Class: Msf::Auxiliary::Web::HTTP

Inherits:

Object

• Object
• Msf::Auxiliary::Web::HTTP

Defined in:

lib/msf/core/auxiliary/web/http.rb

Defined Under Namespace

Classes: Request, Response

Instance Attribute Summary

• #domain ⇒ Object

  Returns the value of attribute domain.

• #framework ⇒ Object readonly

  Returns the value of attribute framework.

• #headers ⇒ Object readonly

  Returns the value of attribute headers.

• #opts ⇒ Object readonly

  Returns the value of attribute opts.

• #parent ⇒ Object readonly

  Returns the value of attribute parent.

• #password ⇒ Object

  Returns the value of attribute password.

• #redirect_limit ⇒ Object

  Returns the value of attribute redirect_limit.

• #username ⇒ Object

  Returns the value of attribute username.

Instance Method Summary

• #after_run(&block) ⇒ Object
• #connect ⇒ Object
• #custom_404?(path, body, &callback) ⇒ Boolean
• #get(url, opts = {}) ⇒ Object
• #get_async(url, opts = {}, &callback) ⇒ Object
• #if_not_custom_404(path, body, &callback) ⇒ Object
• #initialize(opts = {}) ⇒ HTTP constructor

  A new instance of HTTP.

• #post(url, opts = {}) ⇒ Object
• #post_async(url, opts = {}, &callback) ⇒ Object
• #request(url, opts = {}) ⇒ Object
• #request_async(url, opts = {}, &callback) ⇒ Object
• #run ⇒ Object

Constructor Details

#initialize(opts = {}) ⇒ HTTP

Returns a new instance of HTTP.

# File 'lib/msf/core/auxiliary/web/http.rb', line 76

def initialize( opts = {} )
  @opts = opts.dup

  @framework = opts[:framework]
  @parent    = opts[:parent]

  @headers = {
    'Accept' => '*/*',
    'Cookie' => opts[:cookie_string]
  }.merge( opts[:headers] || {} )

  @headers.delete( 'Cookie' ) if !@headers['Cookie']

  @request_opts = {}
  if opts[:auth].is_a? Hash
    @username = opts[:auth][:user].to_s
    @password = opts[:auth][:password].to_s
    @domain   = opts[:auth][:domain].to_s
  end

  self.redirect_limit = opts[:redirect_limit] || 20

  @queue = Queue.new

  @after_run_blocks = []
end

Instance Attribute Details

#domain ⇒ Object

Returns the value of attribute domain.

# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def domain
  @domain
end

#framework ⇒ Object (readonly)

Returns the value of attribute framework.

# File 'lib/msf/core/auxiliary/web/http.rb', line 70

def framework
  @framework
end

#headers ⇒ Object (readonly)

Returns the value of attribute headers.

# File 'lib/msf/core/auxiliary/web/http.rb', line 69

def headers
  @headers
end

#opts ⇒ Object (readonly)

Returns the value of attribute opts.

# File 'lib/msf/core/auxiliary/web/http.rb', line 68

def opts
  @opts
end

#parent ⇒ Object (readonly)

Returns the value of attribute parent.

# File 'lib/msf/core/auxiliary/web/http.rb', line 71

def parent
  @parent
end

#password ⇒ Object

Returns the value of attribute password.

# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def password
  @password
end

#redirect_limit ⇒ Object

Returns the value of attribute redirect_limit.

# File 'lib/msf/core/auxiliary/web/http.rb', line 73

def redirect_limit
  @redirect_limit
end

#username ⇒ Object

Returns the value of attribute username.

# File 'lib/msf/core/auxiliary/web/http.rb', line 74

def username
  @username
end

Instance Method Details

#after_run(&block) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 103

def after_run( &block )
  @after_run_blocks << block
end

#connect ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 107

def connect
  c = Rex::Proto::Http::Client.new(
    opts[:target].host,
    opts[:target].port,
    {},
    opts[:target].ssl,
    'Auto',
    nil,
    username,
    password,
    subscriber: opts[:http_subscriber]
  )

  c.set_config({
    'vhost' => opts[:target].vhost,
    'ssl_server_name_indication' => opts[:target].ssl_server_name_indication || opts[:target].vhost,
    'agent' => opts[:user_agent] || Rex::UserAgent.session_agent,
    'domain' => domain
  })
  c
end

#custom_404?(path, body, &callback) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/msf/core/auxiliary/web/http.rb', line 190

def custom_404?( path, body, &callback )
  return if !path || !body

  precision = 2

  trv_back = File.dirname( path )
  trv_back << '/' if trv_back[-1,1] != '/'

  # 404 probes
  generators = [
    # get a random path with an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random path without an extension
    proc{ path + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) },

    # move up a dir and get a random file with an extension
    proc{ trv_back + Rex::Text.rand_text_alpha( 10 ) + '.' + Rex::Text.rand_text_alpha( 10 )[0..precision] },

    # get a random directory
    proc{ path + Rex::Text.rand_text_alpha( 10 ) + '/' }
  ]

  synchronize do
    @@_404 ||= {}
    @@_404[path] ||= []

    @@_404_gathered ||= Set.new

    gathered = 0
    if !@@_404_gathered.include?( path.hash )
      generators.each.with_index do |generator, i|
        @@_404[path][i] ||= {}

        precision.times {
          get_async( generator.call, :follow_redirect => true ) do |res|
            gathered += 1

            if gathered == generators.size * precision
              @@_404_gathered << path.hash
              callback.call is_404?( path, body )
            else
              @@_404[path][i]['rdiff_now'] ||= false

              if !@@_404[path][i]['body']
                @@_404[path][i]['body'] = res.body
              else
                @@_404[path][i]['rdiff_now'] = true
              end

              if @@_404[path][i]['rdiff_now'] && !@@_404[path][i]['rdiff']
                @@_404[path][i]['rdiff'] = Rex::Text.refine( @@_404[path][i]['body'], res.body )
              end
            end
          end
        }
      end
    else
      callback.call is_404?( path, body )
    end
  end

  nil
end

#get(url, opts = {}) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 178

def get( url, opts = {} )
  request( url, opts.merge( :method => :get ) )
end

#get_async(url, opts = {}, &callback) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 170

def get_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :get ), &callback )
end

#if_not_custom_404(path, body, &callback) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 186

def if_not_custom_404( path, body, &callback )
  custom_404?( path, body ) { |b| callback.call if !b }
end

#post(url, opts = {}) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 182

def post( url, opts = {} )
  request( url, opts.merge( :method => :post ) )
end

#post_async(url, opts = {}, &callback) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 174

def post_async( url, opts = {}, &callback )
  request_async( url, opts.merge( :method => :post ), &callback )
end

#request(url, opts = {}) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 155

def request( url, opts = {} )
  rlimit = self.redirect_limit

  while rlimit >= 0
    rlimit -= 1
    res = _request( url, opts )
    return res if !opts[:follow_redirect] || !url = res.headers['location']
  end
  nil
end

#request_async(url, opts = {}, &callback) ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 166

def request_async( url, opts = {}, &callback )
  queue Request.new( url, opts, &callback )
end

#run ⇒ Object

# File 'lib/msf/core/auxiliary/web/http.rb', line 129

def run
  return if @queue.empty?

  tl = []
  loop do
    while tl.size <= (opts[:max_threads] || 5) && !@queue.empty? && (req = @queue.pop)
      tl << framework.threads.spawn( "#{self.class.name} - #{req})", false, req ) do |request|
        # Keep callback failures isolated.
        begin
          request.handle_response request( request.url, request.opts )
        rescue => e
          print_error e.to_s
          e.backtrace.each { |l| print_error l }
        end
      end
    end

    break if tl.empty?
    tl.reject! { |t| !t.alive? }

    select( nil, nil, nil, 0.05 )
  end

  call_after_run_blocks
end