Nmap Development: Correction for nginx match line

Nmap Development mailing list archives

Correction for nginx match line

From: Sven Klemm <sven () c3d2 de>
Date: Mon, 17 Dec 2007 16:54:54 +0100

Hi

nmap improperly detects nginx over ssl as http-proxy when doing
service scan. The reason for this is that nginx answers with HTTP 400
Bad Request when it receives HTTP Requests on HTTPS ports. The
attached patch adjusts the match line so that nginx over ssl will be
properly detected as ssl/http-proxy.

Result with patch:

sven:~/code/nmap> nmap -p 80,443 23.23.23.23 -sV

Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-17 16:45 CET
Interesting ports on 23.23.23.23:
PORT    STATE SERVICE        VERSION
80/tcp  open  http-proxy     nginx http proxy 0.5.30
443/tcp open  ssl/http-proxy nginx http proxy 0.5.30

Cheers
Sven

Index: nmap-service-probes
===================================================================
--- nmap-service-probes (revision 6557)
+++ nmap-service-probes (working copy)
@@ -4521,7 +4521,7 @@
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nServer: BlueCoat-Security-Appliance\r\n|s p/BlueCoat http proxy/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nProxy-agent: BlueCoat-WinProxy\r\n| p/BlueCoat WinProxy http proxy/ 
o/Windows/
 match http-proxy m|^HTTP/1\.0 200 Connection established\r\nPragma: no-cach\r\nContent-Type: text/html; 
charset=windows-1251\r\n\r\n$| p/UserGate http proxy/ o/Windows/
-match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: nginx/([\d.]+)\r\n| p/nginx http proxy/ v/$1/
+match http-proxy m!^HTTP/1\.1 ([1235]\d\d|4([1-9]\d|0[1-9])) .*\r\nServer: nginx/([\d.]+)\r\n! p/nginx http proxy/ 
v/$3/
 match http-proxy m|^HTTP/1\.1 \d\d\d .*\r\nServer: Simple, Secure Web Server ([\d.]+)\r\n|s p/Symantec firewall http 
proxy/ i/Simple, Secure Web Server $1/ d/firewall/
 match http-proxy m|^HTTP/1\.0 \d\d\d .*\r\nContent-Length: \d+\r\n.*\r\n\r\n.*<B>KEN! Proxy</B>|s p/AVM KEN! http 
proxy/
 match http-proxy m|^HTTP/1\.0 400 Bad request\r\nContent-Type: text/html\r\nPragma: no-cache\r\n\r\n<H4><font 
COLOR=\"#FF0000\">Error parsing http request : </font></H2><p><pre>GET / / HTTP/1\.0\r\n\r\n</pre>| p/Kerio Winroute 
Pro http proxy/ o/Windows/

Attachment: signature.asc
Description: OpenPGP digital signature


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

By Date By Thread

Current thread:

Correction for nginx match line Sven Klemm (Dec 17)
- Re: Correction for nginx match line Sven Klemm (Dec 17)
  - Re: Correction for nginx match line Fyodor (Dec 20)