Nmap Development mailing list archives
Re: --proxies oddities
From: David Fifield <david () bamsoftware com>
Date: Tue, 30 Apr 2013 12:36:15 -0700
On Tue, Apr 30, 2013 at 09:24:39PM +0200, Henri Doreau wrote:
2013/4/30 David Fifield <david () bamsoftware com>:http-title works, ssl-cert doesn't. [...] I can accept that maybe there is a technical reason why ssl-cert isn't working, because the socket it has isn't really an SSL socket. http-title on an HTTPS port doesn't seem to work either. ./nmap --proxies=socks4://localhost:9050 -n -Pn --script=http-title -p 443 secwiki.org -dYeah, I know about this one... and I'm not sure what to do. As you said, the current architecture of nsock doesn't make it easy at all to properly hook SSL connection requests, as it internally already mixes several operations. I think not supporting it for now is better than having super intrusive checks everywhere in the code. I don't think that we should accept this limitation forever though. First because it's annoying, second because it has no actual reason to be. I plan to rework nsock SSL code, I'll make a design proposal here when ready. Proper proxy support is one of the goals. What do we want meanwhile? I'm not sure, given the very early stage of the proxy support... I can make nsock_connect_ssl() return a NSE_STATUS_ERROR[1] if nsp->px_chain != NULL for instance. What do you think?
Let's just ignore it for now. David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- --proxies oddities David Fifield (Apr 29)
- Re: --proxies oddities Henri Doreau (Apr 29)
- Re: --proxies oddities Henri Doreau (Apr 30)
- Re: --proxies oddities Henri Doreau (Apr 30)
- Re: --proxies oddities David Fifield (Apr 30)
- Re: --proxies oddities Henri Doreau (Apr 30)
- Re: --proxies oddities David Fifield (Apr 30)
- Re: --proxies oddities David Fifield (Apr 30)
- Re: --proxies oddities Henri Doreau (Apr 29)