Class: Rex::Proto::Http::Client
- Inherits:
-
Object
- Object
- Rex::Proto::Http::Client
- Defined in:
- lib/rex/proto/http/client.rb
Overview
Acts as a client to an HTTP server, sending requests and receiving responses.
See the RFC: www.w3.org/Protocols/rfc2616/rfc2616.html
Constant Summary collapse
- DefaultUserAgent =
ClientRequest::DefaultUserAgent
Instance Attribute Summary collapse
-
#config ⇒ Object
The client request configuration.
-
#config_types ⇒ Object
The client request configuration classes.
-
#conn ⇒ Object
The underlying connection.
-
#context ⇒ Object
The calling context to pass to the socket.
-
#junk_pipeline ⇒ Object
When parsing the request, thunk off the first response from the server, since junk.
-
#local_host ⇒ Object
The local host of the client.
-
#local_port ⇒ Object
The local port of the client.
-
#password ⇒ Object
Auth.
-
#pipeline ⇒ Object
Whether or not pipelining is in use.
-
#proxies ⇒ Object
The proxy list.
-
#username ⇒ Object
Auth.
Instance Method Summary collapse
-
#_send_recv(req, t = -1,, persist = false) ⇒ Response
Transmit an HTTP request and receive the response.
-
#basic_auth_header(username, password) ⇒ String
Converts username and password into the HTTP Basic authorization string.
-
#close ⇒ Object
Closes the connection to the remote server.
-
#conn? ⇒ Boolean
Returns whether or not the conn is valid.
-
#connect(t = -1)) ⇒ Rex::Socket::Tcp
Connects to the remote server if possible.
-
#digest_auth(opts = {}) ⇒ Response
Send a series of requests to complete Digest Authentication.
-
#initialize(host, port = 80, context = {}, ssl = nil, ssl_version = nil, proxies = nil, username = '', password = '') ⇒ Client
constructor
Creates a new client instance.
-
#negotiate_auth(opts = {}) ⇒ Response
Builds a series of requests to complete Negotiate Auth.
-
#pipelining? ⇒ Boolean
Whether or not connections should be pipelined.
-
#read_response(t = -1,, opts = {}) ⇒ Response
Read a response from the server.
-
#request_cgi(opts = {}) ⇒ ClientRequest
Create a CGI compatible request.
-
#request_raw(opts = {}) ⇒ ClientRequest
Create an arbitrary HTTP request.
-
#send_auth(res, opts, t, persist) ⇒ Response
Resends an HTTP Request with the propper authentcation headers set.
-
#send_recv(req, t = -1,, persist = false) ⇒ Response
Sends a request and gets a response back.
-
#send_request(req, t = -1)) ⇒ void
Send an HTTP request to the server.
-
#set_config(opts = {}) ⇒ Object
Set configuration options.
-
#stop ⇒ Object
Cleans up any outstanding connections and other resources.
Constructor Details
#initialize(host, port = 80, context = {}, ssl = nil, ssl_version = nil, proxies = nil, username = '', password = '') ⇒ Client
Creates a new client instance
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/rex/proto/http/client.rb', line 31 def initialize(host, port = 80, context = {}, ssl = nil, ssl_version = nil, proxies = nil, username = '', password = '') self.hostname = host self.port = port.to_i self.context = context self.ssl = ssl self.ssl_version = ssl_version self.proxies = proxies self.username = username self.password = password # Take ClientRequest's defaults, but override with our own self.config = Http::ClientRequest::DefaultConfig.merge({ 'read_max_data' => (1024*1024*1), 'vhost' => self.hostname, }) # XXX: This info should all be controlled by ClientRequest self.config_types = { 'uri_encode_mode' => ['hex-normal', 'hex-all', 'hex-random', 'u-normal', 'u-random', 'u-all'], 'uri_encode_count' => 'integer', 'uri_full_url' => 'bool', 'pad_method_uri_count' => 'integer', 'pad_uri_version_count' => 'integer', 'pad_method_uri_type' => ['space', 'tab', 'apache'], 'pad_uri_version_type' => ['space', 'tab', 'apache'], 'method_random_valid' => 'bool', 'method_random_invalid' => 'bool', 'method_random_case' => 'bool', 'version_random_valid' => 'bool', 'version_random_invalid' => 'bool', 'version_random_case' => 'bool', 'uri_dir_self_reference' => 'bool', 'uri_dir_fake_relative' => 'bool', 'uri_use_backslashes' => 'bool', 'pad_fake_headers' => 'bool', 'pad_fake_headers_count' => 'integer', 'pad_get_params' => 'bool', 'pad_get_params_count' => 'integer', 'pad_post_params' => 'bool', 'pad_post_params_count' => 'integer', 'uri_fake_end' => 'bool', 'uri_fake_params_start' => 'bool', 'header_folding' => 'bool', 'chunked_size' => 'integer' } end |
Instance Attribute Details
#config ⇒ Object
The client request configuration
673 674 675 |
# File 'lib/rex/proto/http/client.rb', line 673 def config @config end |
#config_types ⇒ Object
The client request configuration classes
677 678 679 |
# File 'lib/rex/proto/http/client.rb', line 677 def config_types @config_types end |
#conn ⇒ Object
The underlying connection.
693 694 695 |
# File 'lib/rex/proto/http/client.rb', line 693 def conn @conn end |
#context ⇒ Object
The calling context to pass to the socket
697 698 699 |
# File 'lib/rex/proto/http/client.rb', line 697 def context @context end |
#junk_pipeline ⇒ Object
When parsing the request, thunk off the first response from the server, since junk
707 708 709 |
# File 'lib/rex/proto/http/client.rb', line 707 def junk_pipeline @junk_pipeline end |
#local_host ⇒ Object
The local host of the client.
685 686 687 |
# File 'lib/rex/proto/http/client.rb', line 685 def local_host @local_host end |
#local_port ⇒ Object
The local port of the client.
689 690 691 |
# File 'lib/rex/proto/http/client.rb', line 689 def local_port @local_port end |
#password ⇒ Object
Auth
704 705 706 |
# File 'lib/rex/proto/http/client.rb', line 704 def password @password end |
#pipeline ⇒ Object
Whether or not pipelining is in use.
681 682 683 |
# File 'lib/rex/proto/http/client.rb', line 681 def pipeline @pipeline end |
#proxies ⇒ Object
The proxy list
701 702 703 |
# File 'lib/rex/proto/http/client.rb', line 701 def proxies @proxies end |
#username ⇒ Object
Auth
704 705 706 |
# File 'lib/rex/proto/http/client.rb', line 704 def username @username end |
Instance Method Details
#_send_recv(req, t = -1,, persist = false) ⇒ Response
Transmit an HTTP request and receive the response
If persist is set, then the request will attempt to reuse an existing connection.
Call this directly instead of #send_recv if you don’t want automatic authentication handling.
232 233 234 235 236 237 238 |
# File 'lib/rex/proto/http/client.rb', line 232 def _send_recv(req, t = -1, persist=false) @pipeline = persist send_request(req, t) res = read_response(t) res.request = req.to_s if res res end |
#basic_auth_header(username, password) ⇒ String
Converts username and password into the HTTP Basic authorization string.
309 310 311 312 |
# File 'lib/rex/proto/http/client.rb', line 309 def basic_auth_header(username,password) auth_str = username.to_s + ":" + password.to_s auth_str = "Basic " + Rex::Text.encode_base64(auth_str) end |
#close ⇒ Object
Closes the connection to the remote server.
198 199 200 201 202 203 204 205 |
# File 'lib/rex/proto/http/client.rb', line 198 def close if (self.conn) self.conn.shutdown self.conn.close unless self.conn.closed? end self.conn = nil end |
#conn? ⇒ Boolean
Returns whether or not the conn is valid.
659 660 661 |
# File 'lib/rex/proto/http/client.rb', line 659 def conn? conn != nil end |
#connect(t = -1)) ⇒ Rex::Socket::Tcp
Connects to the remote server if possible.
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 |
# File 'lib/rex/proto/http/client.rb', line 170 def connect(t = -1) # If we already have a connection and we aren't pipelining, close it. if (self.conn) if !pipelining? close else return self.conn end end timeout = (t.nil? or t == -1) ? 0 : t self.conn = Rex::Socket::Tcp.create( 'PeerHost' => self.hostname, 'PeerPort' => self.port.to_i, 'LocalHost' => self.local_host, 'LocalPort' => self.local_port, 'Context' => self.context, 'SSL' => self.ssl, 'SSLVersion' => self.ssl_version, 'Proxies' => self.proxies, 'Timeout' => timeout ) end |
#digest_auth(opts = {}) ⇒ Response
Send a series of requests to complete Digest Authentication
319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 |
# File 'lib/rex/proto/http/client.rb', line 319 def digest_auth(opts={}) @nonce_count = 0 to = opts['timeout'] || 20 digest_user = opts['username'] || "" digest_password = opts['password'] || "" method = opts['method'] path = opts['uri'] iis = true if (opts['DigestAuthIIS'] == false or self.config['DigestAuthIIS'] == false) iis = false end begin @nonce_count += 1 resp = opts['response'] if not resp # Get authentication-challenge from server, and read out parameters required r = request_cgi(opts.merge({ 'uri' => path, 'method' => method })) resp = _send_recv(r, to) unless resp.kind_of? Rex::Proto::Http::Response return nil end if resp.code != 401 return resp end return resp unless resp.headers['WWW-Authenticate'] end # Don't anchor this regex to the beginning of string because header # folding makes it appear later when the server presents multiple # WWW-Authentication options (such as is the case with IIS configured # for Digest or NTLM). resp['www-authenticate'] =~ /Digest (.*)/ parameters = {} $1.split(/,[[:space:]]*/).each do |p| k, v = p.split("=", 2) parameters[k] = v.gsub('"', '') end qop = parameters['qop'] if parameters['algorithm'] =~ /(.*?)(-sess)?$/ algorithm = case $1 when 'MD5' then Digest::MD5 when 'SHA1' then Digest::SHA1 when 'SHA2' then Digest::SHA2 when 'SHA256' then Digest::SHA256 when 'SHA384' then Digest::SHA384 when 'SHA512' then Digest::SHA512 when 'RMD160' then Digest::RMD160 else raise Error, "unknown algorithm \"#{$1}\"" end algstr = parameters["algorithm"] sess = $2 else algorithm = Digest::MD5 algstr = "MD5" sess = false end a1 = if sess then [ algorithm.hexdigest("#{digest_user}:#{parameters['realm']}:#{digest_password}"), parameters['nonce'], @cnonce ].join ':' else "#{digest_user}:#{parameters['realm']}:#{digest_password}" end ha1 = algorithm.hexdigest(a1) ha2 = algorithm.hexdigest("#{method}:#{path}") request_digest = [ha1, parameters['nonce']] request_digest.push(('%08x' % @nonce_count), @cnonce, qop) if qop request_digest << ha2 request_digest = request_digest.join ':' # Same order as IE7 auth = [ "Digest username=\"#{digest_user}\"", "realm=\"#{parameters['realm']}\"", "nonce=\"#{parameters['nonce']}\"", "uri=\"#{path}\"", "cnonce=\"#{@cnonce}\"", "nc=#{'%08x' % @nonce_count}", "algorithm=#{algstr}", "response=\"#{algorithm.hexdigest(request_digest)[0, 32]}\"", # The spec says the qop value shouldn't be enclosed in quotes, but # some versions of IIS require it and Apache accepts it. Chrome # and Firefox both send it without quotes but IE does it this way. # Use the non-compliant-but-everybody-does-it to be as compatible # as possible by default. The user can override if they don't like # it. if qop.nil? then elsif iis then "qop=\"#{qop}\"" else "qop=#{qop}" end, if parameters.key? 'opaque' then "opaque=\"#{parameters['opaque']}\"" end ].compact headers ={ 'Authorization' => auth.join(', ') } headers.merge!(opts['headers']) if opts['headers'] # Send main request with authentication r = request_cgi(opts.merge({ 'uri' => path, 'method' => method, 'headers' => headers })) resp = _send_recv(r, to, true) unless resp.kind_of? Rex::Proto::Http::Response return nil end return resp rescue ::Errno::EPIPE, ::Timeout::Error end end |
#negotiate_auth(opts = {}) ⇒ Response
Builds a series of requests to complete Negotiate Auth. Works essentially the same way as Digest auth. Same pipelining concerns exist.
460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 |
# File 'lib/rex/proto/http/client.rb', line 460 def negotiate_auth(opts={}) = { :signing => false, :usentlm2_session => self.config['usentlm2_session'], :use_ntlmv2 => self.config['use_ntlmv2'], :send_lm => self.config['send_lm'], :send_ntlm => self.config['send_ntlm'] } to = opts['timeout'] || 20 opts['username'] ||= '' opts['password'] ||= '' if opts['provider'] and opts['provider'].include? 'Negotiate' provider = "Negotiate " else provider = 'NTLM ' end opts['method']||= 'GET' opts['headers']||= {} ntlmssp_flags = ::Rex::Proto::NTLM::Utils.make_ntlm_flags() workstation_name = Rex::Text.rand_text_alpha(rand(8)+6) domain_name = self.config['domain'] b64_blob = Rex::Text::encode_base64( ::Rex::Proto::NTLM::Utils::make_ntlmssp_blob_init( domain_name, workstation_name, ntlmssp_flags )) = provider + b64_blob begin # First request to get the challenge opts['headers']['Authorization'] = r = request_cgi(opts) resp = _send_recv(r, to) unless resp.kind_of? Rex::Proto::Http::Response return nil end return resp unless resp.code == 401 && resp.headers['WWW-Authenticate'] # Get the challenge and craft the response ntlm_challenge = resp.headers['WWW-Authenticate'].scan(/#{provider}([A-Z0-9\x2b\x2f=]+)/ni).flatten[0] return resp unless ntlm_challenge = Rex::Text::decode_base64(ntlm_challenge) blob_data = ::Rex::Proto::NTLM::Utils.parse_ntlm_type_2_blob() challenge_key = blob_data[:challenge_key] server_ntlmssp_flags = blob_data[:server_ntlmssp_flags] #else should raise an error default_name = blob_data[:default_name] || '' #netbios name default_domain = blob_data[:default_domain] || '' #netbios domain dns_host_name = blob_data[:dns_host_name] || '' #dns name dns_domain_name = blob_data[:dns_domain_name] || '' #dns domain chall_MsvAvTimestamp = blob_data[:chall_MsvAvTimestamp] || '' #Client time spnopt = {:use_spn => self.config['SendSPN'], :name => self.hostname} resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge = ::Rex::Proto::NTLM::Utils.create_lm_ntlm_responses( opts['username'], opts['password'], challenge_key, domain_name, default_name, default_domain, dns_host_name, dns_domain_name, chall_MsvAvTimestamp, spnopt, ) = ::Rex::Proto::NTLM::Utils.make_ntlmssp_blob_auth( domain_name, workstation_name, opts['username'], resp_lm, resp_ntlm, '', ntlmssp_flags ) = Rex::Text::encode_base64() # Send the response opts['headers']['Authorization'] = "#{provider}#{ntlm_message_3}" r = request_cgi(opts) resp = _send_recv(r, to, true) unless resp.kind_of? Rex::Proto::Http::Response return nil end return resp rescue ::Errno::EPIPE, ::Timeout::Error return nil end end |
#pipelining? ⇒ Boolean
Whether or not connections should be pipelined.
666 667 668 |
# File 'lib/rex/proto/http/client.rb', line 666 def pipelining? pipeline end |
#read_response(t = -1,, opts = {}) ⇒ Response
Read a response from the server
566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 |
# File 'lib/rex/proto/http/client.rb', line 566 def read_response(t = -1, opts = {}) resp = Response.new resp.max_data = config['read_max_data'] # Wait at most t seconds for the full response to be read in. We only # do this if t was specified as a negative value indicating an infinite # wait cycle. If t were specified as nil it would indicate that no # response parsing is required. return resp if not t Timeout.timeout((t < 0) ? nil : t) do rv = nil while ( rv != Packet::ParseCode::Completed and rv != Packet::ParseCode::Error ) begin buff = conn.get_once(-1, 1) rv = resp.parse( buff || '' ) # Handle unexpected disconnects rescue ::Errno::EPIPE, ::EOFError, ::IOError case resp.state when Packet::ParseState::ProcessingHeader resp = nil when Packet::ParseState::ProcessingBody # truncated request, good enough resp.error = :truncated end break end # This is a dirty hack for broken HTTP servers if rv == Packet::ParseCode::Completed rbody = resp.body rbufq = resp.bufq rblob = rbody.to_s + rbufq.to_s tries = 0 begin # XXX: This doesn't deal with chunked encoding or "Content-type: text/html; charset=..." while tries < 1000 and resp.headers["Content-Type"]== "text/html" and rblob !~ /<\/html>/i buff = conn.get_once(-1, 0.05) break if not buff rblob += buff tries += 1 end rescue ::Errno::EPIPE, ::EOFError, ::IOError end resp.bufq = "" resp.body = rblob end end end return resp if not resp # As a last minute hack, we check to see if we're dealing with a 100 Continue here. # Most of the time this is handled by the parser via check_100() if resp.proto == '1.1' and resp.code == 100 and not opts[:skip_100] # Read the real response from the body if we found one # If so, our real response became the body, so we re-parse it. if resp.body.to_s =~ /^HTTP/ body = resp.body resp = Response.new resp.max_data = config['read_max_data'] rv = resp.parse(body) # We found a 100 Continue but didn't read the real reply yet # Otherwise reread the reply, but don't try this hack again else resp = read_response(t, :skip_100 => true) end end resp end |
#request_cgi(opts = {}) ⇒ ClientRequest
Create a CGI compatible request
152 153 154 155 156 157 158 159 160 161 162 |
# File 'lib/rex/proto/http/client.rb', line 152 def request_cgi(opts={}) opts = self.config.merge(opts) opts['ctype'] ||= 'application/x-www-form-urlencoded' opts['ssl'] = self.ssl opts['cgi'] = true opts['port'] = self.port req = ClientRequest.new(opts) req end |
#request_raw(opts = {}) ⇒ ClientRequest
Create an arbitrary HTTP request
130 131 132 133 134 135 136 137 138 |
# File 'lib/rex/proto/http/client.rb', line 130 def request_raw(opts={}) opts = self.config.merge(opts) opts['ssl'] = self.ssl opts['cgi'] = false opts['port'] = self.port req = ClientRequest.new(opts) end |
#send_auth(res, opts, t, persist) ⇒ Response
Resends an HTTP Request with the propper authentcation headers set. If we do not support the authentication type the server requires we return the original response object
262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 |
# File 'lib/rex/proto/http/client.rb', line 262 def send_auth(res, opts, t, persist) if opts['username'].nil? or opts['username'] == '' if self.username and not (self.username == '') opts['username'] = self.username opts['password'] = self.password else opts['username'] = nil opts['password'] = nil end end return res if opts['username'].nil? or opts['username'] == '' supported_auths = res.headers['WWW-Authenticate'] if supported_auths.include? 'Basic' opts['headers'] ||= {} opts['headers']['Authorization'] = basic_auth_header(opts['username'],opts['password'] ) req = request_cgi(opts) res = _send_recv(req,t,persist) return res elsif supported_auths.include? "Digest" temp_response = digest_auth(opts) if temp_response.kind_of? Rex::Proto::Http::Response res = temp_response end return res elsif supported_auths.include? "NTLM" opts['provider'] = 'NTLM' temp_response = negotiate_auth(opts) if temp_response.kind_of? Rex::Proto::Http::Response res = temp_response end return res elsif supported_auths.include? "Negotiate" opts['provider'] = 'Negotiate' temp_response = negotiate_auth(opts) if temp_response.kind_of? Rex::Proto::Http::Response res = temp_response end return res end return res end |
#send_recv(req, t = -1,, persist = false) ⇒ Response
Sends a request and gets a response back
If the request is a 401, and we have creds, it will attempt to complete authentication and return the final response
214 215 216 217 218 219 220 |
# File 'lib/rex/proto/http/client.rb', line 214 def send_recv(req, t = -1, persist=false) res = _send_recv(req,t,persist) if res and res.code == 401 and res.headers['WWW-Authenticate'] res = send_auth(res, req.opts, t, persist) end res end |
#send_request(req, t = -1)) ⇒ void
This method returns an undefined value.
Send an HTTP request to the server
247 248 249 250 |
# File 'lib/rex/proto/http/client.rb', line 247 def send_request(req, t = -1) connect(t) conn.put(req.to_s) end |
#set_config(opts = {}) ⇒ Object
Set configuration options
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/rex/proto/http/client.rb', line 83 def set_config(opts = {}) opts.each_pair do |var,val| # Default type is string typ = self.config_types[var] || 'string' # These are enum types if(typ.class.to_s == 'Array') if not typ.include?(val) raise RuntimeError, "The specified value for #{var} is not one of the valid choices" end end # The caller should have converted these to proper ruby types, but # take care of the case where they didn't before setting the # config. if(typ == 'bool') val = (val =~ /^(t|y|1)$/i ? true : false || val === true) end if(typ == 'integer') val = val.to_i end self.config[var]=val end end |
#stop ⇒ Object
Cleans up any outstanding connections and other resources.
652 653 654 |
# File 'lib/rex/proto/http/client.rb', line 652 def stop close end |