Nmap Development mailing list archives
RE: http-methods & http-trace NSE Script Enhancement Ideas
From: King Thorin <kingthorin () hotmail com>
Date: Fri, 25 May 2012 09:29:07 -0400
Date: Thu, 24 May 2012 13:45:30 -0700 From: david () bamsoftware com To: kingthorin () hotmail com CC: nmap-dev () insecure org Subject: Re: http-methods & http-trace NSE Script Enhancement Ideas On Wed, May 23, 2012 at 08:17:03AM -0400, King Thorin wrote:I was just looking through some online docs and some nmap results. I've never seen a server that includes public or allow header(s) on a redirect response [maybe my experience is limited?]. It seems to me that the http-methods NSE should follow redirects (HTTP 301, 302, 303) in order to perform the necessary OPTIONS request on a page/resource that's providing a HTTP 200.Ideally the redirect handling would work the same as the built-in handling of the http.get and http.head methods. See this earlier discussion: http://seclists.org/nmap-dev/2012/q1/338 David Fifield
Hi David, I definitely agree with this idea. Someone else mentioned it yesterday. Unfortunately: 1) I'm not a developer. Though I understand code at a beginner or "maybe" intermediate level and can write some kludgey bits I don't write code on a daily basis. Looking at http://nmap.org/nsedoc/lib/http.html yesterday did not clarify redirect_ok or MAX_REDIRECT_COUNT for me at all. 2) The existing redirect functionality (based on the thread you linked) only seems to cover get and head not http.generic_request. 3) I've done some intext and site:nmap.org googling looking for existing NSEs that leverage the existing functionality but they seem pretty rare and are only get/head based. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 23)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Paulino Calderon (May 23)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Toni Ruottu (May 23)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 23)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Patrik Karlsson (May 23)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 23)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Toni Ruottu (May 23)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Paulino Calderon (May 23)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 25)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Patrik Karlsson (May 25)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 25)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Patrik Karlsson (May 25)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 27)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 30)
- Re: http-methods & http-trace NSE Script Enhancement Ideas David Fifield (May 30)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 31)
- RE: NSE: http-phpself-xss - Finds PHP files with reflected cross site scripting vulns due to unsafe use of the variable $_SERVER[PHP_SELF] King Thorin (Jun 01)
- RE: NSE: http-phpself-xss - Finds PHP files with reflected cross site scripting vulns due to unsafe use of the variable $_SERVER[PHP_SELF] King Thorin (Jun 01)
- Re: NSE: http-phpself-xss - Finds PHP files with reflected cross site scripting vulns due to unsafe use of the variable $_SERVER[PHP_SELF] Paulino Calderon (Jun 05)