Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: POST data in http-fingerprints.lua

From: Gary Madarm <gmadarm () gmail com>
Date: Wed, 28 Sep 2016 11:22:19 +0300
Thanks, that's exactly what I needed. Will the http-enum.nse patch be
committed or will I need to roll out the change across my network?

On Mon, Sep 26, 2016 at 3:06 PM, Josh Amishav-Zlatin <jamuse () gmail com>
wrote:


Hi Gary,

See the patch below:

# diff http-enum.nse http-enum.nse~
400c400
<         local res = http.generic_request(host, port,
fingerprints[i].probes[j].method or 'GET', basepath ..
fingerprints[i].probes[j].path, fingerprints[i].probes[j].options or nil)
---

        local res = http.generic_request(host, port,

fingerprints[i].probes[j].method or 'GET', basepath ..
fingerprints[i].probes[j].path, nil)

You can create a fingerprint that sends POST data in http-fingerprints.lua
like this:

table.insert(fingerprints, {
    category = 'attacks',
    probes = {
      {
        path = '/vuln.php',
        method = 'POST',
        nopipeline = true,
        options = {
          header = {
            ["Content-Type"] = "application/x-www-form-urlencoded"
          },
          content = "par1=val1&par2=val2"
        }
      },
    },
    matches = {
      {
        match = 'test',
        output = 'POST request with content worked'
      }
    }
  });

- Josh

On Wed, Sep 21, 2016 at 8:20 PM, Daniel Miller <bonsaiviking () gmail com>
wrote:


Gary,

It doesn't look like that's supported right now. The code in
http-enum.nse uses http.pipeline_add or http.generic_request with the
options parameter set to nil. If we wanted to add this, it would probably
be best to just allow a fingerprint to define an options table and pass it
along. In that case, you could set the "content" key of the options table
to your POST data.

For now, your best bet would be to write a stand-alone script to do what
you want. Unless you'd like to make the change I outlined above and submit
it so that others can benefit as well!

Dan

On Wed, Sep 21, 2016 at 9:08 AM, Gary Madarm <gmadarm () gmail com> wrote:


How can I create a fingerprint in http-fingerprints.lua using the POST
method and include POST data in the request?

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: