Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: http-methods & http-trace NSE Script Enhancement Ideas
From: King Thorin <kingthorin () hotmail com>
Date: Fri, 25 May 2012 09:29:07 -0400



Date: Thu, 24 May 2012 13:45:30 -0700
From: david () bamsoftware com
To: kingthorin () hotmail com
CC: nmap-dev () insecure org
Subject: Re: http-methods & http-trace NSE Script Enhancement Ideas

On Wed, May 23, 2012 at 08:17:03AM -0400, King Thorin wrote:

I was just looking through some online docs and some nmap results. I've 
never seen a server that includes public or allow header(s) on a 
redirect response [maybe my experience is limited?]. It seems to me that the http-methods NSE should follow 
redirects (HTTP 301, 302, 303) in order to perform the necessary OPTIONS
 request on a page/resource that's providing a HTTP 200.

Ideally the redirect handling would work the same as the built-in
handling of the http.get and http.head methods. See this earlier
discussion:

http://seclists.org/nmap-dev/2012/q1/338

David Fifield

Hi David,

I definitely agree with this idea. Someone else mentioned it yesterday. Unfortunately:
1) I'm not a developer. Though I understand code at a beginner or "maybe" intermediate level and can write some kludgey 
bits I don't write code on a daily basis. Looking at http://nmap.org/nsedoc/lib/http.html yesterday did not clarify 
redirect_ok or MAX_REDIRECT_COUNT for me at all.
2) The existing redirect functionality (based on the thread you linked) only seems to cover get and head not 
http.generic_request.

3) I've done some intext and site:nmap.org googling looking for existing NSEs that leverage the existing functionality 
but they seem pretty rare and are only get/head based.
                                          
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]