Nmap Development mailing list archives
Re: ncat usage
From: David Fifield <david () bamsoftware com>
Date: Fri, 11 May 2012 08:10:19 -0700
On Fri, May 11, 2012 at 07:03:31AM -0400, James Rogers wrote:
OK, you can only use ncat to serve a single page at a time to one web browser, using ncat on the command line like you are. Which means you cannot embed any images from that same server in the page you are serving. Because every image is a separate connection. The reason for this is that every connection in to ncat would need it's own separate handles for each send and receive, but you just have two handles, so everything you send goes into the stream for the first client that connects and nothing is ever sent to the second simultaneous connection. This is why the image shows up in the middle of your first web page as text. If 5 clients connected simultaneously the first connection would get 5 pages randomly mixed together. There might be a way using nse scripting to make ncat work like a full featured web server, but at that point I would recommend just using a small web server like boa or lighthttp.
Also I should mention that anything you do in this case that does not involve --exec or --sh-exec is the wrong answer. What you are trying to do--handle multiple clients independently--is exactly what those options are for. Putting a while loop around a single invocation of Ncat reading from stdin is wrong for a number of reasons, including the one James just mentioned. If you need to support getting different URLs, then it's up to you to write a small program capable of parsing the URL from the HTTP stream and responding appropriately. Just sending back a block of HTTP responses without even looking at requests is not robust or correct. Instead of reinventing a minimal web server, why don't you use something like http://www.acme.com/software/mini_httpd/? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ncat usage, (continued)
- Re: ncat usage James Rogers (May 10)
- Re: ncat usage Dave Henderson (May 10)
- Re: ncat usage James Rogers (May 10)
- Re: ncat usage Dave Henderson (May 10)
- Re: ncat usage James Rogers (May 10)
- Re: ncat usage Dave Henderson (May 10)
- Re: ncat usage James Rogers (May 10)
- Re: ncat usage Dave Henderson (May 10)
- Re: ncat usage James Rogers (May 11)
- Re: ncat usage Dave Henderson (May 11)
- Re: ncat usage David Fifield (May 11)
- Re: ncat usage Dave Henderson (May 11)
- Re: ncat usage Dave Henderson (May 14)
- Re: ncat usage Dave Henderson (May 15)
- Re: ncat usage Dave Henderson (May 15)