/nmap

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle HTTP 414 in http-form-fuzzer.nse #113

Closed
dmiller-nmap opened this Issue May 13, 2015 · 6 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@dmiller-nmap @G10h4ck
@dmiller-nmap

@dmiller-nmap dmiller-nmap added bug NSE labels May 13, 2015

@G10h4ck

This comment has been minimized.

Show comment
Hide comment
@G10h4ck

G10h4ck Jun 3, 2015

Contributor

I am workign on it ;)
https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113
Contributor

G10h4ck commented Jun 3, 2015

I am workign on it ;)
https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113
@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Jun 3, 2015

Gio, it looks like you've made maxlen_global and minlen_global into
actual global variables; this means that if scanning multiple targets and
one target gives the 414 error, all targets will have maxlen_global
reduced. Please try to keep this variable unique per host being scanned
(e.g. local to the action function).

On Wed, Jun 3, 2015 at 5:40 AM, Gioacchino notifications@github.com wrote:

I am workign on it ;)
https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113


Reply to this email directly or view it on GitHub
#113 (comment).

dmiller-nmap commented Jun 3, 2015

Gio, it looks like you've made maxlen_global and minlen_global into
actual global variables; this means that if scanning multiple targets and
one target gives the 414 error, all targets will have maxlen_global
reduced. Please try to keep this variable unique per host being scanned
(e.g. local to the action function).

On Wed, Jun 3, 2015 at 5:40 AM, Gioacchino notifications@github.com wrote:

I am workign on it ;)
https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113


Reply to this email directly or view it on GitHub
#113 (comment).
@G10h4ck

This comment has been minimized.

Show comment
Hide comment
@G10h4ck

G10h4ck Jun 4, 2015

Contributor

Now they are visible for all function, but get reassigned by the action function so they are host specific :)

Can you test it ?
Contributor

G10h4ck commented Jun 4, 2015

Now they are visible for all function, but get reassigned by the action function so they are host specific :)

Can you test it ?
@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Jun 9, 2015

Gio, even though the stdnse.get_script_args calls are within the action function, the variables themselves are local to the file, which means that two instances of the script will share the same variable, with the potential to overwrite each other. They must be declared local to the action function (or some other function). You can then pass them in and out of the fuzz_field function as necessary, or even declare the fuzz_field function as a closure over the maxlen and minlen variables. There is probably not a need to have a _global variant of these; one per instance is enough.

dmiller-nmap commented Jun 9, 2015

Gio, even though the stdnse.get_script_args calls are within the action function, the variables themselves are local to the file, which means that two instances of the script will share the same variable, with the potential to overwrite each other. They must be declared local to the action function (or some other function). You can then pass them in and out of the fuzz_field function as necessary, or even declare the fuzz_field function as a closure over the maxlen and minlen variables. There is probably not a need to have a _global variant of these; one per instance is enough.
@G10h4ck

This comment has been minimized.

Show comment
Hide comment
@G10h4ck

G10h4ck Jun 10, 2015

Contributor

I am wondering if treating 414 on a per hosts base is the better approach...
The question is should be maxlen the same for all forms of an host ?
I have done a brief research and it seems to me that we should treat this as a form specific stuff, because as an example we could get a 414 for a form with method GET with long input while not on a form with POST method on the same host

In last commit i made max/min len form specific https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113
Contributor

G10h4ck commented Jun 10, 2015

I am wondering if treating 414 on a per hosts base is the better approach...
The question is should be maxlen the same for all forms of an host ?
I have done a brief research and it seems to me that we should treat this as a form specific stuff, because as an example we could get a 414 for a form with method GET with long input while not on a form with POST method on the same host

In last commit i made max/min len form specific https://gitlab.com/g10h4ck/nmap-gsoc2015/commits/hotfix/113
@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Jan 7, 2016

Fixed in dd0c387

dmiller-nmap commented Jan 7, 2016

Fixed in dd0c387

@dmiller-nmap dmiller-nmap closed this Jan 7, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment