Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-useragent-tester.nse
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 27 Jul 2013 22:05:54 -0500

George,

Perhaps the script could be generalized to show the differences in headers
(minus the Date header) that are returned given the different user agent
strings? This would cover the Location header, as it currently does, but
also could cover different HTTP status codes, content length, or other
quirks of the server/application.

Dan


On Sat, Jul 27, 2013 at 1:35 PM, George Chatzisofroniou
<sophron () latthi com>wrote:

Hi Paulino,

On Fri, Jul 26, 2013 at 12:26:07PM -0500, Paulino Calderon wrote:
Have you considered including the capability of discovering new
hosts with this script?

That's a good addition. The script now checks if the returned location
lies outside the target host. If it is, the target library adds the new
discovered target to Nmap scan queue.

I've encountered web servers that redirect
you to different hosts depending on the UserAgent.

I was thinking about cases in which this could happen. I came up with two:

- Hosts that detect headers from crawling libraries/ultities and ban
  these clients. That's what the current script is checking.

- Hosts that hold a mobile version of the site and redirect the clients
  to this version. I'll post a script that checks this soon.

If anyone knows more cases, please let me know. Maybe we will come up with
new
script ideas.

--
George Chatzisofroniou
sophron.latthi.com
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]