Nmap Development mailing list archives
Re: [NSE] Avoid caching http-form-fuzzer results?
From: Patrick Donnelly <batrick () batbytes com>
Date: Fri, 6 Jul 2012 18:48:00 -0400
On Fri, Jul 6, 2012 at 5:47 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
List, I was running a scan with http-form-fuzzer, and got to thinking about the http cache. Not long into the scan, I had hit the maximum cache size. Since http-form-fuzzer sends random strings, the chance that something else will need to get the cached response for those requests is very low. I propose something like this patch:index a43d0af..c5914cc 100644 --- a/scripts/http-form-fuzzer.nse +++ b/scripts/http-form-fuzzer.nse @@ -157,7 +157,7 @@ local function fuzz_form(form, minlen, maxlen, host, port, path) if form["method"]=="post" then sending_function = function(data) return http.post(host, port, form_submission_path, nil, nil, data) end else - sending_function = function(data) return http.get(host, port, form_submission_path..generate_get_string(data)) end + sending_function = function(data) return http.get(host, port, form_submission_path..generate_get_string(data), {no_cache=true}) end end for _,field in ipairs(form["fields"]) doPost requests don't need changing, since they are not (and should not be) cached anyway. I'm not sure if this is the best way to go about making this change, so I would welcome any input or other modifications.
This is a good change. Please apply it Daniel. -- - Patrick Donnelly _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Paulino Calderon (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Peter O (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Patrick Donnelly (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 06)
- Re: [NSE] Avoid caching http-form-fuzzer results? Patrick Donnelly (Jul 07)
- Re: [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 07)
- Re: [NSE] Avoid caching http-form-fuzzer results? Daniel Miller (Jul 06)