Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] http caching not taking checking headers difference

From: Hani Benhabiles <kroosec () gmail com>
Date: Thu, 17 May 2012 02:07:47 +0100
Hi list,
While writing an http script, I found out that when sending two requests as in the code below causes the second to not be sent.
local response = http.get(host, port, '/', { ['header'] = { ['Foo'] = bar }}) local response2 = http.get(host, port, '/', { ['header'] = { ['Foo'] = bar2 }})
When investigating it, I found that it was due to the http cache system checking the host, port, method and url but not the request headers. 

This happens in the function lookup_cache:
    local key = stdnse.get_hostname(host)..":"..port..":"..path;
and
    if bypass_cache or record == nil or method ~= record.method then
So, two requests with different headers end up treated as similar. Shouldn't they be treated as different ? Is this a choice by design or a bug ?
(I am well aware of the ability of disabling cache lookup in the request options.) 

Cheers,
Hani.

--
Hani Benhabiles

Twitter: https://twitter.com/#!/kroosec
Blog: http://kroosec.blogspot.com

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: