Re: [nmap-svn] r32114 - nmap-exp/d33tah/ncat-lua-callbacks/ncat/test

[David Fifield <david () bamsoftware com>]

On Fri, Aug 30, 2013 at 07:04:15PM +0200, Jacek Wielemborek wrote:
> I believe that depends on the use case. Since you can handle both
> encoding and decoding side of such proxy, it'd be easy to for example
> encrypt whole proxy session or obfuscate it in any way for example to
> do some IDS evasion. Perhaps it'd be better to leave the behavior
> there, just optional?

Perhaps we can make it optional in the future. We will then need to
design an interface that allows you to say, "I want this script to apply
to payload traffic only" or "I want this script to apply to proxy
negotiation only" or "I want this script to apply to both" if that makes
any sense.

Since I'm sure the overwhelming use case will be to transform payload
traffic passing through a proxy, not the proxy negotiation itself, I
suggest that we make that the only supported configuration. Remember:
Having lots of features is nice, but you never stop paying for a bad
design. It's better to start with a good design for something simple,
and add complexity later.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/