Class: Msf::Exploit::Remote::HTTP::HttpCookieJar

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/http/http_cookie_jar.rb

Overview

Acts as a wrapper for the 3rd party CookieJar (http-cookie)

Instance Method Summary collapse

Constructor Details

#initializeHttpCookieJar

Returns a new instance of HttpCookieJar.


17
18
19
20
21
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 17

def initialize
  @cookie_jar = ::HTTP::CookieJar.new({
    store: HashStoreWithoutAutomaticExpiration
  })
end

Instance Method Details

#add(cookie) ⇒ Object

Adds cookie to the jar.

cookie must be an instance or subclass of Msf::Exploit::Remote::HTTP::HttpCookie, or a `TypeError` will be raised.

Returns self.

Raises:

  • (TypeError)

29
30
31
32
33
34
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 29

def add(cookie)
  raise TypeError, "Passed cookie is of class '#{cookie.class}' and not a subclass of '#{Msf::Exploit::Remote::HTTP::HttpCookie}" unless cookie.is_a?(Msf::Exploit::Remote::HTTP::HttpCookie)

  @cookie_jar.add(cookie)
  self
end

#cleanup(expire_all = false) ⇒ Object

Will remove all expired cookies. If expire_all is set as true, all session cookies are removed as well.

Returns self.


63
64
65
66
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 63

def cleanup(expire_all = false)
  @cookie_jar.cleanup(expire_all)
  self
end

#clearObject

Will remove all cookies from the jar.

Returns nil.


55
56
57
58
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 55

def clear
  @cookie_jar.clear
  self
end

#cookiesObject

Returns an unordered array of all cookies stored in the jar.


48
49
50
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 48

def cookies
  @cookie_jar.cookies
end

#delete(cookie) ⇒ Object

Will remove any cookie from the jar that has the same name, domain and path as the passed cookie.

Returns self.

Raises:

  • (TypeError)

39
40
41
42
43
44
45
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 39

def delete(cookie)
  return if @cookie_jar.cookies.empty?
  raise TypeError, "Passed cookie is of class '#{cookie.class}' and not a subclass of '#{Msf::Exploit::Remote::HTTP::HttpCookie}" unless cookie.is_a?(Msf::Exploit::Remote::HTTP::HttpCookie)

  @cookie_jar.delete(cookie)
  self
end

#empty?Boolean

Returns true if the jar contains no cookies, else false.

Returns:

  • (Boolean)

69
70
71
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 69

def empty?
  @cookie_jar.empty?
end

#initialize_copy(other) ⇒ Object

Modules are replicated before running. This method ensures that the cookie jar from one run, will not impact subsequent runs.


98
99
100
101
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 98

def initialize_copy(other)
  super
  @cookie_jar = other.instance_variable_get(:@cookie_jar).clone
end

#parse(set_cookie_header) ⇒ Object

Parses a Set-Cookie header value set_cookie_header and returns an array of ::Msf::Exploit::Remote::HTTP::HttpCookie objects. Parts (separated by commas) that are malformed or considered unacceptable are silently ignored.


76
77
78
79
80
81
82
83
84
85
86
87
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 76

def parse(set_cookie_header)
  cookies = []
  ::HTTP::Cookie::Scanner.new(set_cookie_header).scan_set_cookie do |name, value, attrs|
    if name.nil? || name.empty?
      next
    end

    cookies << HttpCookie.new(name, value, attrs)
  end

  cookies
end

#parse_and_merge(set_cookie_header) ⇒ Object

Same as parse, but each ::Msf::Exploit::Remote::HTTP::HttpCookie is also added to the jar.


90
91
92
93
94
# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 90

def parse_and_merge(set_cookie_header)
  cookies = parse(set_cookie_header)
  cookies.each { |c| add(Msf::Exploit::Remote::HTTP::HttpCookie.new(c)) }
  cookies
end