Class: Msf::Exploit::Remote::HTTP::HashStoreWithoutAutomaticExpiration

Inherits:
HTTP::CookieJar::HashStore
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/http/http_cookie_jar.rb

Overview

On top of iterating over every item in the store, ::HTTP::CookieJar::HashStore also deletes any expired cookies and has the option to filter cookies based on whether they are parent of a passed url.

We've removed the extraneous features in the overwritten method.

- The deletion of cookies while you're iterating over them complicated simple cookie management. It also
  prevented sending expired cookies if needed for an exploit
- Any URL passed for filtering could be resolved to nil if it was improperly formed or resolved to a eTLD,
  which was too brittle for our uses

Instance Method Summary collapse

Instance Method Details

#each(uri = nil) ⇒ Object

Raises:

  • (ArgumentError)

113
114
115
116
117
118
119
120
121
122
123
124
125
126
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 113

def each(uri = nil)
  raise ArgumentError, "HashStoreWithoutAutomaticExpiration.each doesn't support url filtering" if uri

  synchronize do
    @jar.each do |_domain, paths|
      paths.each do |_path, hash|
        hash.each do |_name, cookie|
          yield cookie
        end
      end
    end
  end
  self
end