From d6ff72d9a33b3d6306744b8ce1079a1d6387129e Mon Sep 17 00:00:00 2001 From: jah Date: Thu, 14 May 2015 15:17:33 +0000 Subject: [PATCH] Change sslstrip service probe match to softmatch. SSLStrip is not the only service to respond to the GenericLines probe with the "HTTP 400 Bad Request" match: TwistedWeb and at least one home router does too. The softmatch will allow these other services to be queried by more specific probes. It would obviously be better to find a better way of matching SSLStrip and this softmatch may yet be deleted if it causes services to be erroneously labelled as sslstrip where there is no better match. See thread at http://seclists.org/nmap-dev/2014/q1/337 --- nmap-service-probes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nmap-service-probes b/nmap-service-probes index 9a711ab7a..66aea9f1c 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -5024,7 +5024,7 @@ match http-proxy m|^501 Not Implemented\nInvalid request

This message was created by Kerio Control Proxy {100}| p/Kerio Control http proxy/ cpe:/a:kerio:control/ -match http-proxy m|^HTTP/1\.1 400 Bad Request\r\n\r\n$| p/sslstrip/ +softmatch http-proxy m|^HTTP/1\.1 400 Bad Request\r\n\r\n$| p/sslstrip/ match hp-problemdiagnostics m|^<\?xml version=\"1\.0\" encoding=\"UTF-8\"\?>\n\n\t\n\t\t([\w._-]+)\n\t\t[\d.]+\n\t\n\t\n\t\t\n\t\t\tNo destination specified\n\t\t\n\t\n\n\n$| p/HP Problem Diagnostics/ h/$1/