PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-28 18:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Don't use shortport.ssl to determine Host header.

Browse Source 
The only reason this was used was to determine if port 443 was HTTPS.
Simply dropping the port if it's 80 or 443 yields the same outcome.
Maybe we want to be more clear, but then we'd need to have the caller
pass in the URI scheme, too. This is faster and avoids the new SSL
probes in shortport.ssl.
This commit is contained in:
dmiller
2018-08-11 21:23:58 +00:00
parent 7a790d3665
commit b2deb019ed
1 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
nselib/http.lua
View File

@@ -173,14 +173,11 @@ local get_default_port = url.get_default_port
local function get_host_field(host, port)
if host_header then return host_header end
if not host then return nil end
if type(port) == "number" then
port = {number=port, protocol="tcp", state="open"}
end
local scheme = shortport.ssl(host, port) and "https" or "http"
if port.number == get_default_port(scheme) then
local number = (type(port) == "number") and port or port.number
if number == 443 or number == 80 then
return stdnse.get_hostname(host)
else
return stdnse.get_hostname(host) .. ":" .. port.number
return stdnse.get_hostname(host) .. ":" .. number
end
end