Nmap Development mailing list archives
Re: [NSE] http-devframework.nse
From: nnposter () users sourceforge net
Date: Mon, 26 Aug 2013 20:48:36 +0000
Out of curiosity, why do you use response.rawheader so broadly, instead of leveraging the parsing that already took place when the response object was composed? I have rewritten a small piece of the code to illustrate what I am talking about: Original: -- Check for Mongrel or Passenger in the "Server" or "X-Powered-By" header for _, h in ipairs(response.rawheader) do if (string.find(h, "X%-Powered%-By") or string.find(h, "Server")) and (string.find(h, "[Mm][Oo][Nn][Gg][Rr][Ee][Ll]") or string.find(h, "[Pp][Aa][Ss][Ee][Nn][Gg][Ee][Rr]")) then return "RoR detected. Found 'Passenger' or 'Mongrel' in the cookies sent by the server." end end Alternative: -- Check for Mongrel or Passenger in the "Server" or "X-Powered-By" header for h, v in ipairs(response.header) do if h == "x-powered-by" or h == "server" then local vl = v:lower() local m = vl:match("mongrel") or vl:match("passenger") if m then return "RoR detected. Found '" .. m .. "' in " .. h .. " header sent by the server." end end end This way you might get several benefits: * Normalized matching, such as "Server" vs. "server" * More precise matching, such as the Server header vs. "/Foo/Server/Bar" in the Referer header * More understandable intent of the fingerprint logic * More readable code Fingerprint suggestions: * Cookies, such as CFID* and CFTOKEN* for Cold Fusion, ASPNETSESSIONID for ASP.NET, BV_* for Broadvision, WC_* for WebSphere Commerce. * Parameters, such as __VIEWSTATE and __EVENT* for ASP.NET. * JavaScript calls, such as __doPostBack for ASP.NET * DOM elements, such as IDs "aspnetForm" or ctl00_* for ASP.NET Suggested changes: * Misspelling of "Pasenger"(sic) in the string search. * Returning "Found ... in cookies" while the fingerprint searches server headers. Some other thoughts: * Would the concept of basepath make sense here? Cheers, nnposter _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-devframework.nse George Chatzisofroniou (Aug 26)
- Re: [NSE] http-devframework.nse nnposter (Aug 26)
- Re: [NSE] http-devframework.nse George Chatzisofroniou (Aug 27)
- Re: [NSE] http-devframework.nse George Chatzisofroniou (Sep 05)
- Re: [NSE] http-devframework.nse George Chatzisofroniou (Aug 27)
- Re: [NSE] http-devframework.nse nnposter (Aug 26)