[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-dev
Subject: [NSE][RFC] Enforcement of maximum HTTP response body size
From: nnposter <nnposter () users ! sourceforge ! net>
Date: 2019-04-24 17:01:59
Message-ID: 68e3e451-0c33-4210-8dc2-ccf74a8a27ce () users ! sourceforge ! net
[Download RAW message or body]
At present the HTTP library always attempts to retrieve the entire
response body, regardless of its size. This can result in accidental or
malicious resource exhaustion on the scanner:
[GitHub] "http-config-backup" and servers responding with large garbage
files to any request
https://github.com/nmap/nmap/issues/467
I am proposing an implementation of a response body size limit, asking
for feedback from the Nmap community. A fairly comprehensive description
of the design can be found at
https://github.com/nmap/nmap/pull/1571
Feel free to give the code a spin. You might find that the feature is
useful for accelerating existing scripts, by telling Nmap to only
retrieve the first 10 or 100 KB, depending on the objective.
Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic