Class: Rex::Proto::Http::Response

Inherits:

Packet

• Object
• Packet
• Rex::Proto::Http::Response

Defined in:

lib/rex/proto/http/response.rb

Overview

HTTP response class.

Direct Known Subclasses

Msf::Auxiliary::Web::HTTP::Response, Msf::Exploit::Git::Lfs::Response, Msf::Exploit::Git::SmartHttp::Response, E404, OK

Defined Under Namespace

Classes: E404, OK

Instance Attribute Summary

• #code ⇒ Object

  Returns the value of attribute code.

• #count_100 ⇒ Object

  Returns the value of attribute count_100.

• #message ⇒ Object

  Returns the value of attribute message.

• #peerinfo ⇒ Object

  Host address:port associated with this request/response.

• #proto ⇒ Object

  Returns the value of attribute proto.

• #request ⇒ Object

  Used to store a copy of the original request.

Attributes inherited from Packet

#auto_cl, #body, #body_bytes_left, #bufq, #chunk_max_size, #chunk_min_size, #compress, #error, #headers, #incomplete, #inside_chunk, #keepalive, #max_data, #state, #transfer_chunked

Instance Method Summary

• #check_100 ⇒ Object

  Allow 100 Continues to be ignored by the caller.

• #cmd_string ⇒ Object

  Returns the response based command string.

• #get_cookies ⇒ Object

  Gets cookies from the Set-Cookie header in a format to be used in the ‘cookie’ send_request field.

• #get_cookies_parsed ⇒ Object

  Gets cookies from the Set-Cookie header in a parsed format.

• #get_hidden_inputs ⇒ Array<Hash>

  Returns a collection of found hidden inputs.

• #get_html_document ⇒ Nokogiri::HTML::Document

  Returns a parsed HTML document.

• #get_html_meta_elements ⇒ Array<Nokogiri::XML::Element>

  Returns meta tags.

• #get_html_scripts ⇒ Array<RKelly::Nodes::SourceElementsNode>

  Returns parsed JavaScript blocks.

• #get_json_document ⇒ Hash

  Returns a parsed json document.

• #get_xml_document ⇒ Nokogiri::XML::Document

  Returns a parsed XML document.

• #gzip_decode ⇒ Object
• #gzip_decode! ⇒ Object
• #initialize(code = 200, message = 'OK', proto = DefaultProtocol) ⇒ Response constructor

  Constructage of the HTTP response with the supplied code, message, and protocol.

• #redirect? ⇒ Boolean

  Answers if the response is a redirection one.

• #redirection ⇒ URI^?

  Provides the uri of the redirection location.

• #update_cmd_parts(str) ⇒ Object

  Updates the various parts of the HTTP response command string.

Methods inherited from Packet

#[], #[]=, #chunk, #completed?, #from_s, #output_packet, #parse, #parse_body, #parse_header, #reset, #reset_except_queue, #to_s, #to_terminal_output

Constructor Details

#initialize(code = 200, message = 'OK', proto = DefaultProtocol) ⇒ Response

Constructage of the HTTP response with the supplied code, message, and protocol.

# File 'lib/rex/proto/http/response.rb', line 47

def initialize(code = 200, message = 'OK', proto = DefaultProtocol)
  super()

  self.code    = code.to_i
  self.message = message
  self.proto   = proto

  # Default responses to auto content length on
  self.auto_cl = true

  # default chunk sizes (if chunked is used)
  self.chunk_min_size = 1
  self.chunk_max_size = 10

  # 100 continue counter
  self.count_100 = 0
end

Instance Attribute Details

#code ⇒ Object

Returns the value of attribute code.

# File 'lib/rex/proto/http/response.rb', line 254

def code
  @code
end

#count_100 ⇒ Object

Returns the value of attribute count_100.

# File 'lib/rex/proto/http/response.rb', line 257

def count_100
  @count_100
end

#message ⇒ Object

Returns the value of attribute message.

# File 'lib/rex/proto/http/response.rb', line 255

def message
  @message
end

#peerinfo ⇒ Object

Host address:port associated with this request/response

# File 'lib/rex/proto/http/response.rb', line 252

def peerinfo
  @peerinfo
end

#proto ⇒ Object

Returns the value of attribute proto.

# File 'lib/rex/proto/http/response.rb', line 256

def proto
  @proto
end

#request ⇒ Object

Used to store a copy of the original request

# File 'lib/rex/proto/http/response.rb', line 247

def request
  @request
end

Instance Method Details

#check_100 ⇒ Object

Allow 100 Continues to be ignored by the caller

# File 'lib/rex/proto/http/response.rb', line 212

def check_100
  # If this was a 100 continue with no data, reset
  if self.code == 100 and (self.body_bytes_left == -1 or self.body_bytes_left == 0) and self.count_100 < 5
    self.reset_except_queue
    self.count_100 += 1
  end
end

#cmd_string ⇒ Object

Returns the response based command string.

