[Nikto-discuss] Can nfetch() request with HTTP/1.0 ?
Sullo
csullo at gmail.com
Sat Jun 2 06:42:33 CDT 2012
Rather than creating a new function, it would be better to pass the
appropriate version (if an override is needed) to nfetch and let it
set a new version.
$request{'whisker'}->{'version'} needs to be set before
http_fixup_request is called.
This would allow for the nikto_headers.plugin to not have special
handling, but wouldn't do anything for the single test in the
database. For that one... may be best to send the header manually or
move that test to code (since there are 6500 tests and only 1 needs
version 1.0, I think it's safe to call it an edge case).
Almost done with changes to support switching the http version in nfetch()...
On Sat, Jun 2, 2012 at 1:28 AM, Jay Bahn <Jay.Bahn at gmx.com> wrote:
> Hello,
>
> While debugging I've found that nfetch() can't request with HTTP/1.0.
> But, Nikto request at least 3 test with HTTP/1.0 inside
> nikto_headers.plugin.
> (+1 test 001251 inside db_tests)
>
> To do it, Nikto uses LibWhisker raw requests, and it makes code somewhat
> ugly and difficult to reuse.
> What do you think about it to make a new function request with HTTP/1.0?
>
> For examples,
> (my $res, $content) =
> nfetch_ver_1_0($mark, "/", "GET", "", \%headers, "", "HTTP/1.0 request
> test");
>
> or
> (my $res, $content) =
> nfetch_raw($mark, "/", "GET", "", "HTTP/1.0", \%headers, "", "HTTP/1.0
> request test");
>
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
--
http://www.cirt.net | http://richsec.com/
More information about the Nikto-discuss
mailing list