Class: Msf::Auxiliary::Web::HTTP

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/auxiliary/web/http.rb

Defined Under Namespace

Classes: Request, Response

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) ⇒ HTTP

Returns a new instance of HTTP.


76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/msf/core/auxiliary/web/http.rb', line 76

def initialize( opts = {} )
  @opts = opts.dup

  @framework = opts[:framework]
  @parent    = opts[:parent]

  @headers = {
    'Accept' => '*/*',
    'Cookie' => opts[:cookie_string]
  }.merge( opts[:headers] || {} )

  @headers.delete( 'Cookie' ) if !@headers['Cookie']

  @request_opts = {}
  if opts[:auth].is_a? Hash
    @username = opts[:auth][:user].to_s
    @password = opts[:auth][:password].to_s
    @domain   = opts[:auth][:domain].to_s
  end

  self.redirect_limit = opts[:redirect_limit] || 20

  @queue = Queue.new

  @after_run_blocks = []
end

Instance Attribute Details

#domainObject

Returns the value of attribute domain


74
75
76
# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def domain
  @domain
end

#frameworkObject (readonly)

Returns the value of attribute framework


70
71
72
# File 'lib/msf/core/auxiliary/web/http.rb', line 70

def framework
  @framework
end

#headersObject (readonly)

Returns the value of attribute headers


69
70
71
# File 'lib/msf/core/auxiliary/web/http.rb', line 69

def headers
  @headers
end

#optsObject (readonly)

Returns the value of attribute opts


68
69
70
# File 'lib/msf/core/auxiliary/web/http.rb', line 68

def opts
  @opts
end

#parentObject (readonly)

Returns the value of attribute parent


71
72
73
# File 'lib/msf/core/auxiliary/web/http.rb', line 71

def parent
  @parent
end

#passwordObject

Returns the value of attribute password


74
75
76
# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def password
  @password
end

#redirect_limitObject

Returns the value of attribute redirect_limit


73
74
75
# File 'lib/msf/core/auxiliary/web/http.rb', line 73

def redirect_limit
  @redirect_limit
end

#usernameObject

Returns the value of attribute username


74
75
76
# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def username
  @username
end

Instance Method Details

#after_run(&block) ⇒ Object


103
104
105
# File 'lib/msf/core/auxiliary/web/http.rb', line 103

def after_run( &block )
  @after_run_blocks << block
end

#connectObject


107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'lib/msf/core/auxiliary/web/http.rb', line 107

def connect
  c = Rex::Proto::Http::Client.new(
    opts[:target].host,
    opts[:target].port,
    {},
    opts[:target].ssl,
    'SSLv23',
    nil,
    username,
    password
  )

  c.set_config({
    'vhost' => opts[:target].vhost,
    'agent' => opts[:user_agent] || 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)',
    'domain' => domain
  })
  c
end

#custom_404?(path, body, &callback) ⇒ Boolean

Returns:

  • (Boolean)

188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
# File 'lib/msf/core/auxiliary/web/http.rb', line 188

def custom_404?( path, body, &callback )
  return if !path || !body

  precision = 2

  trv_back = File.dirname( path )
  trv_back << '/' if trv_back[-1,1] != '/'

  # 404 probes
  generators = [
    # get a random path with an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random path without an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file with an extension
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random directory
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '/' }
  ]

  synchronize do
    @@_404 ||= {}
    @@_404[path] ||= []

    @@_404_gathered ||= Set.new

    gathered = 0
    if !@@_404_gathered.include?( path.hash )
      generators.each.with_index do |generator, i|
        @@_404[path][i] ||= {}

        precision.times {
          get_async( generator.call, :follow_redirect => true ) do |res|
            gathered += 1

            if gathered == generators.size * precision
              @@_404_gathered << path.hash
              callback.call is_404?( path, body )
            else
              @@_404[path][i]['rdiff_now'] ||= false

              if !@@_404[path][i]['body']
                @@_404[path][i]['body'] = res.body
              else
                @@_404[path][i]['rdiff_now'] = true
              end

              if @@_404[path][i]['rdiff_now'] && !@@_404[path][i]['rdiff']
                @@_404[path][i]['rdiff'] = Rex::Text.refine( @@_404[path][i]['body'], res.body )
              end
            end
          end
        }
      end
    else
      callback.call is_404?( path, body )
    end
  end

  nil
end

#get(url, opts = {}) ⇒ Object


176
177
178
# File 'lib/msf/core/auxiliary/web/http.rb', line 176

def get( url, opts = {} )
  request( url, opts.merge( :method => :get ) )
end

#get_async(url, opts = {}, &callback) ⇒ Object


168
169
170
# File 'lib/msf/core/auxiliary/web/http.rb', line 168

def get_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :get ), &callback )
end

#if_not_custom_404(path, body, &callback) ⇒ Object


184
185
186
# File 'lib/msf/core/auxiliary/web/http.rb', line 184

def if_not_custom_404( path, body, &callback )
  custom_404?( path, body ) { |b| callback.call if !b }
end

#post(url, opts = {}) ⇒ Object


180
181
182
# File 'lib/msf/core/auxiliary/web/http.rb', line 180

def post( url, opts = {} )
  request( url, opts.merge( :method => :post ) )
end

#post_async(url, opts = {}, &callback) ⇒ Object


172
173
174
# File 'lib/msf/core/auxiliary/web/http.rb', line 172

def post_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :post ), &callback )
end

#request(url, opts = {}) ⇒ Object


153
154
155
156
157
158
159
160
161
162
# File 'lib/msf/core/auxiliary/web/http.rb', line 153

def request( url, opts = {} )
  rlimit = self.redirect_limit

  while rlimit >= 0
    rlimit -= 1
    res = _request( url, opts )
    return res if !opts[:follow_redirect] || !url = res.headers['location']
  end
  nil
end

#request_async(url, opts = {}, &callback) ⇒ Object


164
165
166
# File 'lib/msf/core/auxiliary/web/http.rb', line 164

def request_async( url, opts = {}, &callback )
  queue Request.new( url, opts, &callback )
end

#runObject


127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# File 'lib/msf/core/auxiliary/web/http.rb', line 127

def run
  return if @queue.empty?

  tl = []
  loop do
    while tl.size <= (opts[:max_threads] || 5) && !@queue.empty? && (req = @queue.pop)
      tl << framework.threads.spawn( "#{self.class.name} - #{req})", false, req ) do |request|
        # Keep callback failures isolated.
        begin
          request.handle_response request( request.url, request.opts )
        rescue => e
          print_error e.to_s
          e.backtrace.each { |l| print_error l }
        end
      end
    end

    break if tl.empty?
    tl.reject! { |t| !t.alive? }

    select( nil, nil, nil, 0.05 )
  end

  call_after_run_blocks
end