diff --git a/nselib/http.lua b/nselib/http.lua
index 142392a01..bb28fa9ec 100644
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -105,8 +105,9 @@ end
-- host table passed to a portrule or hostrule. The second argument is either
-- the port number or a table like the port table passed to a portrule or
-- hostrule. SSL is used for the request if port.service is
--- "https" or port.version.service_tunnel is
--- "ssl". The third argument is the request. The fourth argument is
+-- "https" or "https-alt" or
+-- port.version.service_tunnel is "ssl".
+-- The third argument is the request. The fourth argument is
-- a table for further options.
-- @param host The host to query.
-- @param port The port on the host.
@@ -127,7 +128,7 @@ request = function( host, port, data, options )
stdnse.print_debug(1, "http.request() supports the TCP protocol only, your request to %s cannot be completed.", host)
return nil
end
- if port.service == 'https' or ( port.version and port.version.service_tunnel == 'ssl' ) then
+ if port.service == 'https' or port.service == 'https-alt' or ( port.version and port.version.service_tunnel == 'ssl' ) then
protocol = 'ssl'
end
port = port.number
diff --git a/scripts/html-title.nse b/scripts/html-title.nse
index c7d487e0d..f8b724f6f 100644
--- a/scripts/html-title.nse
+++ b/scripts/html-title.nse
@@ -27,15 +27,18 @@ local ipOps = require 'ipOps'
local stdnse = require 'stdnse'
portrule = function(host, port)
- if port.protocol ~= 'tcp' or not (port.service == 'http' or port.service == 'https') then
- return false
- end
- -- Don't bother running on SSL ports if we don't have SSL.
- if (port.service == 'https' or port.version.service_tunnel == 'ssl')
- and not nmap.have_ssl() then
- return false
- end
- return true
+ local svc = { std = { ["http"] = 1, ["http-alt"] = 1 },
+ ssl = { ["https"] = 1, ["https-alt"] = 1 } }
+ if port.protocol ~= 'tcp'
+ or not ( svc.std[port.service] or svc.ssl[port.service] ) then
+ return false
+ end
+ -- Don't bother running on SSL ports if we don't have SSL.
+ if (svc.ssl[port.service] or port.version.service_tunnel == 'ssl')
+ and not nmap.have_ssl() then
+ return false
+ end
+ return true
end
action = function(host, port)
@@ -51,7 +54,7 @@ action = function(host, port)
local loc = redirect_ok( url, host, port )
if loc then
-- follow redirect
- redir = ("Requested resource was %s://%s%s"):format( url.scheme or port.service, loc.host, loc.path )
+ redir = ("Requested resource was %s://%s%s%s"):format( url.scheme or port.service, loc.host, (url.port and (":%s"):format(url.port)) or "", loc.path )
data = http.get( loc.host, loc.port, loc.path )
else
loc = nil -- killed so we know we didn't follow a redirect
@@ -91,12 +94,6 @@ function redirect_ok(url, host, port)
-- A battery of tests a URL is subjected to in order to decide if it may be
-- redirected to. They incrementally fill in loc.host, loc.port, and loc.path.
local rules = {
- function (loc, url, host, port)
- -- if url.scheme is present then it must match the scanned port
- if url.scheme and url.scheme ~= port.service then return false end
- return true
- end,
-
function (loc, url, host, port)
-- bail if userinfo is present
return ( url.userinfo and false ) or true
@@ -130,6 +127,13 @@ function redirect_ok(url, host, port)
return false
end,
+ function (loc, url, host, port)
+ -- if url.scheme is present then it must match the scanned port
+ if url.scheme and url.port then return true end
+ if url.scheme and url.scheme ~= port.service then return false end
+ return true
+ end,
+
function (loc, url, host, port)
-- path cannot be unchanged unless host has changed
-- loc.path must be set if returning true