Nmap Development mailing list archives
Re: Enhanced Version of HTTPtrace.nse
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 13 Dec 2007 17:43:55 -0600
Rob Nicholls wrote:
Evening, Up until now, I'd assumed that the HTTPtrace script was used to detect (and I don't mean relying on what OPTIONS * says) servers that supported TRACE requests (which is bad practice). But I was tesing the script today against a server that I knew had it enabled, and it didn't say anything. So I've added support to Kris' script to try and return fairly accurately information about whether TRACE is or isn't enabled (or inconclusive IMHO), based on the behaviour that I remember seeing on servers in the past. I think the logic is correct (see comments in the code for why I'm doing what I'm doing, any further suggestions would be appreciated), but I haven't been able to test all the scenarios yet as I only started working on it earlier today.
Hi Rob! Printing that it is enabled but nothing changed is something that I would consider if -v or -d is set (nmap.verbosity or nmap.debugging) since that is something that can be useful at times. However, printing that it's not enabled is too much output IMO, and I'm pretty sure Fyodor will agree. I hate that you wrote all that up with great comments only for me to say this, but I just don't think there's a good reason to say that it's not enabled. But I've been wrong plenty of times before! Comments? :) Thanks, Kris Katterjohn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 13)
- Re: Enhanced Version of HTTPtrace.nse Kris Katterjohn (Dec 13)
- Re: Enhanced Version of HTTPtrace.nse jah (Dec 13)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 13)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 13)
- Re: Enhanced Version of HTTPtrace.nse Thomas Buchanan (Dec 13)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 14)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 14)
- Re: Enhanced Version of HTTPtrace.nse Fyodor (Dec 15)
- RE: Enhanced Version of HTTPtrace.nse Rob Nicholls (Dec 14)
- Re: Enhanced Version of HTTPtrace.nse Kris Katterjohn (Dec 13)