Skip to content

Ncat: no way to specify/override SSL hostname #1927

Closed
res0nat0r/nmap
#1
@hlein

Description

@hlein

If you are connecting to a webserver by IP, you may want to specify the hostname in the TLS negotiation, especially if it has multiple vhosts using the same certificate with Subject Alternate Names and behaving differently depending on which name is supplied during TLS negotiation (before the submitted Host: header is read).

Since 5.50 or so, nmap has had a knob to specify the hostname to request during TLS/SNI negotiation, first called nsi_set_hostname and now called nsock_iod_set_hostname. This is accessible from NSE code, but not, I think, from ncat.

For example:

$ ncat --version
Ncat: Version 7.80 ( https://nmap.org/ncat )
$ echo -n -e 'GET / HTTP/1.0\r\nHost: servername\r\n\r\n' |
    ncat -n -v --ssl 10.1.2.3 443
HTTP/1.1 421 Misdirected Request
...
<h1>Misdirected Request</h1>
<p>The client needs a new connection for this
request as the requested host name does not match
the Server Name Indication (SNI) in use for this
connection.</p>

I have an old patch for this, will update and submit a PR.

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions