Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: heartbleed script only seems to work on known SSL ports in 6.46 for windows

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 22 Apr 2014 17:33:54 -0400
Kent,

I think I understand what is going on and this is a bigger issue than just
this one script.
Not sure how to tackle this case where the port is both plain http and
https.
I think that ideally the port would be tagged as both http and https in
some way.
Does anyone else on the list have any ideas or suggestions?

-Patrik


On Tue, Apr 22, 2014 at 4:46 PM, Kent Fritz <kfritz () wolfman devio us> wrote:


On Tue, Apr 22, 2014 at 04:20:30PM -0400, Patrik Karlsson wrote:

Kent,

Out of curiosity, does the server respond with plain HTTP on that port as
well telling you that you need to connect using HTTPS?

-Patrik




Yes.  I only  have access to Nginx here, but Apache responds similarly:

$ curl -i http://puffy1:4444
HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 22 Apr 2014 20:43:08 GMT
Content-Type: text/html
Content-Length: 264
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS
port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>





-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: