Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ncat as http proxy server, question mark.
From: David Fifield <david () bamsoftware com>
Date: Fri, 23 Jan 2009 11:02:45 -0700

On Tue, Oct 28, 2008 at 02:00:51AM +0000, jah wrote:
I attempted to use ncat (latest svn) as an http proxy on both linux and
windows without success:

# ncat -l -vvv --proxy-type http localhost 8080
Listening on 127.0.0.1:8080

Set firefox on that machine to connect via 127.0.0.1:8080 and saw zero
traffic as a result of any http requests.

# ncat -l -vvv --proxy-type http 192.168.1.16 8080
Listening on 192.168.1.16:8080

and directed firefox on another machine to connect via 192.168.1.16:8080.
For any http request I see a HTTP 400 Bad Request response of 1024 bytes
- 996 of them are null chars.

I noticed this too. Ncat was sending an entire buffer, not just the
string it had placed at the beginning. It was pretty obvious that it was
wrong so I fixed it in r11830.

I can't get Ncat to work as a web proxy with Firefox either, because of
the GET/CONNECT method discrepancy Michael noted in
http://seclists.org/nmap-dev/2008/q4/0324.html. But apart from that, I
don't think Ncat's CONNECT method works quite right. CONNECT is
documented at http://tools.ietf.org/html/draft-luotonen-ssl-tunneling-03.
A request is supposed to look like this:

CONNECT nmap.org:80 HTTP/1.0\r\n
\r\n
GET / HTTP/1.1\r\n
Host: nmap.org\r\n
\r\n

Before the first blank line is just a normal HTTP request, so you could
insert extra header fields like User-Agent, etc. But Ncat comes back
with "HTTP/1.0 200 OK" after the first \r\n. That means that any other
header fields as well as the second \r\n get sent to the destination web
server. Apache seems to tolerate the extra whitespace before the
request, but for example lighttpd returns "UNKNOWN 400 Bad Request".

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
  • Re: ncat as http proxy server, question mark. David Fifield (Jan 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]