Class: Msf::Auxiliary::Web::HTTP

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/auxiliary/web/http.rb

Defined Under Namespace

Classes: Request, Response

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(opts = {}) ⇒ HTTP

Returns a new instance of HTTP.



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/msf/core/auxiliary/web/http.rb', line 76

def initialize( opts = {} )
  @opts = opts.dup

  @framework = opts[:framework]
  @parent    = opts[:parent]

  @headers = {
    'Accept' => '*/*',
    'Cookie' => opts[:cookie_string]
  }.merge( opts[:headers] || {} )

  @headers.delete( 'Cookie' ) if !@headers['Cookie']

  @request_opts = {}
  if opts[:auth].is_a? Hash
    @username = opts[:auth][:user].to_s
    @password = opts[:auth][:password].to_s
    @domain   = opts[:auth][:domain].to_s
  end

  self.redirect_limit = opts[:redirect_limit] || 20

  @queue = Queue.new

  @after_run_blocks = []
end

Instance Attribute Details

#domainObject

Returns the value of attribute domain.



74
75
76
# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def domain
  @domain
end

#frameworkObject (readonly)

Returns the value of attribute framework.



70
71
72
# File 'lib/msf/core/auxiliary/web/http.rb', line 70

def framework
  @framework
end

#headersObject (readonly)

Returns the value of attribute headers.



69
70
71
# File 'lib/msf/core/auxiliary/web/http.rb', line 69

def headers
  @headers
end

#optsObject (readonly)

Returns the value of attribute opts.



68
69
70
# File 'lib/msf/core/auxiliary/web/http.rb', line 68

def opts
  @opts
end

#parentObject (readonly)

Returns the value of attribute parent.



71
72
73
# File 'lib/msf/core/auxiliary/web/http.rb', line 71

def parent
  @parent
end

#passwordObject

Returns the value of attribute password.



74
75
76
# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def password
  @password
end

#redirect_limitObject

Returns the value of attribute redirect_limit.



73
74
75
# File 'lib/msf/core/auxiliary/web/http.rb', line 73

def redirect_limit
  @redirect_limit
end

#usernameObject

Returns the value of attribute username.



74
75
76
# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def username
  @username
end

Instance Method Details

#after_run(&block) ⇒ Object



103
104
105
# File 'lib/msf/core/auxiliary/web/http.rb', line 103

def after_run( &block )
  @after_run_blocks << block
end

#connectObject



107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'lib/msf/core/auxiliary/web/http.rb', line 107

def connect
  c = Rex::Proto::Http::Client.new(
    opts[:target].host,
    opts[:target].port,
    {},
    opts[:target].ssl,
    'Auto',
    nil,
    username,
    password
  )

  c.set_config({
    'vhost' => opts[:target].vhost,
    'agent' => opts[:user_agent] || Rex::UserAgent.session_agent,
    'domain' => domain
  })
  c
end

#custom_404?(path, body, &callback) ⇒ Boolean

Returns:

  • (Boolean)


188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
# File 'lib/msf/core/auxiliary/web/http.rb', line 188

def custom_404?( path, body, &callback )
  return if !path || !body

  precision = 2

  trv_back = File.dirname( path )
  trv_back << '/' if trv_back[-1,1] != '/'

  # 404 probes
  generators = [
    # get a random path with an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random path without an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file with an extension
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random directory
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '/' }
  ]

  synchronize do
    @@_404 ||= {}
    @@_404[path] ||= []

    @@_404_gathered ||= Set.new

    gathered = 0
    if !@@_404_gathered.include?( path.hash )
      generators.each.with_index do |generator, i|
        @@_404[path][i] ||= {}

        precision.times {
          get_async( generator.call, :follow_redirect => true ) do |res|
            gathered += 1

            if gathered == generators.size * precision
              @@_404_gathered << path.hash
              callback.call is_404?( path, body )
            else
              @@_404[path][i]['rdiff_now'] ||= false

              if !@@_404[path][i]['body']
                @@_404[path][i]['body'] = res.body
              else
                @@_404[path][i]['rdiff_now'] = true
              end

              if @@_404[path][i]['rdiff_now'] && !@@_404[path][i]['rdiff']
                @@_404[path][i]['rdiff'] = Rex::Text.refine( @@_404[path][i]['body'], res.body )
              end
            end
          end
        }
      end
    else
      callback.call is_404?( path, body )
    end
  end

  nil
end

#get(url, opts = {}) ⇒ Object



176
177
178
# File 'lib/msf/core/auxiliary/web/http.rb', line 176

def get( url, opts = {} )
  request( url, opts.merge( :method => :get ) )
end

#get_async(url, opts = {}, &callback) ⇒ Object



168
169
170
# File 'lib/msf/core/auxiliary/web/http.rb', line 168

def get_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :get ), &callback )
end

#if_not_custom_404(path, body, &callback) ⇒ Object



184
185
186
# File 'lib/msf/core/auxiliary/web/http.rb', line 184

def if_not_custom_404( path, body, &callback )
  custom_404?( path, body ) { |b| callback.call if !b }
end

#post(url, opts = {}) ⇒ Object



180
181
182
# File 'lib/msf/core/auxiliary/web/http.rb', line 180

def post( url, opts = {} )
  request( url, opts.merge( :method => :post ) )
end

#post_async(url, opts = {}, &callback) ⇒ Object



172
173
174
# File 'lib/msf/core/auxiliary/web/http.rb', line 172

def post_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :post ), &callback )
end

#request(url, opts = {}) ⇒ Object



153
154
155
156
157
158
159
160
161
162
# File 'lib/msf/core/auxiliary/web/http.rb', line 153

def request( url, opts = {} )
  rlimit = self.redirect_limit

  while rlimit >= 0
    rlimit -= 1
    res = _request( url, opts )
    return res if !opts[:follow_redirect] || !url = res.headers['location']
  end
  nil
end

#request_async(url, opts = {}, &callback) ⇒ Object



164
165
166
# File 'lib/msf/core/auxiliary/web/http.rb', line 164

def request_async( url, opts = {}, &callback )
  queue Request.new( url, opts, &callback )
end

#runObject



127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# File 'lib/msf/core/auxiliary/web/http.rb', line 127

def run
  return if @queue.empty?

  tl = []
  loop do
    while tl.size <= (opts[:max_threads] || 5) && !@queue.empty? && (req = @queue.pop)
      tl << framework.threads.spawn( "#{self.class.name} - #{req})", false, req ) do |request|
        # Keep callback failures isolated.
        begin
          request.handle_response request( request.url, request.opts )
        rescue => e
          print_error e.to_s
          e.backtrace.each { |l| print_error l }
        end
      end
    end

    break if tl.empty?
    tl.reject! { |t| !t.alive? }

    select( nil, nil, nil, 0.05 )
  end

  call_after_run_blocks
end