Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problems writing a nmap-service-probe for jdwp (Java debug wire protocol)

From: David Fifield <david () bamsoftware com>
Date: Tue, 16 Mar 2010 22:32:44 -0600
On Tue, Mar 16, 2010 at 10:22:56PM +0100, Michael Schierl wrote:

[Please Cc: me as I am not subscribed to the list. Thanks.]


Would you be willing to convert this probe/match to a version script?


Script is attached, and worked well in my tests.

Regards,

Michael



description = [[
Detects the Java Debug Wire Protocol. This protocol is used by Java programs
to be debugged via the network. It should not be open to the public internet,
as it does not provide any security against malicious attackers who can inject
their own bytecode into the debugged process.
]]


This is nice! I don't think there will be a problem including it. Can
you post a sample of its output? I think a comment explaining why you're
looking for "tcpwrapped" in the portrule would be good. Also, if there
is a link to online protocol documentation, please include it in the
script documentation.

Can you elaborate more on this comment? Is it because the first 14 bytes
of the response echo the request?


        -- make sure we get at least one more packet after the JDWP-Handshake response even if there is some delay;
        -- the handshake resonse has 14 bytes, so wait for 18 bytes here.


David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: