Class: Msf::Auxiliary::Web::Form

Inherits:
Fuzzable
  • Object
show all
Defined in:
lib/msf/core/auxiliary/web/form.rb

Instance Attribute Summary collapse

Attributes inherited from Fuzzable

#fuzzer

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Fuzzable

#==, #dup, #fuzz, #fuzz_async, #fuzz_id, #fuzzed, #fuzzed?, #hash, #http, #submit, #submit_async

Constructor Details

#initialize(opts = {}) ⇒ Form

opts - Options Hash (default: {})

:action - Action URL of the form
:method - Form method (:get, :post)
:inputs - Form inputs [{ :name => 'name', :value => 'John', :type => 'text' }]


44
45
46
47
48
49
50
# File 'lib/msf/core/auxiliary/web/form.rb', line 44

def initialize( opts = {} )
  self.action = opts[:action]
  self.action.chop! if self.action.end_with?( '?' )

  self.method = opts[:method] || :get
  self.inputs = (opts[:inputs] || []).dup
end

Instance Attribute Details

#actionObject

URL String to which to submit the params



24
25
26
# File 'lib/msf/core/auxiliary/web/form.rb', line 24

def action
  @action
end

#alteredObject

Name of the altered input as a String



33
34
35
# File 'lib/msf/core/auxiliary/web/form.rb', line 33

def altered
  @altered
end

#inputsObject

Inputs Array in the form of:

[{ :name => 'name', :value => 'John', :type => 'text' }]


30
31
32
# File 'lib/msf/core/auxiliary/web/form.rb', line 30

def inputs
  @inputs
end

#methodObject

Method type Symbol: :get, :post



21
22
23
# File 'lib/msf/core/auxiliary/web/form.rb', line 21

def method
  @method
end

#modelObject

Mdm::WebForm model if available



36
37
38
# File 'lib/msf/core/auxiliary/web/form.rb', line 36

def model
  @model
end

Class Method Details

.from_model(form) ⇒ Object



229
230
231
232
233
234
235
236
237
238
239
240
# File 'lib/msf/core/auxiliary/web/form.rb', line 229

def self.from_model( form )
  inputs = form.params.map do |name, value, extra|
    extra = extra.first if extra.is_a? Array
    extra ||= {}
    { :name => name, :value => value, :type => extra[:type] }
  end

  e = new( :action => "#{form.path}?#{form.query}", :method => form.method,
           :inputs => inputs )
  e.model = form
  e
end

.query_to_params(query) ⇒ Object

Converts a query String to a Hash of params

query - String



122
123
124
125
126
127
128
129
130
131
# File 'lib/msf/core/auxiliary/web/form.rb', line 122

def self.query_to_params( query )
  query = query.to_s
  return {} if query.empty?

  query.split( '&' ).inject( {} ) do |h, pair|
    k, v = pair.to_s.split( '=', 2 )
    h[Rex::Text.uri_decode( k.to_s )] = Rex::Text.uri_decode( v.to_s )
    h
  end
end

Instance Method Details

#[](field) ⇒ Object

Param reader shortcut – returns the value of a param by name, as a String.

field - Param name as a String



159
160
161
# File 'lib/msf/core/auxiliary/web/form.rb', line 159

def []( field )
  params[field.to_s]
end

#[]=(field, value) ⇒ Object

Param writer shortcut – sets the value of a param by name, as a String.

field - Param name as a String value - Param value as a String



169
170
171
172
# File 'lib/msf/core/auxiliary/web/form.rb', line 169

def []=( field, value )
  update( field, value )
  [field]
end

#altered_valueObject

Value of the #altered input (i.e. the injected value).



98
99
100
# File 'lib/msf/core/auxiliary/web/form.rb', line 98

def altered_value
  params[altered]
end

#altered_value=(value) ⇒ Object



102
103
104
# File 'lib/msf/core/auxiliary/web/form.rb', line 102

def altered_value=( value )
  params[altered] = value.to_s.dup
end

#empty?Boolean

Bool - true if params are empty, false otherwise.

Returns:

  • (Boolean)


150
151
152
# File 'lib/msf/core/auxiliary/web/form.rb', line 150

def empty?
  params.empty?
end

#field_type_for(name) ⇒ Object

Get a field type, by name, as a String.

field - Field name as a String



200
201
202
# File 'lib/msf/core/auxiliary/web/form.rb', line 200

def field_type_for( name )
  inputs.select{ |i| i[:name] == name.to_s }[:type]
end

#paramsObject

Hash of params to be submitted (derived by #inputs)

Examples

{ 'name' => 'John' }


90
91
92
93
# File 'lib/msf/core/auxiliary/web/form.rb', line 90

def params
  @params ||= inputs.reject{ |i| i[:name].to_s.empty? }.
    inject( {} ) { |h, i| h[i[:name]] = i[:value]; h }
end

#permutation_for(field_name, field_value) ⇒ Object



217
218
219
220
221
222
# File 'lib/msf/core/auxiliary/web/form.rb', line 217

def permutation_for( field_name, field_value )
  form = self.dup
  form.altered = field_name.dup
  form[field_name]   = field_value.dup
  form
end

#permutationsObject

Get an Array with permutations of the form for the given seed.

seed - String to inject



209
210
211
212
213
214
215
# File 'lib/msf/core/auxiliary/web/form.rb', line 209

def permutations
  return [] if empty?

  params.map do |name, value|
    fuzzer.seeds_for( value || '' ).map { |seed| permutation_for( name, seed ) }
  end.flatten.uniq
end

#query_to_params(query) ⇒ Object



133
134
135
# File 'lib/msf/core/auxiliary/web/form.rb', line 133

def query_to_params( query )
  self.class.query_to_params( query)
end

#request(opts = {}) ⇒ Object



137
138
139
140
141
142
143
144
145
146
147
# File 'lib/msf/core/auxiliary/web/form.rb', line 137

def request( opts = {} )
  p = case method
    when :get
      query_to_params( URI( action ).query ).merge( params )

    when :post
      params
  end

  [ action, opts.merge( :method => method, :params => p ) ]
end

#to_hashObject



224
225
226
227
# File 'lib/msf/core/auxiliary/web/form.rb', line 224

def to_hash
  { :action => action.dup, :method => method,
    :inputs => inputs.dup, :altered => altered ? altered.dup : nil }
end

#to_query(i = self.params) ⇒ Object

Converts a Hash of params to a query String

i - Hash of params (default: #params)



111
112
113
114
115
# File 'lib/msf/core/auxiliary/web/form.rb', line 111

def to_query( i = self.params )
  i.map do |k, v|
    Rex::Text.uri_encode( k.to_s ) + '=' + Rex::Text.uri_encode( v.to_s )
  end.join( '&' )
end

#update(field, value, type = nil) ⇒ Object

Update the form inputs.

field - Field name as a String (updated if already exists, created otherwise). value - Field Value as a String. type - Field type ('text' if no type has been provided).



181
182
183
184
185
186
187
188
189
190
191
192
193
# File 'lib/msf/core/auxiliary/web/form.rb', line 181

def update( field, value, type = nil )
  @params = nil
  inputs.each do |i|
    if i[:name] == field.to_s
      i[:value] = value.to_s
      i[:type] = type.to_s if type
      return self
    end
  end

  @inputs << { :name => field.to_s, :value => value.to_s, :type => type || 'text' }
  self
end