Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Empty server header in http-server-header.nse

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 15 Jan 2015 10:02:18 -0600
nnposter,

Thanks for the report! I applied your patch in r33910, and followed it with
an implementation of your suggestion to show "<empty>" when the header is
empty (r33911).

Dan

On Thu, Jan 1, 2015 at 2:08 PM, <nnposter () users sourceforge net> wrote:


Script http-server-header.nse is not handling well situations where
the Server header is returned but empty. Specifically, pattern...

    "\n[Ss][Ee][Rr][Vv][Ee][Rr]:%s*(.-)\r?\n"

...used for parsing the header assumes that class %s does not include
CR or LF. When the server header is returned empty then %s* will slurp
the CR/LF sequence and the subsequent capture group will get populated
with the next full header (as opposed to an empty string).

The patch below replaces the problematic class with LWS as defined in
RFC 822. This will cause the script to return the empty string.

One issue to note though is that the visual effect is an empty line in
the formatted output:

    443/tcp open  ssl/https syn-ack ttl 128
    | http-server-header:
    |   Server:
    |_

It could be argued that we should decouple the formatted output from
the structured result data and replace it with something more readable
like "(not listed)" or "(empty)":

    443/tcp open  ssl/https syn-ack ttl 128
    | http-server-header:
    |   Server:
    |_    (empty)



Cheers,
nnposter


Patch against r33886 follows:

--- a/scripts/http-server-header.nse
+++ b/scripts/http-server-header.nse
@@ -101,7 +101,7 @@
     if string.match(result, "^HTTP/1.[01] %d%d%d") then
       port.version.service = "http"

-      local http_server = string.match(result,
"\n[Ss][Ee][Rr][Vv][Ee][Rr]:%s*(.-)\r?\n")
+      local http_server = string.match(result,
"\n[Ss][Ee][Rr][Vv][Ee][Rr]:[ \t]*(.-)\r?\n")

       -- Avoid setting version info if -sV scan already got a match
       if port.version.product == nil and (port.version.name_confidence or
0) <= 3 then
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: