Re: [NSE] Digest auth for http-default-accounts-fingerprints

[nnposter () users sourceforge net]

Paulino Calderon wrote:
> On 03/29/2013 07:20 PM, nnposter () users sourceforge net wrote:
> > The following patch adds HTTP digest authentication capability to
> > http-default-accounts-fingerprints.lua and also one real-life
> > fingerprint that benefits from it.

<snip>

> > ---
> > +-- Requests given path using digest authentication.
> > +-- @param host Host table
> > +-- @param port Port table
> > +-- @param path Path to request
> > +-- @param user Username for Digest Auth
> > +-- @param pass Password for Digest Auth
> > +-- @return True if login in was successful
> > +---
> > +local function try_http_digest_login(host, port, path, user, pass)
> > + local credentials = {username = user, password = pass, digest = true}
> > + local req = http.get(host, port, path, {no_cache=true, auth=credentials, redirect_ok = false})
> > + if req.status ~= 401 and req.status ~= 403 then
> > + return true
> > + end
> > + return false
> > +end
> > +

<snip>

> I've added this signature and support for digest auth in r30729.
>
> Thanks for contributing.


I have noticed that you ditched my try_http_digest_login() in favor of adding the digest functionality into 
try_http_basic_login(). I do believe that this is a better approach, as it reduces repetitive code, but I am not keen 
on keeping "basic" in the name.

If changes to these functions are not off-limits then I would like to propose to rename it to try_http_native_login() 
or try_http_proto_login(). The routine is local so it seems safe to do so.

Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/