Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-devframework.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 27 Aug 2013 11:34:11 +0300

On Mon, Aug 26, 2013 at 08:48:36PM +0000, nnposter () users sourceforge net wrote:
Out of curiosity, why do you use response.rawheader so broadly, instead
of leveraging the parsing that already took place when the response
object was composed? 

While the normalization is useful for the reasons you mentioned, I was thinking
that being case sensitive may be important while fingerprinting. For example,
'CAKEPHP' value might be the lead to recognise a different CakePHP's version
than 'CakePHP'. Does this make sense?
Fingerprint suggestions:

* Cookies, such as CFID* and CFTOKEN* for Cold Fusion, ASPNETSESSIONID
  for ASP.NET, BV_* for Broadvision, WC_* for WebSphere Commerce.
* Parameters, such as __VIEWSTATE and __EVENT* for ASP.NET.
* JavaScript calls, such as __doPostBack for ASP.NET
* DOM elements, such as IDs "aspnetForm" or ctl00_* for ASP.NET

Nice. I added them.

Suggested changes:

* Misspelling of "Pasenger"(sic) in the string search.
* Returning "Found ... in cookies" while the fingerprint searches server headers.

I corrected the spelling mistakes.

Some other thoughts:

* Would the concept of basepath make sense here?

I'm not sure either. I didn't want to create a highly configurable API (opposed
to other APIs that exist in NSE), that's why i came up with this simple callback

Thanks for the feedback.

George Chatzisofroniou
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]