Nmap Development mailing list archives
[NSE] http caching not taking checking headers difference
From: Hani Benhabiles <kroosec () gmail com>
Date: Thu, 17 May 2012 02:07:47 +0100
Hi list,While writing an http script, I found out that when sending two requests as in the code below causes the second to not be sent.
local response = http.get(host, port, '/', { ['header'] = { ['Foo'] = bar }}) local response2 = http.get(host, port, '/', { ['header'] = { ['Foo'] = bar2 }})
When investigating it, I found that it was due to the http cache system checking the host, port, method and url but not the request headers.
This happens in the function lookup_cache: local key = stdnse.get_hostname(host)..":"..port..":"..path; and if bypass_cache or record == nil or method ~= record.method thenSo, two requests with different headers end up treated as similar. Shouldn't they be treated as different ? Is this a choice by design or a bug ?
(I am well aware of the ability of disabling cache lookup in the request options.)
Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http caching not taking checking headers difference Hani Benhabiles (May 16)