Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Ncat proposal: NCAT_TARGET environment variable
From: David Fifield <david () bamsoftware com>
Date: Sat, 10 Aug 2013 15:47:26 -0700

On Wed, Aug 07, 2013 at 08:36:06PM +0200, Jacek Wielemborek wrote:
While writing the ws.py demo for d33tah/ncat-env-ncatins branch, I
noticed I could use an environment variable that instead of holding
the IP address of the remote host would hold the hostname from the
command line. That would allow scripts that communicate with HTTP to
form a valid "Host: " header.

What do you think about such an addition? Would anybody else find any
use for it?

My initial reaction to this is to say "no," because what I think what
you are trying to achieve can be better done through a different
abstraction.

I would rather see something like this:
        websocket_abstraction = {
                connect = function(sock, host, port, secure)
                        sock:connect(host, port)
                        ...
                        sock:write("Host: " .. host .. "\r\n")
                end,
                write = function(...)
                        ...
                end,
                ...
        }
That is, a WebSocket (or other application layer) implementation should
not try to "take over the world" of Ncat's execution. Rather, it should
be a layer of Lua code called by existing Ncat C code.

In particular, I think that WebSocket is badly suited for an exec-like
implementation, and that it is a mistake to add features only to try to
coax exec into supporting WebSocket.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]