Class: Msf::Exploit::Remote::HTTP::FlaskUnsign::URLSafeSigner

Inherits:

Object

Object
Msf::Exploit::Remote::HTTP::FlaskUnsign::URLSafeSigner

show all

Defined in:: lib/msf/core/exploit/remote/http/flask_unsign.rb

Direct Known Subclasses

URLSafeTimedSigner

Constant Summary collapse

DEFAULT_SEPARATOR =

'.'

Instance Method Summary collapse

#derive_key ⇒ Object
#get_signature(value) ⇒ Object
#initialize(secret_key, salt, separator: DEFAULT_SEPARATOR) ⇒ URLSafeSigner constructor

A new instance of URLSafeSigner.

Constructor Details

#initialize(secret_key, salt, separator: DEFAULT_SEPARATOR) ⇒ `URLSafeSigner`

Returns a new instance of URLSafeSigner.

# File 'lib/msf/core/exploit/remote/http/flask_unsign.rb', line 21

def initialize(secret_key, salt, separator: DEFAULT_SEPARATOR)
  @secret_key = secret_key
  @salt = salt
  @separator = separator
end

Instance Method Details

#derive_key ⇒ `Object`

# File 'lib/msf/core/exploit/remote/http/flask_unsign.rb', line 27

def derive_key
  hmac = OpenSSL::HMAC.new(@secret_key, OpenSSL::Digest.new('SHA1'))
  hmac.update(@salt)
  hmac.digest
end

#get_signature(value) ⇒ `Object`

# File 'lib/msf/core/exploit/remote/http/flask_unsign.rb', line 33

def get_signature(value)
  hmac = OpenSSL::HMAC.new(derive_key, OpenSSL::Digest.new('SHA1'))
  hmac.update(value)
  FlaskUnsign.base64_encode(hmac.digest)
end

Class: Msf::Exploit::Remote::HTTP::FlaskUnsign::URLSafeSigner

Direct Known Subclasses

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(secret_key, salt, separator: DEFAULT_SEPARATOR) ⇒ URLSafeSigner

Instance Method Details

#derive_key ⇒ Object

#get_signature(value) ⇒ Object

#initialize(secret_key, salt, separator: DEFAULT_SEPARATOR) ⇒ `URLSafeSigner`

#derive_key ⇒ `Object`

#get_signature(value) ⇒ `Object`