Nmap Development mailing list archives
Re: http-methods & http-trace NSE Script Enhancement Ideas
From: David Fifield <david () bamsoftware com>
Date: Fri, 25 May 2012 10:39:03 -0700
On Fri, May 25, 2012 at 06:27:00PM +0200, Patrik Karlsson wrote:
I see two options; 1. The script is adapted not to use the generic_request method anymore but rather use the method specific function such as get, put, head that already have redirect support. A mapping would have to be made in the script to know what function to use for what method and the missing method specific functions would need to be created (more or less copied from existing ones, eventually leaving out cache support). 2. The script continues to use generic_request and implements the redirect function either locally or by removing the local keyword infront of those functions in the http library so that their visible to the script. Personally, I think I would go with alternative 1.
Also, it's not clear to me that it's a bug that OPTIONS doesn't follow redirects. Is it true that servers never include Allow or Public in a redirect response? Apache seems to work this way but that's only from me doing a couple of random tests. Maybe this is the type of query that people want to apply only to a particular URL. Maybe a "Did not follow redirect to..." message is enough. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RE: http-methods & http-trace NSE Script Enhancement Ideas, (continued)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 25)
- Re: http-methods & http-trace NSE Script Enhancement Ideas Patrik Karlsson (May 25)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 27)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 30)
- Re: http-methods & http-trace NSE Script Enhancement Ideas David Fifield (May 30)
- RE: http-methods & http-trace NSE Script Enhancement Ideas King Thorin (May 31)
- RE: NSE: http-phpself-xss - Finds PHP files with reflected cross site scripting vulns due to unsafe use of the variable $_SERVER[PHP_SELF] King Thorin (Jun 01)
- RE: NSE: http-phpself-xss - Finds PHP files with reflected cross site scripting vulns due to unsafe use of the variable $_SERVER[PHP_SELF] King Thorin (Jun 01)
- Re: NSE: http-phpself-xss - Finds PHP files with reflected cross site scripting vulns due to unsafe use of the variable $_SERVER[PHP_SELF] Paulino Calderon (Jun 05)
- Re: NSE: http-phpself-xss - Finds PHP files with reflected cross site scripting vulns due to unsafe use of the variable $_SERVER[PHP_SELF] Martin Holst Swende (Jun 01)
- Re: http-methods & http-trace NSE Script Enhancement Ideas David Fifield (May 25)