Class: Msf::Exploit::Remote::HTTP::HttpCookie

Inherits:
Object
  • Object
show all
Includes:
Comparable
Defined in:
lib/msf/core/exploit/remote/http/http_cookie.rb

Overview

This class is a representation of a Http Cookie with some built in convenience methods. Acts as a wrapper for the HTTP::Cookie (www.rubydoc.info/gems/http-cookie/1.0.3/HTTP/Cookie) class .

Instance Method Summary collapse

Constructor Details

#initialize(name, value = nil, **attr_hash) ⇒ HttpCookie

Returns a new HttpCookie.

Name can be a string.

  • If a String, the name of the cookie is set to the passed name.

- If only a String is passed to name, the cookie is set as a session cookie.

Value can be a String or nil.

  • If a String, the value of the cookie is set as the passed cookie.

  • If nil, the value of the cookie is set as an empty String and the cookie is set to expire at UNIX_EPOCH

attr_hash can be used to set the values of domain, path, max_age, expires, secure, httponly, accessed_at, created_at.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 25

def initialize(name, value = nil, **attr_hash)
  if value
    @cookie = ::HTTP::Cookie.new(name, value)
  else
    @cookie = ::HTTP::Cookie.new(name)
  end

  attr_hash.each_pair do |k, v|
    if k == 'max-age'.to_sym
      self.max_age= v
    elsif respond_to?("#{k}=".to_sym)
      self.send("#{k}=".to_sym, v)
    end
  end
end

Instance Method Details

#<=>(other) ⇒ Object



266
267
268
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 266

def <=>(other)
  @cookie <=> other
end

#acceptable?Boolean

Tests if it is OK to accept this cookie. If either domain or path is missing an ArgumentError is raised.

Returns:

  • (Boolean)


242
243
244
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 242

def acceptable?
  @cookie.acceptable?
end

#acceptable_from_uri?(uri) ⇒ Boolean

Tests if it is OK to accept this cookie if it is sent from the passed uri.

Parameters:

  • uri (String)

    The uri that will be checked

Returns:

  • (Boolean)

    True if the URI is an acceptable URI, false if the URI is nil or resolves to a blank string



259
260
261
262
263
264
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 259

def acceptable_from_uri?(uri)
  return false if uri.nil?
  return false if URI(uri.strip).host == ''

  @cookie.acceptable_from_uri?(uri)
end

#accessed_atObject

Returns the cookie accessed_at value of type Time. accessed_at indicates when a cookie was last interacted with.



190
191
192
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 190

def accessed_at
  @cookie.accessed_at
end

#accessed_at=(time) ⇒ Object

Sets the cookie accessed_at time.

Passed time must be nil, an instance of Time, or an object that can be converted successfully to an Time with Time.parse.



198
199
200
201
202
203
204
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 198

def accessed_at=(time)
  if time.nil? || time.is_a?(Time)
    @cookie.accessed_at = time
  else
    @cookie.accessed_at = Time.parse(time)
  end
end

Returns a string representation of the cookie for use in a cookie header. Comes in format “##name=##value”.



225
226
227
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 225

def cookie_value
  @cookie.cookie_value
end

#created_atObject

Returns the cookie created_at value of type Time. created_at indicates when a cookie was created.



207
208
209
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 207

def created_at
  @cookie.created_at
end

#created_at=(time) ⇒ Object

Sets the cookie accessed_at time.

Passed time must be nil, an instance of Time, or an object that can be converted successfully to an Time with Time.parse.



215
216
217
218
219
220
221
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 215

def created_at=(time)
  if time.nil? || time.is_a?(Time)
    @cookie.created_at = time
  else
    @cookie.created_at = Time.parse(time)
  end
end

#domainObject

Returns the cookie domain of type String.

If omitted, defaults to the host of the current document URL, not including subdomains. Leading dots in domain names (.example.com) are ignored. Multiple host/domain values are not allowed, but if a domain is specified, then subdomains are always included.



160
161
162
163
164
165
166
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 160

def domain
  if @cookie.domain.nil?
    nil
  else
    @cookie.domain.to_s
  end
end

#domain=(domain) ⇒ Object

Sets the cookie domain.

Passed domain must be nil, an instance of String, or an object that can be converted successfully to an String with to_s.



172
173
174
175
176
177
178
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 172

def domain=(domain)
  if domain.nil?
    @cookie.domain = domain
  else
    @cookie.domain = domain.to_s
  end
end

#expired?(time = Time.now) ⇒ Boolean

Returns a boolean indicating if the cookie will have expired by the date and time represented by time. time defaults to Time.now, so the method can return a different value after enough calls.

