Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] showHTMLTitle.nse - bugfix and a few improvements
From: Sven Klemm <sven () c3d2 de>
Date: Fri, 03 Oct 2008 10:18:40 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Fifield wrote:
| On Tue, Sep 30, 2008 at 10:53:34PM +0100, jah wrote:
|> On 30/09/2008 21:08, David Fifield wrote:
|>> Two different mechanisms for getting the redirected page are used.
With
|>> an absolute URI, it's
|>>         data = http.get_url( loc )
|>> and with a relative URI it's
|>>         data = http.get( host, port, loc )
|>> Could that be simplified, maybe by having the two cases assign
temporary
|>> variables representing the new host, port, and loc, then having a
common
|>> http.get outside of the if block? It doesn't seem right to parse the
|>> URL, reconstruct it, and have http.get_url parse it again.
|>>
|> I'll have a go at that.  I think it might result in more code, but
we'll
|> see.
|
| I was thinking something like
|
|         local url = url.parse( data.header.location )
|         local redir_host
|         -- follow ONE redirect if host is not some other host.
|         if type( url.host ) == "string" and url.host ==
host.targetname or url.host == ( host.name ~= '' and host.name ) or
url.host == host.ip then

if url.host and url.host == host.targetname or url.host == ( host.name
~= '' and host.name ) or url.host == host.ip then

|                 -- Absolute redirect.
|                 redir_host = url.host
|         elseif type( url.host ) ~= "string" and type( url.path ) ==
"string" and url.path ~= "/" then
elseif not url.host and url.path and url.path ~= "/" then
|                 -- Relative redirect (not HTTP/1.1-compliant).
|                 redir_host = host
|         end
|         if redir_host then
|                 local loc
|                 loc = ( ( type( url.path ) == "string" and url.path)
or "/" )
loc = url.path or "/"
|                 .. ( ( type( url.query ) == "string" and
("?%s"):format( url.query ) ) or "" )
.. ( ( url.query and ("?%s"):format( url.query ) ) or "" )
|                 data = http.get( redir_host, port, loc )
|                 stdnse.print_debug("showHTMLTitle.nse: (%s) Default
page is located at %s.", host.targetname or host.ip, loc)
|         else
|                 stdnse.print_debug("showHTMLTitle.nse: (%s) Default
page may be located at %s.", host.targetname or host.ip,
data.header.location)
|         end
|

The table returned by the url library always contains strings so it's
not necessary to specifically check for strings but it's sufficient to
check for the existence of a field.

Maybe we should enhance the documentation to include this information.
Adding test cases for the nse libraries would probably be even better.
So we could easily verify whether a library always returns the
specified types.


Cheers,
Sven


- --
Sven Klemm
http://cthulhu.c3d2.de/~sven/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjl1WAACgkQevlgTHEIT4YHAwCfbSXWj7n8g+xyjyni0EEg8Nhi
vbsAni5mb+PPVRsDUORbupVSSzGpYltL
=s5il
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]