Class: Msf::Auxiliary::Web::HTTP

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/auxiliary/web/http.rb

Defined Under Namespace

Classes: Request, Response

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) ⇒ HTTP

Returns a new instance of HTTP


75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/msf/core/auxiliary/web/http.rb', line 75

def initialize( opts = {} )
  @opts = opts.dup

  @framework = opts[:framework]
  @parent    = opts[:parent]

  @headers = {
    'Accept' => '*/*',
    'Cookie' => opts[:cookie_string]
  }.merge( opts[:headers] || {} )

  @headers.delete( 'Cookie' ) if !@headers['Cookie']

  @request_opts = {}
  if opts[:auth].is_a? Hash
    @username = opts[:auth][:user].to_s
    @password = opts[:auth][:password].to_s
    @domain   = opts[:auth][:domain].to_s
  end

  self.redirect_limit = opts[:redirect_limit] || 20

  @queue = Queue.new

  @after_run_blocks = []
end

Instance Attribute Details

#domainObject

Returns the value of attribute domain


73
74
75
# File 'lib/msf/core/auxiliary/web/http.rb', line 73

def domain
  @domain
end

#frameworkObject (readonly)

Returns the value of attribute framework


69
70
71
# File 'lib/msf/core/auxiliary/web/http.rb', line 69

def framework
  @framework
end

#headersObject (readonly)

Returns the value of attribute headers


68
69
70
# File 'lib/msf/core/auxiliary/web/http.rb', line 68

def headers
  @headers
end

#optsObject (readonly)

Returns the value of attribute opts


67
68
69
# File 'lib/msf/core/auxiliary/web/http.rb', line 67

def opts
  @opts
end

#parentObject (readonly)

Returns the value of attribute parent


70
71
72
# File 'lib/msf/core/auxiliary/web/http.rb', line 70

def parent
  @parent
end

#passwordObject

Returns the value of attribute password


73
74
75
# File 'lib/msf/core/auxiliary/web/http.rb', line 73

def password
  @password
end

#redirect_limitObject

Returns the value of attribute redirect_limit


72
73
74
# File 'lib/msf/core/auxiliary/web/http.rb', line 72

def redirect_limit
  @redirect_limit
end

#usernameObject

Returns the value of attribute username


73
74
75
# File 'lib/msf/core/auxiliary/web/http.rb', line 73

def username
  @username
end

Instance Method Details

#after_run(&block) ⇒ Object


102
103
104
# File 'lib/msf/core/auxiliary/web/http.rb', line 102

def after_run( &block )
  @after_run_blocks << block
end

#connectObject


106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'lib/msf/core/auxiliary/web/http.rb', line 106

def connect
  c = Rex::Proto::Http::Client.new(
    opts[:target].host,
    opts[:target].port,
    {},
    opts[:target].ssl,
    'SSLv23',
    nil,
    username,
    password
  )

  c.set_config({
    'vhost' => opts[:target].vhost,
    'agent' => opts[:user_agent] || 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)',
    'domain' => domain
  })
  c
end

#custom_404?(path, body, &callback) ⇒ Boolean

Returns:

  • (Boolean)

187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
# File 'lib/msf/core/auxiliary/web/http.rb', line 187

def custom_404?( path, body, &callback )
  return if !path || !body

  precision = 2

  trv_back = File.dirname( path )
  trv_back << '/' if trv_back[-1,1] != '/'

  # 404 probes
  generators = [
    # get a random path with an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random path without an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file with an extension
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random directory
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '/' }
  ]

  synchronize do
    @@_404 ||= {}
    @@_404[path] ||= []

    @@_404_gathered ||= Set.new

    gathered = 0
    if !@@_404_gathered.include?( path.hash )
      generators.each.with_index do |generator, i|
        @@_404[path][i] ||= {}

        precision.times {
          get_async( generator.call, :follow_redirect => true ) do |res|
            gathered += 1

            if gathered == generators.size * precision
              @@_404_gathered << path.hash
              callback.call is_404?( path, body )
            else
              @@_404[path][i]['rdiff_now'] ||= false

              if !@@_404[path][i]['body']
                @@_404[path][i]['body'] = res.body
              else
                @@_404[path][i]['rdiff_now'] = true
              end

              if @@_404[path][i]['rdiff_now'] && !@@_404[path][i]['rdiff']
                @@_404[path][i]['rdiff'] = Rex::Text.refine( @@_404[path][i]['body'], res.body )
              end
            end
          end
        }
      end
    else
      callback.call is_404?( path, body )
    end
  end

  nil
end

#get(url, opts = {}) ⇒ Object


175
176
177
# File 'lib/msf/core/auxiliary/web/http.rb', line 175

def get( url, opts = {} )
  request( url, opts.merge( :method => :get ) )
end

#get_async(url, opts = {}, &callback) ⇒ Object


167
168
169
# File 'lib/msf/core/auxiliary/web/http.rb', line 167

def get_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :get ), &callback )
end

#if_not_custom_404(path, body, &callback) ⇒ Object


183
184
185
# File 'lib/msf/core/auxiliary/web/http.rb', line 183

def if_not_custom_404( path, body, &callback )
  custom_404?( path, body ) { |b| callback.call if !b }
end

#post(url, opts = {}) ⇒ Object


179
180
181
# File 'lib/msf/core/auxiliary/web/http.rb', line 179

def post( url, opts = {} )
  request( url, opts.merge( :method => :post ) )
end

#post_async(url, opts = {}, &callback) ⇒ Object


171
172
173
# File 'lib/msf/core/auxiliary/web/http.rb', line 171

def post_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :post ), &callback )
end

#request(url, opts = {}) ⇒ Object


152
153
154
155
156
157
158
159
160
161
# File 'lib/msf/core/auxiliary/web/http.rb', line 152

def request( url, opts = {} )
  rlimit = self.redirect_limit

  while rlimit >= 0
    rlimit -= 1
    res = _request( url, opts )
    return res if !opts[:follow_redirect] || !url = res.headers['location']
  end
  nil
end

#request_async(url, opts = {}, &callback) ⇒ Object


163
164
165
# File 'lib/msf/core/auxiliary/web/http.rb', line 163

def request_async( url, opts = {}, &callback )
  queue Request.new( url, opts, &callback )
end

#runObject


126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# File 'lib/msf/core/auxiliary/web/http.rb', line 126

def run
  return if @queue.empty?

  tl = []
  loop do
    while tl.size <= (opts[:max_threads] || 5) && !@queue.empty? && (req = @queue.pop)
      tl << framework.threads.spawn( "#{self.class.name} - #{req})", false, req ) do |request|
        # Keep callback failures isolated.
        begin
          request.handle_response request( request.url, request.opts )
        rescue => e
          print_error e.to_s
          e.backtrace.each { |l| print_error l }
        end
      end
    end

    break if tl.empty?
    tl.reject! { |t| !t.alive? }

    select( nil, nil, nil, 0.05 )
  end

  call_after_run_blocks
end