Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http-useragent-tester.nse

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 27 Jul 2013 22:05:54 -0500
George,

Perhaps the script could be generalized to show the differences in headers
(minus the Date header) that are returned given the different user agent
strings? This would cover the Location header, as it currently does, but
also could cover different HTTP status codes, content length, or other
quirks of the server/application.

Dan


On Sat, Jul 27, 2013 at 1:35 PM, George Chatzisofroniou
<sophron () latthi com>wrote:


Hi Paulino,

On Fri, Jul 26, 2013 at 12:26:07PM -0500, Paulino Calderon wrote:

Have you considered including the capability of discovering new
hosts with this script?


That's a good addition. The script now checks if the returned location
lies outside the target host. If it is, the target library adds the new
discovered target to Nmap scan queue.


I've encountered web servers that redirect
you to different hosts depending on the UserAgent.


I was thinking about cases in which this could happen. I came up with two:

- Hosts that detect headers from crawling libraries/ultities and ban
  these clients. That's what the current script is checking.

- Hosts that hold a mobile version of the site and redirect the clients
  to this version. I'll post a script that checks this soon.

If anyone knows more cases, please let me know. Maybe we will come up with
new
script ideas.

--
George Chatzisofroniou
sophron.latthi.com
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: