Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Changes to http-auth
From: David Fifield <david () bamsoftware com>
Date: Sun, 18 Dec 2011 16:22:15 -0800

On Sat, Dec 17, 2011 at 10:46:15PM +0100, Patrik Karlsson wrote:
Hi all,

I've reworked the http-auth to handle multiple Authentication headers being
returned from the server.

Didn't it work that way before? The http library should join
together multiple headers with a comma, and http.parse_www_authenticate
should know how to deal with that. Manually parsing answer.rawheader
seems wrong--http.parse_header does that already, including some tricky
cases.

I tested locally against a dummy server offering Basic and Digest and it
worked before your patch. What did you run into that caused you to have
to change it?

ncat -l 8080 --sh-exec 'cat auth.http' -k

David Fifield

Attachment: auth.http
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault