[Nikto-discuss] Nikto 2.1.5 bug
Balázs Zoltán
zoltan1.balazs at gmail.com
Sun Dec 9 05:30:39 CST 2012
Hi all,
I have found a bug in nikto while scanning SSL sites. For the test I
set up a burp proxy locally so I can see all the traffic.
The bug is in the GET resource, where the vhost is included in the
request, so every request to an SSL site is a bad request.
Nikto command:
perl nikto.pl -config nikto.conf -host cirt.net -vhost cirt.net --useproxy
Request generated (valid request):
GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.00
Host: cirt.net
#####################################################################################
Nikto command:
perl nikto.pl -config nikto.conf -host cirt.net -port 443 -ssl -vhost
cirt.net --useproxy
Invalid request generated:
GET https://cirt.net:443/ HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.00
Host: cirt.net:443
Regards
Zoltan
More information about the Nikto-discuss
mailing list