Nmap Development mailing list archives
Re: --proxies oddities
From: Henri Doreau <henri.doreau () gmail com>
Date: Tue, 30 Apr 2013 20:27:34 +0200
2013/4/30 David Fifield <david () bamsoftware com>:
I tried --proxies using a local Tor SOCKS proxy, and got unexpected results. Here are the scans with no proxy: $ ./nmap -n -Pn --script=http-title -p 80 nmap.org Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-04-29 23:27 PDT Nmap scan report for nmap.org (173.255.243.189) Host is up (0.025s latency). PORT STATE SERVICE 80/tcp open http |_http-title: Nmap - Free Security Scanner For Network Exploration & Securit... $ ./nmap -n -Pn --script=ssl-cert -p 993 imap.gmail.com Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-04-29 23:27 PDT Nmap scan report for imap.gmail.com (74.125.141.108) Host is up (0.034s latency). Other addresses for imap.gmail.com (not scanned): 74.125.141.109 PORT STATE SERVICE 993/tcp open imaps | ssl-cert: Subject: commonName=imap.gmail.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US | Issuer: commonName=Google Internet Authority/organizationName=Google Inc/countryName=US | Public Key type: rsa | Public Key bits: 1024 | Not valid before: 2013-04-15T07:44:00+00:00 | Not valid after: 2013-12-31T15:58:50+00:00 | MD5: a52a 01f4 9bb0 ac6f c519 ab60 d117 fe26 |_SHA-1: b0ba 392b ba32 6e6f eb1a dd4d 04fa 0fb8 6cd1 73fa Here are the results with a proxy: $ ./nmap --proxies=socks4://localhost:9050 -n -Pn --script=http-title -p 80 nmap.org Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-04-29 23:28 PDT NSOCK ERROR [0.0290s] nsp_set_proxychain(): Invalid call. Existing proxychain on this nsock_pool Nmap scan report for nmap.org (173.255.243.189) Host is up (0.019s latency). PORT STATE SERVICE 80/tcp open http $ ./nmap --proxies=socks4://localhost:9050 -n -Pn --script=ssl-cert -p 993 imap.gmail.com Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-04-29 23:29 PDT NSOCK ERROR [0.0340s] nsp_set_proxychain(): Invalid call. Existing proxychain on this nsock_pool Nmap scan report for imap.gmail.com (173.194.79.108) Host is up (0.038s latency). Other addresses for imap.gmail.com (not scanned): 173.194.79.109 PORT STATE SERVICE 993/tcp open imaps |_ssl-cert: ERROR: Script execution failed (use -d to debug) David Fifield Here are packet traces. $ ./nmap --proxies=socks4://localhost:9050 -n -Pn --script=http-title -p 80 nmap.org -d3 Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-04-29 23:29 PDT ... NSE: Using Lua 5.2. NSOCK ERROR [0.0220s] nsp_set_proxychain(): Invalid call. Existing proxychain on this nsock_pool ... NSE: Script scanning 173.255.243.189. NSE: Starting runlevel 1 (of 1) scan. NSE: Starting 'http-title' (thread: 0x1f4a330) against nmap.org (173.255.243.189:80). Initiating NSE at 23:29 NSOCK INFO [0.0220s] nsi_new2(): nsi_new (IOD #1) NSOCK INFO [0.0590s] nsock_connect_tcp(): TCP connection requested to 173.255.243.189:80 (IOD #1) EID 8 NSOCK INFO [0.0590s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [127.0.0.1:9050] NSOCK INFO [0.0590s] nsock_readbytes(): Read request for 8 bytes from IOD #1 [127.0.0.1:9050] EID 26 NSOCK INFO [0.0590s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 19 [127.0.0.1:9050] NSOCK INFO [0.7680s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 26 [127.0.0.1:9050] (8 bytes): .Z...... NSOCK INFO [0.7680s] forward_event(): Forwarding event upstream: TCP connect SUCCESS (IOD #1) EID 26 NSE: TCP 127.0.0.1:46610 > 127.0.0.1:9050 | CONNECT NSE: TCP 127.0.0.1:46610 > 127.0.0.1:9050 | 00000000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HTTP/1.1 00000010: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 Connection: clos 00000020: 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d e User-Agent: M 00000030: 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 63 6f 6d 70 ozilla/5.0 (comp 00000040: 61 74 69 62 6c 65 3b 20 4e 6d 61 70 20 53 63 72 atible; Nmap Scr 00000050: 69 70 74 69 6e 67 20 45 6e 67 69 6e 65 3b 20 68 ipting Engine; h 00000060: 74 74 70 3a 2f 2f 6e 6d 61 70 2e 6f 72 67 2f 62 ttp://nmap.org/b 00000070: 6f 6f 6b 2f 6e 73 65 2e 68 74 6d 6c 29 0d 0a 48 ook/nse.html) H 00000080: 6f 73 74 3a 20 6e 6d 61 70 2e 6f 72 67 0d 0a 0d ost: nmap.org 00000090: 0a NSOCK INFO [0.7680s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 35 [127.0.0.1:9050] NSE: TCP 127.0.0.1:46610 > 127.0.0.1:9050 | SEND NSOCK INFO [0.7680s] nsock_read(): Read request from IOD #1 [127.0.0.1:9050] (timeout: 8000ms) EID 42 NSOCK INFO [1.4680s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 42 [127.0.0.1:9050] (498 bytes) NSE: TCP 127.0.0.1:46610 < 127.0.0.1:9050 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Cannot process request!</TITLE> <LINK REV="made" HREF="mailto:webmaster"> </HEAD> <link REL="SHORTCUT ICON" HREF="/shared/images/tiny-eyeicon.png" TYPE="image/png"> <META NAME="ROBOTS" CONTENT="NOARCHIVE"> <link rel="stylesheet" href="/shared/css/insecdb.css" type="text/css"> <!--Google Analytics--> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-11009417-1']); _gaq. NSE: Finished 'http-title' (thread: 0x1f4a330) against nmap.org (173.255.243.189:80). NSE: TCP 127.0.0.1:46610 > 127.0.0.1:9050 | CLOSE NSOCK INFO [1.4680s] nsi_delete(): nsi_delete (IOD #1) Completed NSE at 23:29, 1.41s elapsed Nmap scan report for nmap.org (173.255.243.189) Host is up, received user-set (0.018s latency). Scanned at 2013-04-29 23:29:55 PDT for 1s PORT STATE SERVICE REASON 80/tcp open http syn-ack $ ./nmap --proxies=socks4://localhost:9050 -n -Pn --script=ssl-cert -p 993 imap.gmail.com -d3 Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-04-29 23:30 PDT ... NSE: Using Lua 5.2. NSOCK ERROR [0.0310s] nsp_set_proxychain(): Invalid call. Existing proxychain on this nsock_pool ... NSE: Script scanning 173.194.79.108. NSE: Starting runlevel 1 (of 1) scan. NSE: Starting 'ssl-cert' (thread: 0x206d320) against imap.gmail.com (173.194.79.108:993). Initiating NSE at 23:30 NSOCK INFO [0.0310s] nsi_new2(): nsi_new (IOD #1) NSOCK INFO [0.0790s] nsock_connect_ssl(): SSL connection requested to 173.194.79.108:993/tcp (IOD #1) EID 9 NSOCK INFO [0.0790s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 9 [127.0.0.1:9050] NSOCK INFO [0.0790s] nsock_readbytes(): Read request for 8 bytes from IOD #1 [127.0.0.1:9050] EID 26 NSOCK INFO [0.0790s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 19 [127.0.0.1:9050] NSOCK INFO [0.8190s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 26 [127.0.0.1:9050] (8 bytes): .Z...... NSOCK INFO [0.8190s] forward_event(): Forwarding event upstream: TCP connect SUCCESS (IOD #1) EID 26 NSE: TCP 127.0.0.1:46617 > 127.0.0.1:9050 | CONNECT NSE: 'ssl-cert' (thread: 0x206d320) against imap.gmail.com (173.194.79.108:993) threw an error! /home/david/nmap-git/nselib/sslcert.lua:280: calling 'get_ssl_certificate' on bad self stack traceback: [C]: in function 'get_ssl_certificate' /home/david/nmap-git/nselib/sslcert.lua:280: in function 'getCertificate' /home/david/nmap-git/scripts/ssl-cert.nse:236: in function </home/david/nmap-git/scripts/ssl-cert.nse:235> (...tail calls...) NSE: TCP 127.0.0.1:46617 > 127.0.0.1:9050 | CLOSE NSOCK INFO [0.8190s] nsi_delete(): nsi_delete (IOD #1) Completed NSE at 23:30, 0.74s elapsed Nmap scan report for imap.gmail.com (173.194.79.108) Host is up, received user-set (0.035s latency). Other addresses for imap.gmail.com (not scanned): 173.194.79.109 Scanned at 2013-04-29 23:30:58 PDT for 1s PORT STATE SERVICE REASON 993/tcp open imaps syn-ack
I think I fixed it. I introduced a regression in r30784, replacing a constant you initially set by a sizeof(), which could return different sizes on different architectures, given how the fields of the structure were declared. I reverted the faulty commit in r30819 and committed a nicer (I think) fix in r30820. Sorry for the regression, at least it looks good now. Do you confirm? Regards -- Henri _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- --proxies oddities David Fifield (Apr 29)
- Re: --proxies oddities Henri Doreau (Apr 29)
- Re: --proxies oddities Henri Doreau (Apr 30)
- Re: --proxies oddities Henri Doreau (Apr 30)
- Re: --proxies oddities David Fifield (Apr 30)
- Re: --proxies oddities Henri Doreau (Apr 30)
- Re: --proxies oddities David Fifield (Apr 30)
- Re: --proxies oddities David Fifield (Apr 30)
- Re: --proxies oddities Henri Doreau (Apr 29)