PenTest/nmap - nmap - Ols Gitea: How about a cup of tea while we code?

mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00

Author	SHA1	Message	Date
david	1ebb9bfe20	Don't include a port number in the Host header. We never intend to ask for a service on a port other than the one we connect to. By my reading of RFC 2616 section 14.23, we can leave the port number off in this case. Robin Wood reported that https://twitter.com/ gives you a redirect instead of a page if you send it Host: twitter.com:443 rather than Host: twitter.com http://seclists.org/nmap-dev/2013/q1/267	2013-03-02 01:05:32 +00:00
david	842f9e6804	Revert "Lower-case scheme comparisons." Handle it at the url.parse level.	2013-02-07 23:43:50 +00:00
david	5273567981	Lower-case scheme comparisons. I'm seeing redirects to "HTTP://example.com/".	2013-02-07 23:37:48 +00:00
david	9434dd7d2f	parse_redirect: fill in port number even if authority but not scheme is present. For example "//example.com/en/": the function needs to return with u.port set, just as it would with "http://example.com/en/".	2013-02-07 23:12:41 +00:00
david	4cdb5301dd	300 and 303 are also HTTP redirects.	2013-02-07 22:28:10 +00:00
david	7c7ffdb756	Typo.	2013-02-02 01:41:50 +00:00
patrik	13411ab6d1	Fixed a bunch of errors related to inproper responses from webservers.	2012-08-31 15:17:14 +00:00
aca	fd32aec639	Merged http-slowloris-check	2012-08-24 09:19:30 +00:00
perdo	7781d39cdf	Textarea's name should not be lowercased.	2012-08-05 22:39:05 +00:00
perdo	ba049718b0	Add digest auth support to http-brute (and to http library). Also fix whitespace in sasl.lua.	2012-08-05 22:23:54 +00:00
patrik	6f43ac38b2	SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in * replace require function calls with stndse.silent_require * fixed a bug in nse_main that would fail creating scripts.db when a script fails to load * reworked some code to provide limited functionality even though SSL is not present	2012-08-05 12:05:07 +00:00
henri	d0e684735a	Typo (identfy_404 -> identify_404).	2012-08-01 07:53:16 +00:00
perdo	8025ba5a5a	Added some checks for http response's body being nil.	2012-07-23 22:47:11 +00:00
perdo	612ca59323	Modify pipelining implementation a bit, allow a user to specify size of the pipeline, fix some debugging messages.	2012-07-23 21:58:40 +00:00
perdo	614077f122	Functions from http library that make requests now always return a table.	2012-07-09 10:18:29 +00:00
paulino	469e6ca5ca	Fixes crash when using identify_404() that happened when the status response changes in the second or third request and the return value is the string "<unknown>". Previously, the library only checked for nil. Updated it to check the type of the response value and change it to -1 if its not a number to fix crash when passing a string to %d.	2012-07-04 20:21:08 +00:00
fyodor	288a4dc4ad	suggest http.max-cache-size argument for consistency rather than http-max-cache-size (both work)	2012-07-03 19:48:23 +00:00
patrik	709fce67b1	Applied patches from Dan Miller to fix bugs in http and sslcert libraries; http://seclists.org/nmap-dev/2012/q2/696	2012-06-15 10:07:32 +00:00
patrik	b96ffc0e14	fixed a global variable in http.lua	2012-06-11 21:02:41 +00:00
perdo	106c529dd6	While extracting forms from websites, field names are no longer converted to lowercase (the error was reported by Paulino).	2012-06-11 09:41:58 +00:00
perdo	8a049498d3	Added html forms 'parsing' routines to http.lua	2012-06-10 23:01:29 +00:00
patrik	55572542ef	Fix for bug in cookie parsing code reported by Ron Bowes; http.lua:757: attempt to perform arithmetic on local 'pos' (a nil value)	2012-06-07 16:06:58 +00:00
david	aa6717eb1f	Lua 5.2 fixed from Daniel Miller. http://seclists.org/nmap-dev/2012/q2/525	2012-05-29 20:11:39 +00:00
batrick	000f6dc4d9	Lua 5.2 upgrade [1] for NSE. [1] http://seclists.org/nmap-dev/2012/q2/34	2012-05-27 08:53:32 +00:00
batrick	b2f3139284	remove unnecessary escape	2012-03-30 03:14:31 +00:00
patrik	1d2c5cb735	Added additional http redirect documentation to the http library	2012-03-15 06:30:06 +00:00
