Hi Michel,
The purpose of the build_url function is not to build a URL for an
attack, but to prepare it for display. Perhaps I should have called it
build_display_url or something. Currently the URLs output from plugins
tend to be fairly shoddy, e.g.
http://server:443/path (should be https).
This costs us time fixing these up on reports. Having such a function
means plugins could be fairly easily updated to produce nice URLs.
The hostname issue is harder. Nessus treats scans against a (host name,
IP address) tuple. This is a good approach. For example, it allows a
proper scan that hits the correct virtual server, against a host that
has not yet had its DNS entry created. However, URLs can only contain
either a hostname or an IP address. It would be great if there was a URL
format that allowed a tuple, but I don't believe there is. So the best
we can do is "if hostname uniquely resolves to IP address, use hostname.
otherwise, use IP address". This means the URL always goes to the
correct IP address, and whereever possible it will hit the correct
virtual server.
That was the reason for my initial request. The same_host function you
have implemented does not help with this. Maybe you will consider adding
a different function. If not, I'll probably write a .nes plugin to do
this. It's on my agenda and ideally I'd like to share the work with the
community.
Regards,
Paul
Michel Arboi wrote:
>On Thu Sep 16 2004 at 11:26, Paul Johnston wrote:
>
>
>
>>same_host(hostname, ipaddress)
>>returns true if the hostname resolves to the ipaddress (and resolves
>>uniquely)
>>returns false otherwise
>>
>>
>
>No. For example :
>same_host("207.46.245.156", "www.microsoft.com") = TRUE
>
>
>
>>function build_url(port, path)
>>
>>
>
>We already have http_requests functions. Maybe we should change their
>behaviour if needed.
>
>
>
>> if(get_kb_item("dns/badhostname"))
>>
>>
>
>I don't understand: if the host name does not resolve, how are we
>supposed to contact the machine??
>
>
>
>
--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk