... which leads to a performance gain., most noteably on Macs.
All times when calling were re-adjusted.
Also:
* PROXY_WAIT was decrease to 10 seconds. 20 seemed just too much
* passed var to `starttls_just_read()` was simplyfied
The site from that billioniare who made nazi gestures delivers a UDP
response without proper TLS handshake. This led to a false positive
as if the site supports QUIC via h3.
This PR makes the detection of QUIC more robust by adding a certificate check
and also take better the return values from `wait_kill()` into account.
It also introduces a function to remove any non printable chars (depending
on the LC_ALL var): `filter_printable()`
Also `sanitze_http_header()` doesn't operate anymore on a global variable
which is kind of not best practise as it is easily to avoid here.
... for t/32_isHTML_valid.t .
Github.com seems to be most reliable from the ones tested so far.
bahn.de has one IP to the outside however Session resumption seems
to come from different hosts behind that IP. Bad choice for this
test.
Seems the patch in #2856 wasn't complete. So that it was forgotten to add also manually specified IPv6 addresses to the IP addresses to show and to scan.
This makes sure it does, so this fixes#2854 finally.
Also statements were added to reset do_ipv4_only and do_ipv6_only correctly so that later the output "Testing all IP** addresses" is correct.
* `code2network()` was improved to just use internal bash functions, except sed
* `socksend()` was renamed to `socksend_x()` to clarify that the string passed contains already a leading x
We might want to try using in `code2network()` only bash internal functions like in `socksend_x()`.
And maybe decide for onee format of hexbytes in the code -- with x or without.
Due to rebasing determine_ip_addresses() in #2852 it was
forgotten to add any manually specified IP address to
the IP addresses to show and to scan.
This fixes#2854 .
This labels the result of a failed test for reaching
port 80 when no direct connection is possible as likely not
vulnerable.
This seems safe to say, as there's another check whether
a proxy is configured, like for corporate environments where
a connection is only allowed though the proxy.
As `wait_kill()` returns with 0 when a TCP reset is encountered
and the process is not killed, we need to open the socket again
in a sub shell. Which is safe in the foreground.
If then the subshell returns with 0 we can safely connect to
port 80.
* IPv6 addresses which won't be scanned will be put in round brackets to feedback th UI
* logic bug fixed which always said "Testing all IPv4 addresses (port $PORT):". Simplyfied the MULTIPLE_CHECKS output
