Class: Msf::Auxiliary::Web::Form

Inherits:

Fuzzable

• Object
• Fuzzable
• Msf::Auxiliary::Web::Form

Defined in:

lib/msf/core/auxiliary/web/form.rb

Instance Attribute Summary

• #action ⇒ Object

  URL String to which to submit the params.

• #altered ⇒ Object

  Name of the altered input as a String.

• #inputs ⇒ Object

  Inputs Array in the form of:.

• #method ⇒ Object

  Method type Symbol: :get, :post.

• #model ⇒ Object

  Mdm::WebForm model if available.

Attributes inherited from Fuzzable

#fuzzer

Class Method Summary

• .from_model(form) ⇒ Object
• .query_to_params(query) ⇒ Object

  Converts a query String to a Hash of params.

Instance Method Summary

• #[](field) ⇒ Object

  Param reader shortcut – returns the value of a param by name, as a String.

• #[]=(field, value) ⇒ Object

  Param writer shortcut – sets the value of a param by name, as a String.

• #altered_value ⇒ Object

  Value of the #altered input (i.e. the injected value).

• #altered_value=(value) ⇒ Object
• #empty? ⇒ Boolean

  Bool - true if params are empty, false otherwise.

• #field_type_for(name) ⇒ Object

  Get a field type, by name, as a String.

• #initialize(opts = {}) ⇒ Form constructor

  opts - Options Hash (default: {}) :action - Action URL of the form :method - Form method (:get, :post) :inputs - Form inputs [{ :name => ‘name’, :value => ‘John’, :type => ‘text’ }].

• #params ⇒ Object

  Hash of params to be submitted (derived by #inputs).

• #permutation_for(field_name, field_value) ⇒ Object
• #permutations ⇒ Object

  Get an Array with permutations of the form for the given seed.

• #query_to_params(query) ⇒ Object
• #request(opts = {}) ⇒ Object
• #to_hash ⇒ Object
• #to_query(i = self.params) ⇒ Object

  Converts a Hash of params to a query String.

• #update(field, value, type = nil) ⇒ Object

  Update the form inputs.

Methods inherited from Fuzzable

#==, #dup, #fuzz, #fuzz_async, #fuzz_id, #fuzzed, #fuzzed?, #hash, #http, #submit, #submit_async

Constructor Details

#initialize(opts = {}) ⇒ Form

opts - Options Hash (default: {})

:action - Action URL of the form
:method - Form method (:get, :post)
:inputs - Form inputs [{ :name => 'name', :value => 'John', :type => 'text' }]

# File 'lib/msf/core/auxiliary/web/form.rb', line 44

def initialize( opts = {} )
  self.action = opts[:action]
  self.action.chop! if self.action.end_with?( '?' )

  self.method = opts[:method] || :get
  self.inputs = (opts[:inputs] || []).dup
end

Instance Attribute Details

#action ⇒ Object

URL String to which to submit the params

# File 'lib/msf/core/auxiliary/web/form.rb', line 24

def action
  @action
end

#altered ⇒ Object

Name of the altered input as a String

# File 'lib/msf/core/auxiliary/web/form.rb', line 33

def altered
  @altered
end

#inputs ⇒ Object

Inputs Array in the form of:

[{ :name => 'name', :value => 'John', :type => 'text' }]

# File 'lib/msf/core/auxiliary/web/form.rb', line 30

def inputs
  @inputs
end

#method ⇒ Object

Method type Symbol: :get, :post

# File 'lib/msf/core/auxiliary/web/form.rb', line 21

def method
  @method
end

#model ⇒ Object

Mdm::WebForm model if available

# File 'lib/msf/core/auxiliary/web/form.rb', line 36

def model
  @model
end

Class Method Details

.from_model(form) ⇒ Object

# File 'lib/msf/core/auxiliary/web/form.rb', line 229

def self.from_model( form )
  inputs = form.params.map do |name, value, extra|
    extra = extra.first if extra.is_a? Array
    extra ||= {}
    { :name => name, :value => value, :type => extra[:type] }
  end

  e = new( :action => "#{form.path}?#{form.query}", :method => form.method,
           :inputs => inputs )
  e.model = form
  e
end

.query_to_params(query) ⇒ Object

Converts a query String to a Hash of params

query - String

# File 'lib/msf/core/auxiliary/web/form.rb', line 122

def self.query_to_params( query )
  query = query.to_s
  return {} if query.empty?

