Nmap Development mailing list archives
Re: [NSE] IP-HTTPS Discover (Resubmission)
From: Niklaus Schiess <nschiess () adversec com>
Date: Tue, 3 Nov 2015 12:07:10 +0100
Hi Daniel, thanks for your reply. I think trying to get the reverse DNS name is a good idea. I implemented that step, and if it returns an IP, it should take the CN from the certificate. You are right, adding the HTTPAPI header is a good idea. Since I wrote this script I haven't seen any other header serving IP-HTTPS (and I don't think this will change in the future). I've push an updated version to GitHub [0]. Regards, Niklaus [0] https://github.com/ernw/nmap-scripts/blob/master/ip-https-discover.nse On 03.11.2015 05:30, Daniel Miller wrote:
Niklaus, Sorry for the delay in getting to this. The script looks mostly good, but I have a couple of questions: 1. I like the idea of getting the target name from the SSL cert, but would it also be valid (as a last resort) to use the reverse-DNS name if available? This is what stdnse.get_hostname does (though it also goes on and uses the IP address if all else fails). 2. Is there more to the response than "HTTP/1.1 200"? Some (especially embedded) web servers return 200 for every request, so anything that makes this more unique to match would be good. The MSDN reference you listed shows an example response: HTTP/1.1 200 OK \r\n Server: Microsoft-HTTPAPI/2.0 \r\n Date: Sun, 10 Aug 2008 03:51:52 GMT \r\n \r\n Is this always going to have Server: Microsoft-HTTPAPI in it? Since that's not one of the servers (to my knowledge) that returns 200 for everything, I think that would be a good check. Dan On Tue, Aug 25, 2015 at 8:33 AM, Niklaus Schiess <nschiess () adversec com> wrote:Hi, this script checks if the IP over HTTPS Tunneling Protocol (IP-HTTPS)[1], developed by Microsoft, is supported. It is very similar to my sstp-discover script due to various similaritiers of both protocols. I've developed it on a Windows Server 2012 R2 DirectAccess deployment, so testing is highly appreciated (especially on Windows Server 2008 deployments). Regards, Niklaus [1] http://msdn.microsoft.com/en-us/library/dd358571.aspx -- PGP FP: CB84 8C68 ADDB 6C50 7DF1 4227 F2A6 056A A799 76DA _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- PGP FP: CB84 8C68 ADDB 6C50 7DF1 4227 F2A6 056A A799 76DA _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] IP-HTTPS Discover (Resubmission) Daniel Miller (Nov 02)
- Re: [NSE] IP-HTTPS Discover (Resubmission) Niklaus Schiess (Nov 03)