Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] NSE script to detect web apps vulnerable to HTTPoxy

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 12 Sep 2016 09:51:16 -0500
Paulino,

Thanks for the update. Looking forward to getting this reviewed and merged!

Dan

On Sun, Sep 11, 2016 at 9:02 PM, Paulino Calderon <paulino () calderonpale com>
wrote:


Hey list,

I finally got around to update the script. After considering your feedback
I applied the following changes:
* Requests are interleaved now.
* 30 requests are sent to calculate the average response time. (We could
probably do less but this works even in my terrible connection)
* Proxy header uses a random but valid hostname. The additional time gets
introduced when resolving the name + connection time.
* To mark a host vulnerable, the bad response time need be at least twice
as big as the normal one. In my vulnerable instances this worked fine, we
could probably go with 1.5 but I rather stayed on the safe side. This also
fixed the issue with false positives when calculating if the host was
vulnerable with mean deviation calculations.

I will wait a few days to give everyone a chance to test it before
committing.

Cheers.

http-httpoxy.nse: https://github.com/cldrn/nmap-nse-
scripts/blob/master/scripts/http-httpoxy.nse




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: