sullo
@ivanfeanor can you send the response headers for a GET request to something like /test.zip?
@Giga-Tastic could you show the response headers from the /backup.pem? Can you confirm if you are running version 2.1.6 or if you are running 2.5.0? If you are running 2.1.6...
I can't replicate this, however I'm experiencing some weirdness using burp. It seems like most/all of the responses are being answered by Burp and not the target. @digininja you check...
Ok I resolved the SSL issue with 41d2d066b2ef0e1049f7579d322d58b93aeff32d.
After trial and error I found it was indeed the space in the file portion of the tests causing that. I fixed them and more unnecessary space issues In cda31309fd910f555b7ad9af8ef69d0834014a66....
You can test it. * Create a file `databases/udb_tests` and put this line in it ``` "000052","","","/no thing here","GET","[Ii]ndex [Oo]f","","","","","I win.","","" ``` * Set up burp proxy (assumed port 8080...
What's happening is Nikto happily sends "GET /no thing here HTTP/1.1" as a request, which is not valid. Burp is parsing the request line _properly_ by taking the text after...
> Is that HTTP/2 or 1.1? It's no version at all, hence Bad Request. The intent was HTTP/1.1 since my server doesn't speak HTTP/2.
I didn't notice any. But now I've gone through `db_tests` and corrected all the ones in the file portion, replacing space with `%20`. And `-dbcheck` will now warn if there...
This is good info, thanks. I wonder how we can do this in the config and pass through? I'll have to do some reading. On Thu, Dec 19, 2019 at...