Returns:

  • (Boolean)


232
233
234
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 232

def expired?(time = Time.now)
  @cookie.expired?(time)
end

#expiresObject

Returns the value of cookie expires of type Time.

expires is the date and time at which a cookie expires.



90
91
92
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 90

def expires
  @cookie.expires
end

#expires=(expires) ⇒ Object

Sets the cookie expires value.

Passed expires must be nil, an instance of Time, or an object that can be converted successfully to an Time with Time.parse(expires).



98
99
100
101
102
103
104
105
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 98

def expires=(expires)
  if expires.nil? || expires.is_a?(Time)
    @cookie.expires = expires
  else
    t = Time.parse(expires)
    @cookie.expires = t
  end
end

#httponlyObject

Returns the cookie httponly value of type Boolean.

httponly is a Boolean that indicates if client-side scripts should be prevented from accessing data.



144
145
146
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 144

def httponly
  @cookie.httponly
end

#httponly=(httponly) ⇒ Object

Sets the cookie httponly value.

Passed httponly is converted to a Boolean with !!httponly and set.



151
152
153
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 151

def httponly=(httponly)
  @cookie.httponly = !!httponly
end

#max_ageObject

Returns the value of max_age.

max_age is the number of seconds until a cookie expires.



71
72
73
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 71

def max_age
  @cookie.max_age
end

#max_age=(max_age) ⇒ Object

Sets the cookie max_age of type Integer.

Passed max_age must be nil, an Integer, or an object that can be converted successfully to an Integer with Integer(max_age).



79
80
81
82
83
84
85
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 79

def max_age=(max_age)
  if max_age.nil? || max_age.is_a?(Integer)
    @cookie.max_age = max_age
  else
    @cookie.max_age = Integer(max_age)
  end
end

#nameObject

Returns the name of cookie of type String.



42
43
44
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 42

def name
  @cookie.name
end

#name=(name) ⇒ Object

Sets the cookie name.



47
48
49
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 47

def name=(name)
  @cookie.name = name.to_s
end

#originObject



184
185
186
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 184

def origin
  @cookie.origin
end

#origin=(origin) ⇒ Object



180
181
182
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 180

def origin=(origin)
  @cookie.origin = origin
end

#pathObject

Returns the cookie path of type String.

path is the URL for which the cookie is valid.



110
111
112
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 110

def path
  @cookie.path
end

#path=(path) ⇒ Object

Sets the cookie path.

Passed path must be nil, an instance of String, or an object that can be converted successfully to a String with to_s.



118
119
120
121
122
123
124
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 118

def path=(path)
  if path.nil? || path.is_a?(String)
    @cookie.path = path
  else
    @cookie.path = path.to_s
  end
end

#secureObject

Returns the cookie secure value of type Boolean.

secure is a boolean that indicates if the cookie should be limited to the scope of secure channels as defined by the user agent.



130
131
132
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 130

def secure
  @cookie.secure
end

#secure=(secure) ⇒ Object

Sets the cookie secure value.

Passed secure is converted to a Boolean with !!secure and set.



137
138
139
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 137

def secure=(secure)
  @cookie.secure = !!secure
end

#session?Boolean

Returns a boolean indicating if the cookie is a Session Cookie.

Returns:

  • (Boolean)


237
238
239
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 237

def session?
  @cookie.session?
end

#valid_for_uri?(uri) ⇒ Boolean

Returns a boolean indicating if the cookie can be sent to the passed uri. Raises an ArgumentError if domain is nil (unset).

Returns:

  • (Boolean)

Raises:

  • (ArgumentError)


248
249
250
251
252
253
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 248

def valid_for_uri?(uri)
  return false if uri.nil?
  raise ArgumentError, 'cannot tell if this cookie is valid as domain is nil' if domain.nil?

  @cookie.valid_for_uri?(uri)
end

#valueObject

Returns the value of cookie of type String.



52
53
54
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 52

def value
  @cookie.value
end

#value=(value) ⇒ Object

Sets the cookie value.

Passed value must be nil, an instance of String, or an object that can be converted successfully to a String with to_s.



60
61
62
63
64
65
66
# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 60

def value=(value)
  if value.nil? || value.is_a?(String)
    @cookie.value = value
  else
    @cookie.value = value.to_s
  end
end