Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [PATCH] http-open-proxy - improvement to pattern for matching response status-line
From: Joao Correa <joao () livewire com br>
Date: Mon, 29 Jun 2009 16:27:00 -0300

Hi Jah,

I've tested the patch and it works well here. I'm currently working on
a new version of the script, where your patch will also be useful. You
should commit it to nmap-exp/dev.

Thanks a lot for the patch.

João Correa

On Sun, Jun 28, 2009 at 9:53 PM, jah<jah () zadkiel plus com> wrote:
Evening All,

Attached is a patch for http-open-proxy which prevents some false
positives when testing the http status-line in a response.
(This usually happens when testing a target with the CONNECT method, but
also if the user supplies --script-args openproxy.url, but not
openproxy.pattern)

The current patterns used to match the http status-line are not
restricted to matching a valid http status-line.
An example is the pattern "^http.*200.*" which matched the following in
a response:

http/1.1 501 not supported
server: microsoft-iis/5.1
date: sun, 28 jun 200

and resulted in:

8080/tcp open  http    Microsoft IIS webserver 5.1
|  http-open-proxy: Potentially OPEN proxy.
|_ Methods succesfully tested: CONNECT


The patch also tidies-up a few stray variables and typo's.

Regards,

jah




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]