Nmap Development mailing list archives
Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line
From: Joao Correa <joao () livewire com br>
Date: Mon, 29 Jun 2009 16:27:00 -0300
Hi Jah, I've tested the patch and it works well here. I'm currently working on a new version of the script, where your patch will also be useful. You should commit it to nmap-exp/dev. Thanks a lot for the patch. João Correa On Sun, Jun 28, 2009 at 9:53 PM, jah<jah () zadkiel plus com> wrote:
Evening All, Attached is a patch for http-open-proxy which prevents some false positives when testing the http status-line in a response. (This usually happens when testing a target with the CONNECT method, but also if the user supplies --script-args openproxy.url, but not openproxy.pattern) The current patterns used to match the http status-line are not restricted to matching a valid http status-line. An example is the pattern "^http.*200.*" which matched the following in a response: http/1.1 501 not supported server: microsoft-iis/5.1 date: sun, 28 jun 200 and resulted in: 8080/tcp open http Microsoft IIS webserver 5.1 | http-open-proxy: Potentially OPEN proxy. |_ Methods succesfully tested: CONNECT The patch also tidies-up a few stray variables and typo's. Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] http-open-proxy - improvement to pattern for matching response status-line jah (Jun 28)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line jah (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line jah (Jun 29)
- Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line Joao Correa (Jun 29)