Nmap Development mailing list archives
[NSE] http-form-fuzzer doesn't handle status code 414
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 7 Jul 2012 17:06:06 -0500
List, While testing http-form-fuzzer, I noticed this response come back from my server:
HTTP/1.1 414 Request-URI Too Large Date: Sat, 07 Jul 2012 22:02:26 GMT Server: Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.17 with Suhosin-Patch mod_antiloris/0.4 Vary: Accept-Encoding Content-Length: 394 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>414 Request-URI Too Large</title> </head><body> <h1>Request-URI Too Large</h1> <p>The requested URL's length exceeds the capacity limit for this server.<br /> </p> <hr> <address>Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.17 with Suhosin-Patch mod_antiloris/0.4 Server at hostname Port 80</address> </body></html>
I think that http-form-fuzzer should probably check for 414 status code (Request-URI Too Large) and adjust down accordingly, since it seems obvious the server is handling large GET requests by rejecting them. Perhaps other status codes should be examined for similar situations? Just some thoughts without clear direction on how to modify the code. Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-form-fuzzer doesn't handle status code 414 Daniel Miller (Jul 07)