Nmap Development mailing list archives
[Version Detection] SSL only ports - softmatch
From: Tom Sellers <nmap () fadedcode net>
Date: Fri, 01 Mar 2013 17:49:28 -0600
All, Lines 6605 and 6606 of the nmap-service-probes file match when a HTTP server generates a response that indicates that a client should connect using SSL such as the following: ************************************************************************************** <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> Reason: You're speaking plain HTTP to an SSL-enabled server port.<br /> Instead use the HTTPS scheme to access this URL, please.<br /> <blockquote>Hint: <a href="https://xxx.xxx.xxx.xxx:8443/"><b>https://xxx.xxx.xxx.xx:8443/</b></a></blockquote></p> </body></html> ************************************************************************************** In the case above the device is not directing the client to connect via SSL on a different port, but to the same port using SSL. Unfortunately this stops further version detection via SSL that might actually fingerprint the service. I have a case like this in my lab now where converting 6605 and 6606 to a softmatch will permit correct identification of the service. I would like to change both 6605 and 6606 to softmatches. I don't forsee any negative impacts but I wanted to see if anyone had any thoughts on this. If approved I will submit the change in a commit that adds an fingerprint for a device where some versions respond similar to the above. Thanks much, Tom _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Version Detection] SSL only ports - softmatch Tom Sellers (Mar 01)
- Re: [Version Detection] SSL only ports - softmatch David Fifield (Mar 01)