# File 'lib/rex/proto/http/response.rb', line 240

def cmd_string
  "HTTP\/#{proto} #{code}#{(message and message.length > 0) ? ' ' + message : ''}\r\n"
end

#get_cookies ⇒ Object

Gets cookies from the Set-Cookie header in a format to be used in the ‘cookie’ send_request field

# File 'lib/rex/proto/http/response.rb', line 69

def get_cookies
  cookies = ""
  if (self.headers.include?('Set-Cookie'))
    set_cookies = self.headers['Set-Cookie']
    key_vals = set_cookies.scan(/\s?([^, ;]+?)=([^, ;]*?)[;,]/)
    key_vals.each do |k, v|
      # Dont downcase actual cookie name as may be case sensitive
      name = k.downcase
      next if name == 'path'
      next if name == 'expires'
      next if name == 'domain'
      next if name == 'max-age'
      cookies << "#{k}=#{v}; "
    end
  end

  return cookies.strip
end

#get_cookies_parsed ⇒ Object

Gets cookies from the Set-Cookie header in a parsed format

# File 'lib/rex/proto/http/response.rb', line 91

def get_cookies_parsed
  if (self.headers.include?('Set-Cookie'))
    ret = CGI::Cookie::parse(self.headers['Set-Cookie'])
  else
    ret = {}
  end
  ret
end

#get_hidden_inputs ⇒ Array<Hash>

Returns a collection of found hidden inputs

Examples:

res = send_request_cgi('uri'=>'/')
inputs = res.get_hidden_inputs
session_id = inputs[0]['sessionid'] # The first form's 'sessionid' hidden input

Returns:

• (Array<Hash>) —

  An array, each element represents a form that contains a hash of found hidden inputs

  • 'name' [String] The hidden input's original name. The value is the hidden input's original value.

# File 'lib/rex/proto/http/response.rb', line 175

def get_hidden_inputs
  forms = []
  noko = get_html_document
  noko.search("form").each_entry do |form|
    found_inputs = {}
    form.search("input").each_entry do |input|
      input_type = input.attributes['type'] ? input.attributes['type'].value : ''
      next if input_type !~ /hidden/i

      input_name = input.attributes['name'] ? input.attributes['name'].value : ''
      input_value = input.attributes['value'] ? input.attributes['value'].value : ''
      found_inputs[input_name] = input_value unless input_name.empty?
    end
    forms << found_inputs unless found_inputs.empty?
  end

  forms
end

#get_html_document ⇒ Nokogiri::HTML::Document

Returns a parsed HTML document. Instead of using regexes to parse the HTML body, you should use this and use the Nokogiri API.

Returns:

• (Nokogiri::HTML::Document)

See Also:

• http://www.nokogiri.org/

# File 'lib/rex/proto/http/response.rb', line 106

def get_html_document
  Nokogiri::HTML(self.body)
end

#get_html_meta_elements ⇒ Array<Nokogiri::XML::Element>

Returns meta tags. You will probably want to use this the web app’s version info (or other stuff) can be found in the metadata.

Returns:

• (Array<Nokogiri::XML::Element>)

# File 'lib/rex/proto/http/response.rb', line 150

def get_html_meta_elements
  n = get_html_document
  n.search('//meta')
end

#get_html_scripts ⇒ Array<RKelly::Nodes::SourceElementsNode>

Returns parsed JavaScript blocks. The parsed version is a RKelly object that allows you to be able do advanced parsing.

Returns:

• (Array<RKelly::Nodes::SourceElementsNode>)

See Also:

• https://github.com/tenderlove/rkelly

# File 'lib/rex/proto/http/response.rb', line 160

def get_html_scripts
  n = get_html_document
  rkelly = RKelly::Parser.new
  n.search('//script').map { |s| rkelly.parse(s.text) }
end

#get_json_document ⇒ Hash

Returns a parsed json document. Instead of using regexes to parse the JSON body, you should use this.

Returns:

• (Hash)

# File 'lib/rex/proto/http/response.rb', line 133

def get_json_document
  json = {}

  begin
    json = JSON.parse(self.body)
  rescue JSON::ParserError => e
    elog(e)
  end

  json
end

#get_xml_document ⇒ Nokogiri::XML::Document

Returns a parsed XML document. Instead of using regexes to parse the XML body, you should use this and use the Nokogiri API.

Returns:

• (Nokogiri::XML::Document)

See Also:

• http://www.nokogiri.org/

# File 'lib/rex/proto/http/response.rb', line 115

def get_xml_document
  Nokogiri::XML(self.body)
end

#gzip_decode ⇒ Object

# File 'lib/rex/proto/http/response.rb', line 123

def gzip_decode
  gz = Zlib::GzipReader.new(StringIO.new(self.body.to_s))    

  gz.read
end

#gzip_decode! ⇒ Object

# File 'lib/rex/proto/http/response.rb', line 119

def gzip_decode!
  self.body = gzip_decode
end

#redirect? ⇒ Boolean

Answers if the response is a redirection one.

Returns:

• (Boolean) —

  true if the response is a redirection, false otherwise.

# File 'lib/rex/proto/http/response.rb', line 223

def redirect?
  [301, 302, 303, 307, 308].include?(code)
end

#redirection ⇒ URI^?

Provides the uri of the redirection location.

Returns:

• (URI) —

  the uri of the redirection location.

• (nil) —

  if the response hasn't a Location header or it isn't a valid uri.

# File 'lib/rex/proto/http/response.rb', line 231

def redirection
  URI(headers['Location'])
rescue ArgumentError, ::URI::InvalidURIError
  nil
end

#update_cmd_parts(str) ⇒ Object

Updates the various parts of the HTTP response command string.

# File 'lib/rex/proto/http/response.rb', line 197

def update_cmd_parts(str)
  if (md = str.match(/HTTP\/(.+?)\s+(\d+)\s?(.+?)\r?\n?$/))
    self.message = md[3].gsub("\r", '')
    self.code    = md[2].to_i
    self.proto   = md[1]
  else
    raise RuntimeError, "Invalid response command string", caller
  end

  check_100()
end