Nmap Development mailing list archives
Re: ncat as http proxy server, question mark.
From: David Fifield <david () bamsoftware com>
Date: Fri, 23 Jan 2009 11:02:45 -0700
On Tue, Oct 28, 2008 at 02:00:51AM +0000, jah wrote:
I attempted to use ncat (latest svn) as an http proxy on both linux and windows without success: # ncat -l -vvv --proxy-type http localhost 8080 Listening on 127.0.0.1:8080 Set firefox on that machine to connect via 127.0.0.1:8080 and saw zero traffic as a result of any http requests. # ncat -l -vvv --proxy-type http 192.168.1.16 8080 Listening on 192.168.1.16:8080 and directed firefox on another machine to connect via 192.168.1.16:8080. For any http request I see a HTTP 400 Bad Request response of 1024 bytes - 996 of them are null chars.
I noticed this too. Ncat was sending an entire buffer, not just the string it had placed at the beginning. It was pretty obvious that it was wrong so I fixed it in r11830. I can't get Ncat to work as a web proxy with Firefox either, because of the GET/CONNECT method discrepancy Michael noted in http://seclists.org/nmap-dev/2008/q4/0324.html. But apart from that, I don't think Ncat's CONNECT method works quite right. CONNECT is documented at http://tools.ietf.org/html/draft-luotonen-ssl-tunneling-03. A request is supposed to look like this: CONNECT nmap.org:80 HTTP/1.0\r\n \r\n GET / HTTP/1.1\r\n Host: nmap.org\r\n \r\n Before the first blank line is just a normal HTTP request, so you could insert extra header fields like User-Agent, etc. But Ncat comes back with "HTTP/1.0 200 OK" after the first \r\n. That means that any other header fields as well as the second \r\n get sent to the destination web server. Apache seems to tolerate the extra whitespace before the request, but for example lighttpd returns "UNKNOWN 400 Bad Request". David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: ncat as http proxy server, question mark. David Fifield (Jan 23)