Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] http caching not taking checking headers difference
From: Hani Benhabiles <kroosec () gmail com>
Date: Thu, 17 May 2012 02:07:47 +0100

Hi list,

While writing an http script, I found out that when sending two requests as in the code below causes the second to not be sent.

local response = http.get(host, port, '/', { ['header'] = { ['Foo'] = bar }}) local response2 = http.get(host, port, '/', { ['header'] = { ['Foo'] = bar2 }})

When investigating it, I found that it was due to the http cache system checking the host, port, method and url but not the request headers.

This happens in the function lookup_cache:
    local key = stdnse.get_hostname(host)..":"..port..":"..path;
and
    if bypass_cache or record == nil or method ~= record.method then

So, two requests with different headers end up treated as similar. Shouldn't they be treated as different ? Is this a choice by design or a bug ?

(I am well aware of the ability of disabling cache lookup in the request options.)

Cheers,
Hani.

--
Hani Benhabiles

Twitter: https://twitter.com/#!/kroosec
Blog: http://kroosec.blogspot.com

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • [NSE] http caching not taking checking headers difference Hani Benhabiles (May 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault