We never intend to ask for a service on a port other than the one we
connect to. By my reading of RFC 2616 section 14.23, we can leave the
port number off in this case. Robin Wood reported that
https://twitter.com/ gives you a redirect instead of a page if you send
it
Host: twitter.com:443
rather than
Host: twitter.com
http://seclists.org/nmap-dev/2013/q1/267
RFC 3986 section 3.1:
Although schemes are case-insensitive, the canonical form is lowercase
and documents that specify schemes must do so with lowercase letters.
An implementation should accept uppercase letters as equivalent to
lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the
sake of robustness but should only produce lowercase scheme names for
consistency.
RFC 3986 says that these URLs are equivalent:
http://example.com/http://example.com:/
url.parse was returning port="" for the latter. Make it instead return
port=nil like the former.
To me, this is a relative URL with a path of "". I.e., it refers to the
same document as wherever the URL appeared, like when people do
<form action="" enctype="multipart/form-data" method="POST">
This connect should be side effect–free except for calling socket_lock,
which prevents the creation of an excessive number of sockets. Not using
the lock was causing "Too many open files" errors.
We should have a cleaner general solution for this, and not require
scripts to "connect" their unconnected UDP sockets. I seem to remember
that there was a good reason for not enforcing the lock on socket
creation, but only on connect, as we do.
http://seclists.org/nmap-dev/2012/q4/435
commit fb1fa9373592e81ee004b99cf813e07bf253fbe1
Author: Patrik Karlsson <patrik@cqure.net>
Date: Sun Dec 16 11:49:36 2012 -0500
Fix bug where brute library failed to report error on invalid iterators
commit e5cb0a18d5474730310f1797016e1106c33ca059
Author: Patrik Karlsson <patrik@cqure.net>
Date: Sun Oct 7 10:47:35 2012 +0200
compatibility fixes to spnego authentication in smb and smbauth libraries
the spnego authentication blob now decodes properly in wireshark
fixes in spnego authentication for both Window 2003 and Windows 7
commit 5de9e4fa623f88a9b48ef0704244ff843005573a
Author: Patrik Karlsson <patrik@cqure.net>
Date: Sat Oct 6 21:19:08 2012 +0200
Applied patch from Dhiru Kholia adding oracle-brute-stealth and needed changes
reworked the patch slightly and added;
- support for specifying account on command line
- johnfile argument for writing hashes directly to file
