Nmap Development mailing list archives
Re: Ncat proposal: NCAT_TARGET environment variable
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Mon, 12 Aug 2013 12:50:27 +0200
2013/8/11 David Fifield <david () bamsoftware com>:
On Wed, Aug 07, 2013 at 08:36:06PM +0200, Jacek Wielemborek wrote:While writing the ws.py demo for d33tah/ncat-env-ncatins branch, I noticed I could use an environment variable that instead of holding the IP address of the remote host would hold the hostname from the command line. That would allow scripts that communicate with HTTP to form a valid "Host: " header. What do you think about such an addition? Would anybody else find any use for it?My initial reaction to this is to say "no," because what I think what you are trying to achieve can be better done through a different abstraction. I would rather see something like this: websocket_abstraction = { connect = function(sock, host, port, secure) sock:connect(host, port) ... sock:write("Host: " .. host .. "\r\n") end, write = function(...) ... end, ... } That is, a WebSocket (or other application layer) implementation should not try to "take over the world" of Ncat's execution. Rather, it should be a layer of Lua code called by existing Ncat C code. In particular, I think that WebSocket is badly suited for an exec-like implementation, and that it is a mistake to add features only to try to coax exec into supporting WebSocket. David Fifield
I just read your account on Websocket in Ncat on Secwiki, sorry I didn't do it earlier. You raised some interesting points, I'd love to discuss them further tomorrow; I have to admit that it somewhat changes my perspective. As for this particular issue, even if we skip Websocket as the reason to introduce this feature, there's a whole family of HTTP scripts (and perhaps other Internet scripts as well) that could use a clean DNS name instead of IP. I still believe that NCAT_TARGET would be useful then. _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncat proposal: NCAT_TARGET environment variable Jacek Wielemborek (Aug 07)
- Re: Ncat proposal: NCAT_TARGET environment variable David Fifield (Aug 10)
- Re: Ncat proposal: NCAT_TARGET environment variable Jacek Wielemborek (Aug 12)
- Re: Ncat proposal: NCAT_TARGET environment variable David Fifield (Aug 10)