I am writing a NVT to send a GET request to a HTTPS website and receive data back. My problem is when I test my script with openvas-nasl, the script always send request via HTTP and I receive 400 Bad Request response instead of the website content. I also tried run a task completely in OpenVAS but it is also return a Bad Request response.
So I want to ask how can I force a HTTP request to be sent as HTTPS? And how does OpenVAS check for a website running HTTPS and choose the right protocol?
Here is part of my script:
port = get_http_port( default:2381 );
req = http_get(port: port, item: "/cpqlogin.htm");
res = http_keepalive_send_recv(port: port, data: req);
security_message(data:res);
Bad Request response
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>
-> This skips the automatic “port transport” detection and is directly telling the scanner to do a SSL/TLS connection. The number 2 is basically OPENVAS_ENCAPS_SSLv23 of the following mapping and needs to be set according to the supported port transport of the service: