Nmap Development mailing list archives
[PATCH] Added matching of body content to http-open-proxy for better detection
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 7 Mar 2009 02:56:49 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey all, attached is a patch to Arturo's excellent http-open-proxy.nse script to hopefully improve detection of open proxies that strip some headers. Currently the script sends a request to www.google.com through a suspected HTTP proxy and checks to see if it gets Google's signature "Server: gws" header back. Unfortunately we have several open Squid Proxies on campus that strip this header causing a false negative. The attached patch allows the script to match Google's "I'm Feeling Lucky" button if the "Server: gws" header isn't there. I know this is a English-specific addition but I wasn't sure what else could be matched on. I suppose we could look at the "Set-Cookie:" header for something that looks Googlish. I'd appreciate comments and ideas on how to better detect open HTTP proxies. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmx4ncACgkQqaGPzAsl94I3qgCgtlky2/ap1ojWIi+2GTtzmQxM eQAAoIUioaLr3xexrL3julNYtsEOM/w7 =ovxZ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Added matching of body content to http-open-proxy for better detection Brandon Enright (Mar 06)
- Re: [PATCH] Added matching of body content to http-open-proxy for better detection Brandon Enright (Mar 06)
- Re: [PATCH] Added matching of body content to http-open-proxy for better detection ithilgore (Mar 10)