Module: Msf::Handler::ReverseHttp

Includes:
Msf::Handler, UriChecksum
Included in:
ReverseHttps, ReverseHttpsProxy, ReverseIPv6Http
Defined in:
lib/msf/core/handler/reverse_http.rb,
lib/msf/core/handler/reverse_http/uri_checksum.rb

Overview

This handler implements the HTTP SSL tunneling interface.

Defined Under Namespace

Modules: UriChecksum

Constant Summary

Constants included from UriChecksum

UriChecksum::URI_CHECKSUM_CONN, UriChecksum::URI_CHECKSUM_INITJ, UriChecksum::URI_CHECKSUM_INITW, UriChecksum::URI_CHECKSUM_PRECALC

Constants included from Msf::Handler

Claimed, Unused

Instance Attribute Summary collapse

Attributes included from Msf::Handler

#exploit_config, #parent_payload

Class Method Summary collapse

Instance Method Summary collapse

Methods included from UriChecksum

#generate_uri_checksum, #process_uri_resource

Methods included from Msf::Handler

#add_handler, #handle_connection, #handler, #handler_name, #wait_for_session, #wfs_delay

Instance Attribute Details

#serviceObject

:nodoc:


160
161
162
# File 'lib/msf/core/handler/reverse_http.rb', line 160

def service
  @service
end

Class Method Details

.general_handler_typeObject

Returns the connection-described general handler type, in this case 'tunnel'.


30
31
32
# File 'lib/msf/core/handler/reverse_http.rb', line 30

def self.general_handler_type
  "tunnel"
end

.handler_typeObject

Returns the string representation of the handler type


22
23
24
# File 'lib/msf/core/handler/reverse_http.rb', line 22

def self.handler_type
  return "reverse_http"
end

Instance Method Details

#cleanup_handlerObject

Simply calls stop handler to ensure that things are cool.


141
142
143
# File 'lib/msf/core/handler/reverse_http.rb', line 141

def cleanup_handler
  stop_handler
end

#full_uriObject

Return a URI of the form scheme://host:port/

Scheme is one of http or https and host is properly wrapped in [] for ipv6 addresses.


47
48
49
50
51
# File 'lib/msf/core/handler/reverse_http.rb', line 47

def full_uri
  local_port = bind_port
  scheme = (ssl?) ? "https" : "http"
  "#{scheme}://#{datastore['LHOST']}:#{datastore['LPORT']}/"
end

#initialize(info = {}) ⇒ Object

Initializes the HTTP SSL tunneling handler.


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/msf/core/handler/reverse_http.rb', line 58

def initialize(info = {})
  super

  register_options(
    [
      OptString.new('LHOST', [ true, "The local listener hostname" ]),
      OptPort.new('LPORT', [ true, "The local listener port", 8080 ])
    ], Msf::Handler::ReverseHttp)

  register_advanced_options(
    [
      OptString.new('ReverseListenerComm', [ false, 'The specific communication channel to use for this listener']),
      OptInt.new('SessionExpirationTimeout', [ false, 'The number of seconds before this session should be forcibly shut down', (24*3600*7)]),
      OptInt.new('SessionCommunicationTimeout', [ false, 'The number of seconds of no activity before this session should be killed', 300]),
      OptString.new('MeterpreterUserAgent', [ false, 'The user-agent that the payload should use for communication', 'Mozilla/4.0 (compatible; MSIE 6.1; Windows NT)' ]),
      OptString.new('MeterpreterServerName', [ false, 'The server header that the handler will send in response to requests', 'Apache' ]),
      OptAddress.new('ReverseListenerBindAddress', [ false, 'The specific IP address to bind to on the local system']),
      OptInt.new('ReverseListenerBindPort', [ false, 'The port to bind to on the local system if different from LPORT' ]),
      OptString.new('HttpUnknownRequestResponse', [ false, 'The returned HTML response body when the handler receives a request that is not from a payload', '<html><body><h1>It works!</h1></body></html>'  ])
    ], Msf::Handler::ReverseHttp)
end

#ipv6Object

Toggle for IPv4 vs IPv6 mode


83
84
85
# File 'lib/msf/core/handler/reverse_http.rb', line 83

def ipv6
  self.refname.index('ipv6') ? true : false
end

#setup_handlerObject

Create an HTTP listener


90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'lib/msf/core/handler/reverse_http.rb', line 90

def setup_handler

  comm = datastore['ReverseListenerComm']
  if (comm.to_s == "local")
    comm = ::Rex::Socket::Comm::Local
  else
    comm = nil
  end

  local_port = bind_port

  # Determine where to bind the HTTP(S) server to
  bindaddrs = ipv6 ? '::' : '0.0.0.0'

  if not datastore['ReverseListenerBindAddress'].to_s.empty?
    bindaddrs = datastore['ReverseListenerBindAddress']
  end

  # Start the HTTPS server service on this host/port
  self.service = Rex::ServiceManager.start(Rex::Proto::Http::Server,
    local_port,
    bindaddrs,
    ssl?,
    {
      'Msf'        => framework,
      'MsfExploit' => self,
    },
    comm,
    (ssl?) ? datastore["SSLCert"] : nil
  )

  self.service.server_name = datastore['MeterpreterServerName']

  # Create a reference to ourselves
  obj = self

  # Add the new resource
  service.add_resource("/",
    'Proc' => Proc.new { |cli, req|
      on_request(cli, req, obj)
    },
    'VirtualDirectory' => true)

  scheme = (ssl?) ? "https" : "http"
  bind_url = "#{scheme}://#{bindaddrs}:#{local_port}/"
  print_status("Started #{scheme.upcase} reverse handler on #{bind_url}")
end

#ssl?Boolean

Use the refname to determine whether this handler uses SSL or not

Returns:

  • (Boolean)

37
38
39
# File 'lib/msf/core/handler/reverse_http.rb', line 37

def ssl?
  !!(self.refname.index("https"))
end

#start_handlerObject

Basically does nothing. The service is already started and listening during set up.


149
150
# File 'lib/msf/core/handler/reverse_http.rb', line 149

def start_handler
end

#stop_handlerObject

Removes the / handler, possibly stopping the service if no sessions are active on sub-urls.


156
157
158
# File 'lib/msf/core/handler/reverse_http.rb', line 156

def stop_handler
  self.service.remove_resource("/") if self.service
end