- Cookie Support
- Pipelining Support
- New lib modularization (previously, single functions were taking care of too many tasks, we have splitted these tasks for better code reuse)
parses an HTTP date in any of three possible formats.
http-date.nse gets the Date: header field value from and HTTP server,
then displays it with how much it differs from local time.
http.lua. Previously the code was not careful about checking its input,
and would loop forever if it got something non-hex where it expected a
hex chunk-size. See http://seclists.org/nmap-dev/2009/q3/0013.html.
This code raises an error whenever decoding fails for whatever reason.
It also handles chunk extensions. The reference is section 3.6.1 of
RFC 2616.
fields passed to it and adds them to the request. Previously it ignored them,
relying on http.get to concatentate the header fields into a string for it.
Modified http.request() to connect using ssl for the https-alt service.
html-title.nse can now deal with a redirect which changes the url scheme
as long as a port is present in the url and it is the port being scanned.
Now http.request() returns nil if port.protocol is not 'tcp'.
Changed the portrule in html-title.nse to accept only TCP ports.
Fixed a redirect rule in html-title.nse which was comparing the string url.port with
the number port.number - which would always be false.
license" to "Same as Nmap--See http://nmap.org/book/man-legal.html" like
scripts commonly use. I added the field to some modules I know to be under the
Nmap license: bin, datafiles, dns, nmap, unpwdb. I left alone bin, bit, pcre,
and url, which come from outside sources.
http, ipOps, listop, and match. This is mainly merging the best documentation
from the module source and scripting.xml into the module, with the aim of
making the source code the canonical source for module documentation.
It is unnecessary to prefer targetname over the ip in the request()
function since host is only passed to socket:connect() which would have to
resolve the targetname back to the ip.
I've rewritten the header/body separation to use a single regex which
should do the same as your code and since the first match is non-greedy
should always prefer the shorter version.
I've done something similar for the header splitting.
I've removed the type checks for header and body since they are always
strings.
give the error: SCRIPT ENGINE: C:\Program
Files\Nmap\nselib/http.lua:77: attempt to call field 'parse' (a nil
value) [Jah]
Also added Win2K dependencies section to nmap-install (I should have
done a separate checkin for that)
line, since this can differ from the reverse DNS results. It can be
particularly important when doing HTTP tests against virtual hosts.
The data can be accessed from target->HostName() from Nmap proper
and host.targetname from NSE scripts. The NSE HTTP library now uses
this for the Host header. Thanks to Sven Klemm for adding this
useful feature.
