mailing list archives
Re: [NSE] http-devframework.nse
From: George Chatzisofroniou <sophron () latthi com>
Date: Tue, 27 Aug 2013 11:34:11 +0300
On Mon, Aug 26, 2013 at 08:48:36PM +0000, nnposter () users sourceforge net wrote:
Out of curiosity, why do you use response.rawheader so broadly, instead
of leveraging the parsing that already took place when the response
object was composed?
While the normalization is useful for the reasons you mentioned, I was thinking
that being case sensitive may be important while fingerprinting. For example,
'CAKEPHP' value might be the lead to recognise a different CakePHP's version
than 'CakePHP'. Does this make sense?
* Cookies, such as CFID* and CFTOKEN* for Cold Fusion, ASPNETSESSIONID
for ASP.NET, BV_* for Broadvision, WC_* for WebSphere Commerce.
* Parameters, such as __VIEWSTATE and __EVENT* for ASP.NET.
* DOM elements, such as IDs "aspnetForm" or ctl00_* for ASP.NET
Nice. I added them.
* Misspelling of "Pasenger"(sic) in the string search.
* Returning "Found ... in cookies" while the fingerprint searches server headers.
I corrected the spelling mistakes.
Some other thoughts:
* Would the concept of basepath make sense here?
I'm not sure either. I didn't want to create a highly configurable API (opposed
to other APIs that exist in NSE), that's why i came up with this simple callback
Thanks for the feedback.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/