Hi,
I think there's currently two problems in this plugin:
- when checking if the service is up, the plugin should check for a
response like "^HTTP/1.1 200 " instead of checking for something like
"^200 "
- when checking if the target URL is protected, the plugin should rather
check for HTTP status 401 instead of 403 (I guess you could also check
for both)
If you want to save on an HTTP request, I suppose that both of these
checks could also be combined, i.e. omit the first check ...
Regards,
Daniel
---
diff -u -r1.1 -r1.2
--- hydra_http.nasl 17 Jul 2007 09:01:19 -0000 1.1
+++ hydra_http.nasl 17 Jul 2007 09:02:34 -0000 1.2
@@ -65,7 +65,7 @@
send(socket: soc, data: 'GET / HTTP/1.0\r\n\r\n');
r = recv_line(socket: soc, length: 4096);
close(soc);
-if (r !~ '^[0-9][0-9][0-9] ') exit(0);
+if (r !~ '^HTTP/1\.[01] +[0-9][0-9][0-9] ') exit(0);
timeout = get_kb_item("/tmp/hydra/timeout"); timeout = int(timeout);
tasks = get_kb_item("/tmp/hydra/tasks"); task = int(tasks);
@@ -128,7 +128,7 @@
strcat('GET ', opt, ' HTTP/1.1\r\nHost: ', get_host_name(), '\r\n\r\n'));
r = recv_line(socket: soc, length: 512);
http_close_socket(soc);
-if (r !~ "^HTTP/1\.[01] +403 ") exit(0);
+if (r !~ "^HTTP/1\.[01] +401 ") exit(0);
#
argv[i++] = opt;
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
I think there's currently two problems in this plugin:
- when checking if the service is up, the plugin should check for a
response like "^HTTP/1.1 200 " instead of checking for something like
"^200 "
- when checking if the target URL is protected, the plugin should rather
check for HTTP status 401 instead of 403 (I guess you could also check
for both)
If you want to save on an HTTP request, I suppose that both of these
checks could also be combined, i.e. omit the first check ...
Regards,
Daniel
---
diff -u -r1.1 -r1.2
--- hydra_http.nasl 17 Jul 2007 09:01:19 -0000 1.1
+++ hydra_http.nasl 17 Jul 2007 09:02:34 -0000 1.2
@@ -65,7 +65,7 @@
send(socket: soc, data: 'GET / HTTP/1.0\r\n\r\n');
r = recv_line(socket: soc, length: 4096);
close(soc);
-if (r !~ '^[0-9][0-9][0-9] ') exit(0);
+if (r !~ '^HTTP/1\.[01] +[0-9][0-9][0-9] ') exit(0);
timeout = get_kb_item("/tmp/hydra/timeout"); timeout = int(timeout);
tasks = get_kb_item("/tmp/hydra/tasks"); task = int(tasks);
@@ -128,7 +128,7 @@
strcat('GET ', opt, ' HTTP/1.1\r\nHost: ', get_host_name(), '\r\n\r\n'));
r = recv_line(socket: soc, length: 512);
http_close_socket(soc);
-if (r !~ "^HTTP/1\.[01] +403 ") exit(0);
+if (r !~ "^HTTP/1\.[01] +401 ") exit(0);
#
argv[i++] = opt;
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers