Home page logo

nmap-dev logo Nmap Development mailing list archives

RE: Enhanced Version of HTTPtrace.nse
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Fri, 14 Dec 2007 08:15:08 -0000

Thanks Thomas, I've started adding support and a version I've got here
appears to work a lot better on Linux now.

However, has anyone got any good suggestions on how I can work out if a
server on port 443 isn't using https, but is actually using http? If a
service scan was performed, nmap correctly replaces https with http, but a
default scan uses nmap-services and states that the service is https. I've
seen servers without ssl that serve http on 443/tcp, and they often have
TRACE enabled too, so I'd prefer to catch this scenario if possible. On
Windows, it'll see "https" from nmap and think it needs ssl, and due to a
lack of ssl support my updated script here will stop what it's doing
(without giving any additional info). On clients with ssl support, however,
it'll try and connect to the plaintext service using an ssl connection, and
I suspect - as I haven't tried a newer version of my script yet on Linux -
it might even come up with a false negative (which would be even worse).

Is there any way an NSE script can do something like ask/force nmap to do a
service scan for the port it's testing? Or should I assume that the user
doesn't mind the odd lack of a result from the script if they haven't gone
with a version scan to begin with? The same logic would probably be useful
for other scripts, such as showHTMLTitle.


-----Original Message-----
From: Thomas Buchanan [mailto:tbuchanan () thecompassgrp net] 
Sent: 14 December 2007 02:07
To: Rob Nicholls
Cc: nmap-dev () insecure org
Subject: Re: Enhanced Version of HTTPtrace.nse

Rob Nicholls wrote:
I changed the portrule so it'll test any open tcp port that's detected by
nmap as "http" or "https" (obviously, a version scan needs to be performed
to identify unusual ports), as Kris' original script only tested 80 or
8080. It should also be obvious that the Windows client won't see "https",
they'll get "ssl", so the script won't run against secure HTTP servers for
Windows based nmap users. I haven't tested this script using nmap on a
Linux host (yet), but I'm hoping adding the rule to support https
shouldn't be a problem. I'm sure someone will let me know otherwise.


I think it takes a little more than this to enable SSL support.  You have to

pass a different protocol ("ssl" instead of "tcp") to the socket:connect() 
call for SSL connections.  See showHTMLTitle.nse for an example.  Also, you 
may want to use the recently introduced nmap.have_ssl() to test whether Nmap

was compiled with SSL support.

Hope this helps,


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]