Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: http-trace update
From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 27 Jun 2011 15:41:41 -0700

On 06/27/2011 12:35 PM, Fyodor wrote:
On Mon, Jun 13, 2011 at 11:54:05PM -0700, Paulino Calderon wrote:
     Here is my new version of http-trace. This new version was created
to fix some issues that were discussed a while ago:
Thanks Paulino!  This looks good and works well in my testing.  I
receive output like:

Nmap scan report for mit.edu (18.9.22.69)
Host is up (0.10s latency).
rDNS record for 18.9.22.69: WEB.MIT.EDU
PORT   STATE SERVICE
80/tcp open  http
| http-trace: TRACE is enabled
| Headers:
| Date: Mon, 27 Jun 2011 18:42:27 GMT
| Server: Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j
| Connection: close
| Transfer-Encoding: chunked
|_Content-Type: message/http

I have a few suggestions:

o It should probably be added to the "vuln" category.  Even though it
   isn't a directly exploitable vulnerability in itself, I think people
   who do "--script vuln" will want to know about it.  Keeping it in
   "discovery" seems fine too.

o The headers in the example above don't really give us anything we
   couldn't get from http-headers.  The question is whether there are
   cases where we do get extra, valuable information?  I'd suggest:

   1) If the trace-specific header information is unlikely to be useful
      beyond what we could get with http-headers, it should be removed
      or made to require debug level of at least one or something.

   2) If the header information is likely to be useful in some cases,
      maybe we can build a list of "basic" headers to ignore, like the
      five above.  That way the user only sees headers which are
      unusual and more likely to be worth noting.

Once you deal with these issues, please do check the script in
(replacing current http-trace).

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Fixed and commited as r24421and r24420.

--
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: http://www.twitter.com/paulinocaIderon

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]