Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Apache mod_negotiation
From: Hani Benhabiles <kroosec () gmail com>
Date: Thu, 8 Dec 2011 22:19:17 +0100

Hi Patrik,

I've been thinking about leveraging it more too. When mod_negotiation is
enabled, a request with an Accept header containing an unknown/unsupported
MIME type (such as random/foo) would get a response with all matching
results in alternates header and not just the first match in
Content-location. This post [1] from w3af creator explains it well.

[1]
http://www.bonsai-sec.com/blog/index.php/exploiting-http-content-negotiation/

Cheers,
Hani.

On Thu, Dec 8, 2011 at 10:02 PM, Patrik Karlsson <patrik () cqure net> wrote:

Hi all,

Testing the http-apache-negotiation script Hani wrote got me thinking.
Wouldn't it be possible for script like http-enum to use this feature in
order to do file and file-type guessing a lot more efficient?
If the server supports negotiation, the script would simply remove the
suffixes from the guessed files and the response would contain possible
responses?

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




-- 
M. Hani Benhabiles
Blog: http://kroosec.blogspot.com
Twitter: kroosec <https://twitter.com/#%21/kroosec>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault