Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r32114 - nmap-exp/d33tah/ncat-lua-callbacks/ncat/test
From: David Fifield <david () bamsoftware com>
Date: Fri, 30 Aug 2013 15:57:33 -0700

On Fri, Aug 30, 2013 at 07:04:15PM +0200, Jacek Wielemborek wrote:
I believe that depends on the use case. Since you can handle both
encoding and decoding side of such proxy, it'd be easy to for example
encrypt whole proxy session or obfuscate it in any way for example to
do some IDS evasion. Perhaps it'd be better to leave the behavior
there, just optional?

Perhaps we can make it optional in the future. We will then need to
design an interface that allows you to say, "I want this script to apply
to payload traffic only" or "I want this script to apply to proxy
negotiation only" or "I want this script to apply to both" if that makes
any sense.

Since I'm sure the overwhelming use case will be to transform payload
traffic passing through a proxy, not the proxy negotiation itself, I
suggest that we make that the only supported configuration. Remember:
Having lots of features is nice, but you never stop paying for a bad
design. It's better to start with a good design for something simple,
and add complexity later.

David Fifield
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]