mikenowak
commented
6 years ago Thank you for reporting this @jkrauska, I am going to investigate this and revert back.
Closed jkrauska closed 6 years ago
mikenowak
commented
6 years ago Thank you for reporting this @jkrauska, I am going to investigate this and revert back.
mikenowak
commented
6 years ago @jkrauska, should be good now - please verify and let me know.
The new method depends on the data-download-id that can be fetched from the download page you've linked above.
i.e.
<a class="download-modal-link" data-toggle="modal" data-page-id="60" data-download-id="7581" data-target="#download-modal" data-page-name="Nessus" data-file-name="Nessus-7.0.2-es7.x86_64.rpm" href="">The value of data-download-id (7581 in our case) is what we need to pass to construct the download URL.
If viewed directly from the website there are also some S3 variables being passed, but it appears we can fetch the rpm by ignoring these for the moment.
If this breaks in the future please let me know and I will get the burp suite to analyse whats going on between the browser and the download page.
Again, thanks very much for reporting this.
The method used to get a TOKEN to do a download no longer works.
I was able to manually download rpm from here: https://www.tenable.com/downloads/nessus (Note, it's now on 7.0.2 and es7 image is a bit down the page)
Not sure how to trivially redo this...