Nmap Development mailing list archives
Re: [NSE] redirect support in http.lua
From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 11 Feb 2012 18:52:22 +0100
On Sat, Feb 11, 2012 at 4:13 PM, David Fifield <david () bamsoftware com>wrote:
On Sat, Feb 11, 2012 at 02:41:13PM +0100, Patrik Karlsson wrote:On Fri, Feb 10, 2012 at 12:16 AM, David Fifield <david () bamsoftware com wrote:On Thu, Feb 09, 2012 at 05:08:29PM +0100, Patrik Karlsson wrote:Hi all, I'm attaching a patch that I would like to apply to the httplibrary. Itadds support for HTTP redirects to the http.get and http.headfunctions.The default behavior will be to follow 5 levels of redirects beforebailingout. The no_follow_redirect can be passed as an option to disableredirectsupport.How about instead of no_follow_redirect, passing a redirect_ok function as an option. The default value of redirect_ok would be the built-in sensible default in http.lua. To turn off redirect following, you could pass a function that always returns false, but it should also accept this as a synonym: redirect_ok = false (Generally I hate turning off options by saying "no_option = true" rather than "option = false".) The limit of 5 redirects might be done better by making it part of the redirect_ok function. It can be a closure that has a variable in its environment that it decrements every time it is called. Then your loop can be just repeat .. until not redirect_ok instead of having to check two conditions.Ok, I committed the redirect code in r28047 with the changes yousuggested.http.get and http.head should now transparently handle redirects. Although I've done a bunch of tests, please keep an eye out and reportanybugs related to this change.Thanks, nice job. I got this error: $ ./nmap --script=http-favicon www.nmap.org -p80 -d Initiating NSE at 07:11 NSE: Got icon URL /shared/images/tiny-eyeicon.png. NSE: http-favicon against 74.207.254.18:80 threw an error! /home/david/nmap-git/nselib/http.lua:1264: attempt to index local 'port' (a number value) stack traceback: /home/david/nmap-git/nselib/http.lua:1264: in function 'rule' /home/david/nmap-git/nselib/http.lua:1293: in function 'redir_check' /home/david/nmap-git/nselib/http.lua:1382: in function 'get' /home/david/nmap-git/scripts/http-favicon.nse:84: in function </home/david/nmap-git/scripts/http-favicon.nse:45> (tail call): ? David Fifield
Thanks for finding this! Guess I didn't do that good of a job testing. I've just committed a fix as r28048. I sure looooove how the port passed to http.get and http.head can be either a table or number ..... -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] redirect support in http.lua Patrik Karlsson (Feb 09)
- Re: [NSE] redirect support in http.lua Michael Kohl (Feb 09)
- Re: [NSE] redirect support in http.lua Lauri Kokkonen (Feb 09)
- Re: [NSE] redirect support in http.lua David Fifield (Feb 09)
- Re: [NSE] redirect support in http.lua Patrik Karlsson (Feb 11)
- Re: [NSE] redirect support in http.lua David Fifield (Feb 11)
- Re: [NSE] redirect support in http.lua Patrik Karlsson (Feb 11)
- Re: [NSE] redirect support in http.lua Patrik Karlsson (Feb 11)