Re: ncat usage

[David Fifield <david () bamsoftware com>]

On Fri, May 11, 2012 at 07:03:31AM -0400, James Rogers wrote:
> OK, you can only use ncat to serve a single page at a time to one web
> browser, using ncat on the command line like you are. Which means you
> cannot embed any images from that same server in the page you are
> serving.  Because every image is a separate connection.
>
> The reason for this is that every connection in to ncat would need
> it's own separate handles for each send and receive, but you just have
> two handles, so everything you send goes into the stream for the first
> client that connects and nothing is ever sent to the second
> simultaneous connection.
>
> This is why the image shows up in the middle of your first web page as
> text.  If 5 clients connected simultaneously the first connection
> would get 5 pages randomly mixed together.
>
> There might be a way using nse scripting to make ncat work like a full
> featured web server, but at that point I would recommend just using a
> small web server like boa or lighthttp.

Also I should mention that anything you do in this case that does not
involve --exec or --sh-exec is the wrong answer. What you are trying to
do--handle multiple clients independently--is exactly what those options
are for. Putting a while loop around a single invocation of Ncat reading
from stdin is wrong for a number of reasons, including the one James
just mentioned.

If you need to support getting different URLs, then it's up to you to
write a small program capable of parsing the URL from the HTTP stream
and responding appropriately. Just sending back a block of HTTP
responses without even looking at requests is not robust or correct.
Instead of reinventing a minimal web server, why don't you use something
like http://www.acme.com/software/mini_httpd/?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/