  query.split( '&' ).inject( {} ) do |h, pair|
    k, v = pair.to_s.split( '=', 2 )
    h[Rex::Text.uri_decode( k.to_s )] = Rex::Text.uri_decode( v.to_s )
    h
  end
end

Instance Method Details

#[](field) ⇒ Object

Param reader shortcut – returns the value of a param by name, as a String.

field - Param name as a String

# File 'lib/msf/core/auxiliary/web/form.rb', line 159

def []( field )
  params[field.to_s]
end

#[]=(field, value) ⇒ Object

Param writer shortcut – sets the value of a param by name, as a String.

field - Param name as a String value - Param value as a String

# File 'lib/msf/core/auxiliary/web/form.rb', line 169

def []=( field, value )
  update( field, value )
  [field]
end

#altered_value ⇒ Object

Value of the #altered input (i.e. the injected value).

# File 'lib/msf/core/auxiliary/web/form.rb', line 98

def altered_value
  params[altered]
end

#altered_value=(value) ⇒ Object

# File 'lib/msf/core/auxiliary/web/form.rb', line 102

def altered_value=( value )
  params[altered] = value.to_s.dup
end

#empty? ⇒ Boolean

Bool - true if params are empty, false otherwise.

Returns:

• (Boolean)

# File 'lib/msf/core/auxiliary/web/form.rb', line 150

def empty?
  params.empty?
end

#field_type_for(name) ⇒ Object

Get a field type, by name, as a String.

field - Field name as a String

# File 'lib/msf/core/auxiliary/web/form.rb', line 200

def field_type_for( name )
  inputs.select{ |i| i[:name] == name.to_s }[:type]
end

#params ⇒ Object

Hash of params to be submitted (derived by #inputs)

Examples

{ 'name' => 'John' }

# File 'lib/msf/core/auxiliary/web/form.rb', line 90

def params
  @params ||= inputs.reject{ |i| i[:name].to_s.empty? }.
    inject( {} ) { |h, i| h[i[:name]] = i[:value]; h }
end

#permutation_for(field_name, field_value) ⇒ Object

# File 'lib/msf/core/auxiliary/web/form.rb', line 217

def permutation_for( field_name, field_value )
  form = self.dup
  form.altered = field_name.dup
  form[field_name]   = field_value.dup
  form
end

#permutations ⇒ Object

Get an Array with permutations of the form for the given seed.

seed - String to inject

# File 'lib/msf/core/auxiliary/web/form.rb', line 209

def permutations
  return [] if empty?

  params.map do |name, value|
    fuzzer.seeds_for( value || '' ).map { |seed| permutation_for( name, seed ) }
  end.flatten.uniq
end

#query_to_params(query) ⇒ Object

# File 'lib/msf/core/auxiliary/web/form.rb', line 133

def query_to_params( query )
  self.class.query_to_params( query)
end

#request(opts = {}) ⇒ Object

# File 'lib/msf/core/auxiliary/web/form.rb', line 137

def request( opts = {} )
  p = case method
    when :get
      query_to_params( URI( action ).query ).merge( params )

    when :post
      params
  end

  [ action, opts.merge( :method => method, :params => p ) ]
end

#to_hash ⇒ Object

# File 'lib/msf/core/auxiliary/web/form.rb', line 224

def to_hash
  { :action => action.dup, :method => method,
    :inputs => inputs.dup, :altered => altered ? altered.dup : nil }
end

#to_query(i = self.params) ⇒ Object

Converts a Hash of params to a query String

i - Hash of params (default: #params)

# File 'lib/msf/core/auxiliary/web/form.rb', line 111

def to_query( i = self.params )
  i.map do |k, v|
    Rex::Text.uri_encode( k.to_s ) + '=' + Rex::Text.uri_encode( v.to_s )
  end.join( '&' )
end

#update(field, value, type = nil) ⇒ Object

Update the form inputs.

field - Field name as a String (updated if already exists, created otherwise). value - Field Value as a String. type - Field type (‘text’ if no type has been provided).

# File 'lib/msf/core/auxiliary/web/form.rb', line 181

def update( field, value, type = nil )
  @params = nil
  inputs.each do |i|
    if i[:name] == field.to_s
      i[:value] = value.to_s
      i[:type] = type.to_s if type
      return self
    end
  end

  @inputs << { :name => field.to_s, :value => value.to_s, :type => type || 'text' }
  self
end