On 9/1/07, Kris Katterjohn <
katterjohn@...> wrote:
>
> I wrote:
> >
> > I've attached an NSE script which sends an HTTP TRACE command to a
> > server and examines the response for modifications.
> >
>
> In what Brandon calls poor form, I'm replying to myself:
>
> I missed something that never came up in initial testing, but showed up
> twice in one scan (-iR 5000) this morning: a host sending a 200 OK, but
> actually being a 400-level error HTML message with no trace.
>
> After rescanning the guilty hosts with the attached script and using
> --script-trace, it seems to work fine.
>
> I attached the copy so you can test it out without patching, but here's
> the diff:
>
In what Brandon would probably call extremely poor form, I'm replying to
myself again :)
I've applied a modified script to SVN, which should be better. It only
prints the modifications from the request, and only prints, at most, the
first 5 additional lines of it. Also, it's only in the "discovery" category
rather than in "safe" too.
Thanks,
Kris Katterjohn
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-devArchived at
http://SecLists.Org