david	d7f56c9f4c	Typo.	2012-03-03 05:57:24 +00:00
patrik	fccccff960	* bugfixes to several http scripts related to new redirect code in http library * added option to httpspider that allows passing the redirect_ok closure to the http library [Patrik]	2012-02-11 22:37:14 +00:00
patrik	e8dad669ef	Fixed bug in redirection code reported by David. The redirect_ok function would fail validating a location if the port passed to http.get or http.head was a number and not a table. [Patrik]	2012-02-11 17:50:48 +00:00
patrik	48423a8a88	o [NSE] Added redirect support to the http library. All calls to http.get and http.head now transparently handle any HTTP redirects. [Patrik]	2012-02-11 13:37:40 +00:00
henri	78a606b0b7	Fixed typo in comments: * respones -> responses	2012-01-19 22:23:44 +00:00
henri	6f95d9fabe	Fixed typos in comments: * Thse -> These * retunred -> returned * pipeling -> pipelining	2012-01-19 22:22:10 +00:00
patrik	f93b31373a	o [NSE] Fixed bug in the http library that would fail parsing authentication headers if no parameters were present. [Patrik]	2011-12-19 18:35:32 +00:00
patrik	34db78528a	o [NSE] Added support for detecting whether a http connection was established using SSL or not by the http.lua library [Patrik]	2011-12-06 22:24:58 +00:00
patrik	b66a4849c4	o [NSE] Modified the http library to support servers that don't return valid chunked encoded data, such as the Citrix XML service. [Patrik]	2011-11-07 06:04:13 +00:00
patrik	005322c8d4	o [NSE] Added a new script http-put.nse that allows uploading of local files to remote web servers using the HTTP PUT method. Added HTTP PUT support to the http library. [Patrik]	2011-10-20 02:32:51 +00:00
paulino	8215c3420f	Fixes the way of creating the request line by changing string.format for regular string concatenation to allow null bytes in the requests.	2011-07-15 23:48:00 +00:00
paulino	47a338c85a	* Adds note about a desired feature: cache system for http pipelines * Adds note about the new signatures added to http-enum	2011-07-01 20:45:28 +00:00
paulino	390eb9e4ab	* Fixes bug when parsing script-args. The script was only using the value from the argument 'pipeline' but not from 'http-enum.pipeline'. * Makes clean_404 a public function. This function is used in the NSE script http-waf-detect to remove text that changes.	2011-07-01 20:34:01 +00:00
batrick	4444071f03	use # length operator instead of string.len (canonicalize) Used this perl command: $ # perl -pi -e 's/string\.len$(.?)$/#\1/g' .lua Also fixed one instance where the above command didn't correctly translate the intended code (string.len(a .. b .. c)).	2011-05-11 15:08:55 +00:00
patrik	b844caa6cd	Changed the way cookie table fields are created in http.lua. This change ensures that attribute names are always treated as lower case. [Patrik]	2011-03-15 21:42:49 +00:00
david	61543b681e	Fix to http.validate_options from Sebastian Prengel: The cookies table was being iterated over incorrectly. Also from Sebastian: add "expires" to the list of handled keys in validate_options.	2011-02-24 20:16:06 +00:00
batrick	47e6012b15	remove old commented code	2010-12-08 14:19:08 +00:00
patrik	e26eef6533	fixed typo intead -> instead [Patrik]	2010-11-05 10:10:36 +00:00
ron	fef25e6a42	Made some big style changes to clean up HTTP library. Primarily focused on improving the interface, NSEDoc, and pipline support	2010-11-02 02:07:01 +00:00
ron	13bb98b8b8	Bring in changes from my experimental brange, nmap-http	2010-10-27 03:08:08 +00:00
ron	2608bae6ca	Rollback the changes to the HTTP library I accidentally commited in the last revision	2010-10-18 21:23:24 +00:00
ron	b8e712ceeb	Added a couple shares to the list of common ones (requested on IRC by kraigus)	2010-10-18 21:16:48 +00:00
david	53bd35c9cd	Increase the debug level required to print out the http.lua cache size.	2010-09-27 18:51:04 +00:00
david	92362b2d24	Move special request body handling out of http.post and into http.generic_request.	2010-09-27 01:21:45 +00:00

1 2 3 4

152 Commits