

David Fifield


Thanks for finding this! Guess I didn't do that good of a job testing. I've
just committed a fix as r28048.
I sure looooove how the port passed to http.get and http.head can be either
a table or number .....

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] redirect support in http.lua Patrik Karlsson (Feb 09)
- Re: [NSE] redirect support in http.lua Michael Kohl (Feb 09)
- Re: [NSE] redirect support in http.lua Lauri Kokkonen (Feb 09)
- Re: [NSE] redirect support in http.lua David Fifield (Feb 09)
  - Re: [NSE] redirect support in http.lua Patrik Karlsson (Feb 11)
    - Re: [NSE] redirect support in http.lua David Fifield (Feb 11)
    - Re: [NSE] redirect support in http.lua Patrik Karlsson (Feb 11)