Update HTTP_open_proxy.nse to use Google Web Server's changed header field:

"Server: gws" instead of "Server: GWS/". The patch is based on one from Vlatko
Kosturjak. Sven suggested a better portrule.

CHANGELOG

@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o The HTTP_open_proxy.nse is updated to match Google Web Server's
+  changed header field: "Server: gws" instead of "Server: GWS/".
+  [Vlatko Kosturjak]
+
 o Enhanced the ssh service detection signatures to properly
   detect protocol version 2 services. [Matt Selsky]
 

scripts/HTTP_open_proxy.nse

@@ -1,19 +1,22 @@
 -- Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> / www.buanzo.com.ar / linux-consulting.buanzo.com.ar
--- See Nmap'ss COPYING file for licence details
+-- See Nmap's COPYING file for licence details
--- This is version 20070413 aka "13th Friday" :)
 -- Changelog: Added explode() function. Header-only matching now works.
---		* Fixed set_timeout
+--   * Fixed set_timeout
---		* Fixed some \r\n's
+--   * Fixed some \r\n's
+-- 2008-10-02 Vlatko Kosturjak <kost@linux.hr>
+--   * Match case-insensitively against "^Server: gws" rather than
+--     case-sensitively against "^Server: GWS/".
 
 id="Open Proxy Test"
 description=[[
-Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: GWS/' header response.
+Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: gws' header response.
 \n
 If the target is an open proxy, this script will cause the target to retrieve a
 web page from www.google.com.
 ]]
 categories = {"default", "discovery", "external", "intrusive"}
 require "comm"
+require "shortport"
 
 -- I found a nice explode() function in lua-users' wiki. I had to fix it, though.
 -- http://lua-users.org/wiki/LuaRecipes
@@ -34,20 +37,12 @@ function explode(d,p)
 	return t
 end
 
-portrule = function(host, port)
+portrule = shortport.port_or_service({3128,8000,8080},{'squid-http','http-proxy'})
-	if 	(port.number == 3128 or port.number == 8080 or port.service == "http-proxy" or port.service == "squid-proxy" or port.service == "squid-proxy?")
-		and port.protocol == "tcp"
-	then
-		return true
-	else
-		return false
-	end
-end
 
 action = function(host, port)
 	local response
 	local i
--- We will return this if we don't find "^Server: GWS" in response headers
+-- We will return this if we don't find "^Server: gws" in response headers
 	local retval
 
 -- Ask proxy to open www.google.com
@@ -61,14 +56,14 @@ action = function(host, port)
 -- Explode result into the response table
 	response = explode("\n",result)
 
--- Now, search for Server: GWS until headers (or table) end.
+-- Now, search for "Server: gws" until headers (or table) end.
 	i = 0
 	while true do
 		i = i+1
 		if i > table.getn(response) then break end
 		if response[i]=="\r" then break end
-		if string.match(response[i],"^Server: GWS/") then
+		if string.match(response[i]:lower(),"^server: gws") then
-			retval = "Potentially OPEN proxy. Check for Google\'s \"Server: GWS/\" header FOUND."
+			retval = "Potentially OPEN proxy. Google\'s \"Server: gws\" header FOUND."
 			break
 		end
 	end