Re: [NSE] http-devframework.nse

[George Chatzisofroniou <sophron () latthi com>]

On Mon, Aug 26, 2013 at 08:48:36PM +0000, nnposter () users sourceforge net wrote:
> Out of curiosity, why do you use response.rawheader so broadly, instead
> of leveraging the parsing that already took place when the response
> object was composed? 

While the normalization is useful for the reasons you mentioned, I was thinking
that being case sensitive may be important while fingerprinting. For example,
'CAKEPHP' value might be the lead to recognise a different CakePHP's version
than 'CakePHP'. Does this make sense?
 
> Fingerprint suggestions:
>
> * Cookies, such as CFID* and CFTOKEN* for Cold Fusion, ASPNETSESSIONID
>   for ASP.NET, BV_* for Broadvision, WC_* for WebSphere Commerce.
> * Parameters, such as __VIEWSTATE and __EVENT* for ASP.NET.
> * JavaScript calls, such as __doPostBack for ASP.NET
> * DOM elements, such as IDs "aspnetForm" or ctl00_* for ASP.NET

Nice. I added them.

> Suggested changes:
>
> * Misspelling of "Pasenger"(sic) in the string search.
> * Returning "Found ... in cookies" while the fingerprint searches server headers.

I corrected the spelling mistakes.

> Some other thoughts:
>
> * Would the concept of basepath make sense here?

I'm not sure either. I didn't want to create a highly configurable API (opposed
to other APIs that exist in NSE), that's why i came up with this simple callback
mechanism.

Thanks for the feedback.

-- 
George Chatzisofroniou
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/