Nmap Development mailing list archives
Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 21 Sep 2015 14:07:56 -0500
jah, Thanks for continuing to follow up on this. I like this new approach much better. I applied something similar in r35272, but created the temporary port table all at once. Still credited you in the changelog. Much appreciated! Dan On Fri, Sep 18, 2015 at 9:58 AM, jah <jah () zadkiel plus com> wrote:
On 18/09/15 05:19, Daniel Miller wrote:jah, Thanks for the report. Very thorough! I added port.state = "open" toget_url in r35251. I think this is enough to fix the issue. We can do an audit later to determine if any other scripts or functions pass a constructed port table without a state to comm.tryssl or shortport.ssl.DanDan, I wasn't thorough enough! It turns out that port.protocol is also necessary for shortport.ssl to perform its tests. Specifically, it needs either {number, protocol and state} or {service, protocol and state}. When comm.bestoption is supplied with a numeric port argument, it will construct a port table for shortport.ssl on which it sets some default values: protocol="tcp", state="open" and version={}. The attached extends comm.bestoption to do a similar thing when the port arg is a table. Specifically it makes a partial copy of the port table and provides default values for state, protocol and version in the same way as for numerical port args. The patch also reverts r35251 so that comm.bestoption would be solely responsible for coercing a port for testing by shortport.ssl. I've tested the patch and can confirm the changes prevent the plaintext request for HTTPS urls. jah _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [nse] #212 - http.get_url makes plain text request for HTTPS urls jah (Sep 17)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls Daniel Miller (Sep 17)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls jah (Sep 18)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls Daniel Miller (Sep 21)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls jah (Sep 18)
- Re: [nse] #212 - http.get_url makes plain text request for HTTPS urls Daniel Miller (Sep 17)