Nmap Development mailing list archives
Re: [NSE] Digest auth for http-default-accounts-fingerprints
From: nnposter () users sourceforge net
Date: Fri, 12 Apr 2013 20:06:24 -0600
Paulino Calderon wrote:
On 03/29/2013 07:20 PM, nnposter () users sourceforge net wrote:The following patch adds HTTP digest authentication capability to http-default-accounts-fingerprints.lua and also one real-life fingerprint that benefits from it.
<snip>
--- +-- Requests given path using digest authentication. +-- @param host Host table +-- @param port Port table +-- @param path Path to request +-- @param user Username for Digest Auth +-- @param pass Password for Digest Auth +-- @return True if login in was successful +--- +local function try_http_digest_login(host, port, path, user, pass) + local credentials = {username = user, password = pass, digest = true} + local req = http.get(host, port, path, {no_cache=true, auth=credentials, redirect_ok = false}) + if req.status ~= 401 and req.status ~= 403 then + return true + end + return false +end +
<snip>
I've added this signature and support for digest auth in r30729. Thanks for contributing.
I have noticed that you ditched my try_http_digest_login() in favor of adding the digest functionality into try_http_basic_login(). I do believe that this is a better approach, as it reduces repetitive code, but I am not keen on keeping "basic" in the name. If changes to these functions are not off-limits then I would like to propose to rename it to try_http_native_login() or try_http_proto_login(). The routine is local so it seems safe to do so. Cheers, nnposter _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Digest auth for http-default-accounts-fingerprints Paulino Calderon (Apr 08)
- Re: [NSE] Digest auth for http-default-accounts-fingerprints nnposter (Apr 12)