[Nikto-discuss] Encoding (evasion) options not visible in packet captures or server logs
Sullo
csullo at gmail.com
Mon Dec 9 23:43:40 CST 2013
Thanks for the report. I just committed a change which fixes the encoding
issue.
I also opened ticket #102 for printing. Even now, nikto will print out the
original (unmodified) URI rather than what was actually requested because
LibWhisker changes it after we've handed it off. This is a bit more
complicated fix as we have to change which value we print for every URI
(normal, debug and verbose). So just be aware that for now it will not
*look* like it requests it with encoding, but if you check the request on
the wire it'll have it.
Regards,
Sullo
On Sat, Dec 7, 2013 at 3:51 AM, Matt James <mattyjimjam at gmail.com> wrote:
> Hello All,
>
> I've been testing with Nikto version 2.1.5 on Backtrack 5r3 and I can't
> see the encoding options going across the wire or in the target server's
> logs. I'm assuming the Nikto testing URI are encoded by the LM2.pm module
> then sent over the wire to the target?
>
> I pulled down the current version of Nikto from the site and running it
> from a Fedora system and still have the same issue.
>
> Command: -h targetexample.com -evasion 12345678
>
> Nikto displays the evasion options in the banner, the User Agent show
> which options I'm using, but no encoding of the URI is visible in Wireshark
> captures or in the target server's logs.
>
> Everything looks in order and LW2.pm (which I take to be the worker to do
> the encoding) is in the right place.
>
> Any clues on what I'm missing?
>
> Thanks
>
> MattyJ
>
>
>
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss
>
>
--
http://www.cirt.net | http://richsec.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20131210/948fa040/attachment.html>
More information about the Nikto-discuss
mailing list