Class: Msf::Exploit::Remote::HTTP::HttpCookieJar

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/http/http_cookie_jar.rb

Overview

Acts as a wrapper for the 3rd party CookieJar (http-cookie)

Instance Method Summary collapse

Constructor Details

#initializeHttpCookieJar

Returns a new instance of HttpCookieJar.


17
18
19
20
21
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 17

def initialize
  @cookie_jar = ::HTTP::CookieJar.new({
    store: HashStoreWithoutAutomaticExpiration
  })
end

Instance Method Details

#add(cookie) ⇒ Object

Adds cookie to the jar.

cookie must be an instance or subclass of Msf::Exploit::Remote::HTTP::HttpCookie, or a `TypeError` will be raised.

Returns self.

Raises:

  • (TypeError)

29
30
31
32
33
34
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 29

def add(cookie)
  raise TypeError, "Passed cookie is of class '#{cookie.class}' and not a subclass of '#{Msf::Exploit::Remote::HTTP::HttpCookie}" unless cookie.is_a?(Msf::Exploit::Remote::HTTP::HttpCookie)

  @cookie_jar.add(cookie)
  self
end

#cleanup(expire_all = false) ⇒ Object

Will remove all expired cookies. If expire_all is set as true, all session cookies are removed as well.

Returns self.


63
64
65
66
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 63

def cleanup(expire_all = false)
  @cookie_jar.cleanup(expire_all)
  self
end

#clearObject

Will remove all cookies from the jar.

Returns nil.


55
56
57
58
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 55

def clear
  @cookie_jar.clear
  self
end

#cookiesObject

Returns an unordered array of all cookies stored in the jar.


48
49
50
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 48

def cookies
  @cookie_jar.cookies
end

#delete(cookie) ⇒ Object

Will remove any cookie from the jar that has the same name, domain and path as the passed cookie.

Returns self.

Raises:

  • (TypeError)

39
40
41
42
43
44
45
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 39

def delete(cookie)
  return if @cookie_jar.cookies.empty?
  raise TypeError, "Passed cookie is of class '#{cookie.class}' and not a subclass of '#{Msf::Exploit::Remote::HTTP::HttpCookie}" unless cookie.is_a?(Msf::Exploit::Remote::HTTP::HttpCookie)

  @cookie_jar.delete(cookie)
  self
end

#empty?Boolean

Returns true if the jar contains no cookies, else false.

Returns:

  • (Boolean)

69
70
71
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 69

def empty?
  @cookie_jar.empty?
end

#initialize_copy(other) ⇒ Object

Modules are replicated before running. This method ensures that the cookie jar from one run, will not impact subsequent runs.


104
105
106
107
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 104

def initialize_copy(other)
  super
  @cookie_jar = other.instance_variable_get(:@cookie_jar).clone
end

#parse(set_cookie_header, origin_url) ⇒ Object

Parses a Set-Cookie header value set_cookie_header and returns an array of ::Msf::Exploit::Remote::HTTP::HttpCookie objects. Parts (separated by commas) that are malformed or considered unacceptable are silently ignored.


76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 76

def parse(set_cookie_header, origin_url)
  cookies = []
  ::HTTP::Cookie::Scanner.new(set_cookie_header).scan_set_cookie do |name, value, attrs|
    if name.nil? || name.empty?
      next
    end

    if attrs && attrs.is_a?(Hash)
      attrs = attrs.transform_keys(&:to_sym)
      attrs[:origin] = origin_url
      cookies << HttpCookie.new(name, value, **attrs)
    else
      raise ArgumentError, "Cookie header could not be parsed by 'scan_set_cookie' successfully."
    end
  end

  cookies
end

#parse_and_merge(set_cookie_header, origin_url) ⇒ Object

Same as parse, but each ::Msf::Exploit::Remote::HTTP::HttpCookie is also added to the jar.


96
97
98
99
100
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 96

def parse_and_merge(set_cookie_header, origin_url)
  cookies = parse(set_cookie_header, origin_url)
  cookies.each { |c| add(c) }
  cookies
end