Portscanner producing possible error

Question

I have written a simple portscanner in python. I have already asked something about it, you can find the code here.

I corrected the code and now am able to create a connection to e.g. stackoverflow.net

But the output I get is more or less cryptic for me:

[+] Scan results for: li547-15.members.linode.com , 198.74.50.15
[+]80/tcpopen
[+] b'HTTP/1.1 400 Bad Request\r\nDate: Sat, 09 Sep 2017 18:16:50 GMT\r\nServer: Apache/2.4.7 (Ubuntu)\r\nConten'

I want to understand what the last line means (the first ones are pretty clear to me). It seems to be the response of the server, but what does this "bad request" stuff mean?

Answer 1

The referenced script

• establishes a connection to the destination port
• sends the string 'ExploitMessage\r\n' over the wire and
• reads back at most 100 octets from the server.

Given that Port 80 is reserved for HTTP, it seems safe to assume that there's a server speaking that protocol on the other side.

Well, proper HTTP requests all start with a request line of the form:

request-line = method SP request-target SP HTTP-version CRLF

'ExploitMessage\r\n' doesn't conform to that, hence the server follows the RFC:

Recipients of an invalid request-line SHOULD respond with either a 400 (Bad Request) error or a 301 (Moved Permanently) redirect with the request-target properly encoded

What you are getting back matches a truncated HTTP response signaling the error:

HTTP/1.1 400 Bad Request
Date: Sat, 09 Sep 2017 18:16:50 GMT
Server: Apache/2.4.7 (Ubuntu)
Conten