Home page logo

nmap-dev logo Nmap Development mailing list archives

Correction for nginx match line
From: Sven Klemm <sven () c3d2 de>
Date: Mon, 17 Dec 2007 16:54:54 +0100


nmap improperly detects nginx over ssl as http-proxy when doing
service scan. The reason for this is that nginx answers with HTTP 400
Bad Request when it receives HTTP Requests on HTTPS ports. The
attached patch adjusts the match line so that nginx over ssl will be
properly detected as ssl/http-proxy.

Result with patch:

sven:~/code/nmap> nmap -p 80,443 -sV

Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-17 16:45 CET
Interesting ports on
80/tcp  open  http-proxy     nginx http proxy 0.5.30
443/tcp open  ssl/http-proxy nginx http proxy 0.5.30

Index: nmap-service-probes
--- nmap-service-probes (revision 6557)
+++ nmap-service-probes (working copy)
@@ -4521,7 +4521,7 @@
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ 
 match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; 
charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/
-match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: nginx/([\d.]+)\r\n| p/nginx http proxy/ v/$1/
+match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4([1-9]\d|0[1-9])) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ 
 match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http 
proxy/ i/Simple, Secure Web Server $1/ d/firewall/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http 
 match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font 
COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute 
Pro http proxy/ o/Windows/

Attachment: signature.asc
Description: OpenPGP digital signature

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]