Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http.get_url makes plain text request for HTTPS urls #212

boite opened this issue Sep 17, 2015 · 0 comments

http.get_url makes plain text request for HTTPS urls #212

boite opened this issue Sep 17, 2015 · 0 comments


Copy link

boite commented Sep 17, 2015

  • http.get_url parses the url to produce a port table: {service: "https", number: 443}
  • http.request is eventually called with the port table and this is passed to comm.tryssl
  • comm.tryssl passes the port table to comm.bestoption, which calls comm.is_ssl, which calls shortport.ssl
  • shortport.ssl calls shortport.port_or_service which returns false because both the port_checker and service_checker demand that port.state be either "open" or "open|filtered", but port.state is not set in this case
  • thus comm.tryssl uses opts.proto="tcp" instead of "ssl" when calling comm.opencon

I can think of four fixes:-

  1. shortport.includes, used by the checker functions, could return true if a nil value is being checked for inclusion in a set
  2. the shortport checker functions could avoid testing port.state for inclusion in a set of states if port.state is not set (and return true when the other demands are met).
  3. http.get_url could add port.state="open" after parsing its url argument.
  4. http.request could set port.state

Doing option 3 seems appropriate, but it doesn't help script writers using other http.lua functions such as get or head. Option 1 seems like the right thing to do, except that it arguably violates the principle of least surprise. Options 2 and 4 are probably not the appropriate places to solve this problem.

qha pushed a commit to qha/nmap that referenced this issue Dec 16, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

1 participant