Home page logo
/

nmap-dev logo Nmap Development mailing list archives

http-methods & http-trace NSE Script Enhancement Ideas
From: King Thorin <kingthorin () hotmail com>
Date: Wed, 23 May 2012 08:17:03 -0400


I was just looking through some online docs and some nmap results. I've 
never seen a server that includes public or allow header(s) on a 
redirect response [maybe my experience is limited?]. It seems to me that the http-methods NSE should follow 
redirects (HTTP 301, 302, 303) in order to perform the necessary OPTIONS
 request on a page/resource that's providing a HTTP 200.


Perhaps similar to the http-trace script:
http://nmap.org/svn/scripts/http-trace.nse
Though
 even that only follows one 301 or 302 redirect. 

Further, maybe both scripts should follow a configurable
 # of redirects (default 2, 3, 4 and configurable further) looking for a
 HTTP 200 & handle 301, 302, and 303 redirect codes.


Reference:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

I've emailed the devs of both scripts without any luck.



I'd be glad to provide the necessary changes, if someone can simply fill me in as to how they should be submitted.

                                          
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault