Nmap Development mailing list archives
Re: [PATCH] Added matching of body content to http-open-proxy for better detection
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Wed, 11 Mar 2009 03:45:54 +0200
Brandon Enright wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey all, attached is a patch to Arturo's excellent http-open-proxy.nse script to hopefully improve detection of open proxies that strip some headers. Currently the script sends a request to www.google.com through a suspected HTTP proxy and checks to see if it gets Google's signature "Server: gws" header back. Unfortunately we have several open Squid Proxies on campus that strip this header causing a false negative. The attached patch allows the script to match Google's "I'm Feeling Lucky" button if the "Server: gws" header isn't there. I know this is a English-specific addition but I wasn't sure what else could be matched on. I suppose we could look at the "Set-Cookie:" header for something that looks Googlish. I'd appreciate comments and ideas on how to better detect open HTTP proxies. Brandon
As far as Google is concerned, the "I am Feeling Lucky" button is indeed a bit 'nation-unportable'. For example, whenever I hit www.google.com in my browser, I get immediately transferred to www.google.gr which has the corresponding translation of the "I am Feeling Lucky" button. What I have noticed is that the http links inside the body of the page, are stable as far as the part before the domain suffix is concerned. We have images.google.com for english, and images.google.de for german, for example. In this case images.google is always the same. It also happens with the rest of the links: maps.google, news.google etc. -- ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] Added matching of body content to http-open-proxy for better detection Brandon Enright (Mar 06)
- Re: [PATCH] Added matching of body content to http-open-proxy for better detection Brandon Enright (Mar 06)
- Re: [PATCH] Added matching of body content to http-open-proxy for better detection ithilgore (Mar 10)