Re: http-methods & http-trace NSE Script Enhancement Ideas

[David Fifield <david () bamsoftware com>]

On Fri, May 25, 2012 at 06:27:00PM +0200, Patrik Karlsson wrote:
> I see two options;
> 1. The script is adapted not to use the generic_request method anymore but
> rather use the method specific function such as get, put, head that already
> have redirect support. A mapping would have to be made in the script to
> know what function to use for what method and the missing method specific
> functions would need to be created (more or less copied from existing ones,
> eventually leaving out cache support).
> 2. The script continues to use generic_request and implements the redirect
> function either locally or by removing the local keyword infront of those
> functions in the http library so that their visible to the script.
>
> Personally, I think I would go with alternative 1.

Also, it's not clear to me that it's a bug that OPTIONS doesn't follow
redirects. Is it true that servers never include Allow or Public in a
redirect response? Apache seems to work this way but that's only from me
doing a couple of random tests. Maybe this is the type of query that
people want to apply only to a particular URL.

Maybe a "Did not follow redirect to..." message is enough.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/