mailing list archives
RE: Enhanced Version of HTTPtrace.nse
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Fri, 14 Dec 2007 12:10:54 -0000 (UTC)
I'm hoping this is the last version of this script (for a while).
I had to comment out one of the checks (the one that tried to detect
immediate disconnects for unknown verbs) to avoid false negatives from
occurring if the wrong type of scan was attempted (e.g. if nmap-services
suggested https but the server was really running http on port 443 as the
server doesn't have SSL enabled - probably a rare case, but I do know a
server that's currently configured like this). If someone/anyone can
suggest a good way of accurately differentiating between http and https
despite what nmap-services will suggest without a version scan, I'm keen
to add that to this script so I can re-introduce the disconnect check.
There are plenty of comments for anyone that's curious as to what's going
on behind the scenes. It should work okay on *nix and Windows. It should
always tell you when it detects that TRACE is enabled (like the SSLv2
script does), but won't tell you anything else unless the verbosity is
greater than 2.
Thanks to everyone for their comments!
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org