Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http redirect problems

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 28 Feb 2013 19:11:21 -0500
On Thu, Feb 28, 2013 at 12:38 PM, Robin Wood <robin () digininja org> wrote:


I'm trying to get the redirect_ok closure working with http.get but having
problems so looking for some help.

This is the code:

    result = http.get(host, port, path, { redirect_ok = function(host,port)
            stdnse.print_debug(1, "********** REDIRECT ************")
            local c = 5
            return function(url)
                stdnse.print_debug(1, "********** " .. url.port .. "
************")
                stdnse.print_debug(1, "********** " .. url.host .. "
************")
                if ( c==0 ) then return false end
                    c = c - 1
                    return true
                end
        end
        }
    )

If I start the process with just twitter.com then it redirects to
https://twitter.com. The redirect code kicks in but then I get bounced
from
http to https and back again till the counter hits 0 and the script returns
false. This is the output

NSE: ********** REDIRECT ************
NSE: ********** 443 ************
NSE: ********** twitter.com ************
NSE: ********** 80 ************
NSE: ********** twitter.com ************
NSE: ********** 443 ************
NSE: ********** twitter.com ************
NSE: ********** 80 ************
NSE: ********** twitter.com ************
NSE: ********** 443 ************
NSE: ********** twitter.com ************
NSE: ********** 80 ************
NSE: ********** twitter.com ************
NSE: ********** AFTER GET ************

I checked by hand and if I curl http://twitter.com then it shows the 301
redirect but if I then get https://twitter.com it returns a page, not
another redirect.

Have I done something wrong here?

Robin
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



Robin,

I tracked the issue down to the host header of the request.
What happens is that nmap adds the port number to the host header when
redirected to SSL, while wget and curl both don't.
This seems to confuse the host your testing against (twitter.com) which
then goes into a loop.
A cursory glance at the HTTP/1.1 RFC suggest adding the port in the host
header is correct.
So I'm not sure what to do with this.

Cheers,
Patrik

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: