Class: Msf::Auxiliary::Web::Form

Inherits:
Fuzzable
  • Object
show all
Defined in:
lib/msf/core/auxiliary/web/form.rb

Instance Attribute Summary collapse

Attributes inherited from Fuzzable

#fuzzer

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Fuzzable

#==, #dup, #fuzz, #fuzz_async, #fuzz_id, #fuzzed, #fuzzed?, #hash, #http, #submit, #submit_async

Constructor Details

#initialize(opts = {}) ⇒ Form

opts - Options Hash (default: {})

:action - Action URL of the form
:method - Form method (:get, :post)
:inputs - Form inputs [{ :name => 'name', :value => 'John', :type => 'text' }]

43
44
45
46
47
48
49
# File 'lib/msf/core/auxiliary/web/form.rb', line 43

def initialize( opts = {} )
  self.action = opts[:action]
  self.action.chop! if self.action.end_with?( '?' )

  self.method = opts[:method] || :get
  self.inputs = (opts[:inputs] || []).dup
end

Instance Attribute Details

#actionObject

URL String to which to submit the params


23
24
25
# File 'lib/msf/core/auxiliary/web/form.rb', line 23

def action
  @action
end

#alteredObject

Name of the altered input as a String


32
33
34
# File 'lib/msf/core/auxiliary/web/form.rb', line 32

def altered
  @altered
end

#inputsObject

Inputs Array in the form of:

[{ :name => 'name', :value => 'John', :type => 'text' }]

29
30
31
# File 'lib/msf/core/auxiliary/web/form.rb', line 29

def inputs
  @inputs
end

#methodObject

Method type Symbol: :get, :post


20
21
22
# File 'lib/msf/core/auxiliary/web/form.rb', line 20

def method
  @method
end

#modelObject

Mdm::WebForm model if available


35
36
37
# File 'lib/msf/core/auxiliary/web/form.rb', line 35

def model
  @model
end

Class Method Details

.from_model(form) ⇒ Object


228
229
230
231
232
233
234
235
236
237
238
239
# File 'lib/msf/core/auxiliary/web/form.rb', line 228

def self.from_model( form )
  inputs = form.params.map do |name, value, extra|
    extra = extra.first if extra.is_a? Array
    extra ||= {}
    { :name => name, :value => value, :type => extra[:type] }
  end

  e = new( :action => "#{form.path}?#{form.query}", :method => form.method,
           :inputs => inputs )
  e.model = form
  e
end

.query_to_params(query) ⇒ Object

Converts a query String to a Hash of params

query - String


121
122
123
124
125
126
127
128
129
130
# File 'lib/msf/core/auxiliary/web/form.rb', line 121

def self.query_to_params( query )
  query = query.to_s
  return {} if query.empty?

  query.split( '&' ).inject( {} ) do |h, pair|
    k, v = pair.to_s.split( '=', 2 )
    h[Rex::Text.uri_decode( k.to_s )] = Rex::Text.uri_decode( v.to_s )
    h
  end
end

Instance Method Details

#[](field) ⇒ Object

Param reader shortcut – returns the value of a param by name, as a String.

field - Param name as a String


158
159
160
# File 'lib/msf/core/auxiliary/web/form.rb', line 158

def []( field )
  params[field.to_s]
end

#[]=(field, value) ⇒ Object

Param writer shortcut – sets the value of a param by name, as a String.

field - Param name as a String value - Param value as a String


168
169
170
171
# File 'lib/msf/core/auxiliary/web/form.rb', line 168

def []=( field, value )
  update( field, value )
  [field]
end

#altered_valueObject

Value of the #altered input (i.e. the injected value).


97
98
99
# File 'lib/msf/core/auxiliary/web/form.rb', line 97

def altered_value
  params[altered]
end

#altered_value=(value) ⇒ Object


101
102
103
# File 'lib/msf/core/auxiliary/web/form.rb', line 101

def altered_value=( value )
  params[altered] = value.to_s.dup
end

#empty?Boolean

Bool - true if params are empty, false otherwise.


149
150
151
# File 'lib/msf/core/auxiliary/web/form.rb', line 149

def empty?
  params.empty?
end

#field_type_for(name) ⇒ Object

Get a field type, by name, as a String.

field - Field name as a Sting


199
200
201
# File 'lib/msf/core/auxiliary/web/form.rb', line 199

def field_type_for( name )
  inputs.select{ |i| i[:name] == name.to_s }[:type]
end

#paramsObject

Hash of params to be submited (derived by #inputs)

Examples

{ 'name' => 'John' }

89
90
91
92
# File 'lib/msf/core/auxiliary/web/form.rb', line 89

def params
  @params ||= inputs.reject{ |i| i[:name].to_s.empty? }.
    inject( {} ) { |h, i| h[i[:name]] = i[:value]; h }
end

#permutation_for(field_name, field_value) ⇒ Object


216
217
218
219
220
221
# File 'lib/msf/core/auxiliary/web/form.rb', line 216

def permutation_for( field_name, field_value )
  form = self.dup
  form.altered = field_name.dup
  form[field_name]   = field_value.dup
  form
end

#permutationsObject

Get an Array with permutations of the form for the given seed.

seed - String to inject


208
209
210
211
212
213
214
# File 'lib/msf/core/auxiliary/web/form.rb', line 208

def permutations
  return [] if empty?

  params.map do |name, value|
    fuzzer.seeds_for( value || '' ).map { |seed| permutation_for( name, seed ) }
  end.flatten.uniq
end

#query_to_params(query) ⇒ Object


132
133
134
# File 'lib/msf/core/auxiliary/web/form.rb', line 132

def query_to_params( query )
  self.class.query_to_params( query)
end

#request(opts = {}) ⇒ Object


136
137
138
139
140
141
142
143
144
145
146
# File 'lib/msf/core/auxiliary/web/form.rb', line 136

def request( opts = {} )
  p = case method
    when :get
      query_to_params( URI( action ).query ).merge( params )

    when :post
      params
  end

  [ action, opts.merge( :method => method, :params => p ) ]
end

#to_hashObject


223
224
225
226
# File 'lib/msf/core/auxiliary/web/form.rb', line 223

def to_hash
  { :action => action.dup, :method => method,
    :inputs => inputs.dup, :altered => altered ? altered.dup : nil }
end

#to_query(i = self.params) ⇒ Object

Converts a Hash of params to a query String

i - Hash of params (default: #params)


110
111
112
113
114
# File 'lib/msf/core/auxiliary/web/form.rb', line 110

def to_query( i = self.params )
  i.map do |k, v|
    Rex::Text.uri_encode( k.to_s ) + '=' + Rex::Text.uri_encode( v.to_s )
  end.join( '&' )
end

#update(field, value, type = nil) ⇒ Object

Update the form inputs.

field - Field name as a Sting (updated if already exists, created otherwise). value - Field Value as a String. type - Field type ('text' if no type has been provided).


180
181
182
183
184
185
186
187
188
189
190
191
192
# File 'lib/msf/core/auxiliary/web/form.rb', line 180

def update( field, value, type = nil )
  @params = nil
  inputs.each do |i|
    if i[:name] == field.to_s
      i[:value] = value.to_s
      i[:type] = type.to_s if type
      return self
    end
  end

  @inputs << { :name => field.to_s, :value => value.to_s, :type => type || 'text' }
  self
end