Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] Avoid caching http-form-fuzzer results?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 06 Jul 2012 16:47:58 -0500
List,
I was running a scan with http-form-fuzzer, and got to thinking about the http cache. Not long into the scan, I had hit the maximum cache size. Since http-form-fuzzer sends random strings, the chance that something else will need to get the cached response for those requests is very low. I propose something like this patch: 
index a43d0af..c5914cc 100644
--- a/scripts/http-form-fuzzer.nse
+++ b/scripts/http-form-fuzzer.nse
@@ -157,7 +157,7 @@ local function fuzz_form(form, minlen, maxlen, host, port, path) 
   if form["method"]=="post" then
sending_function = function(data) return http.post(host, port, form_submission_path, nil, nil, data) end 
   else
- sending_function = function(data) return http.get(host, port, form_submission_path..generate_get_string(data)) end + sending_function = function(data) return http.get(host, port, form_submission_path..generate_get_string(data), {no_cache=true}) end 
   end

   for _,field in ipairs(form["fields"]) do
Post requests don't need changing, since they are not (and should not be) cached anyway. I'm not sure if this is the best way to go about making this change, so I would welcome any input or other modifications. 

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: