2010-11-13 03:33:36 +00:00
|
|
|
require 'rex'
|
|
|
|
require 'anemone/page'
|
|
|
|
require 'anemone/cookie_store'
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
# This is an alternate Anemone::HTTP implementation that uses the Metasploit Rex
|
2012-11-01 19:14:38 +00:00
|
|
|
# library and the Rex::Proto::Http protocol stack.
|
2010-11-13 03:33:36 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
module Anemone
|
|
|
|
class HTTP
|
|
|
|
# Maximum number of redirects to follow on each get_response
|
|
|
|
# REDIRECT_LIMIT = 5
|
|
|
|
|
|
|
|
# CookieStore for this HTTP client
|
|
|
|
attr_reader :cookie_store
|
|
|
|
|
|
|
|
def initialize(opts = {})
|
|
|
|
@connections = {}
|
|
|
|
@opts = opts
|
|
|
|
@cookie_store = CookieStore.new(@opts[:cookies])
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Fetch a single Page from the response of an HTTP request to *url*.
|
|
|
|
# Just gets the final destination page.
|
|
|
|
#
|
|
|
|
def fetch_page(url, referer = nil, depth = nil)
|
|
|
|
fetch_pages(url, referer, depth).last
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Create new Pages from the response of an HTTP request to *url*,
|
|
|
|
# including redirects
|
|
|
|
#
|
|
|
|
def fetch_pages(url, referer = nil, depth = nil)
|
|
|
|
begin
|
|
|
|
url = URI(url) unless url.is_a?(URI)
|
|
|
|
pages = []
|
|
|
|
get(url, referer) do |response, code, location, redirect_to, response_time|
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 05:25:39 +00:00
|
|
|
page = Page.new(location, :body => response.body.dup,
|
2010-11-13 03:33:36 +00:00
|
|
|
:code => code,
|
|
|
|
:headers => response.headers,
|
|
|
|
:referer => referer,
|
|
|
|
:depth => depth,
|
|
|
|
:redirect_to => redirect_to,
|
2013-06-12 21:00:09 +00:00
|
|
|
:response_time => response_time,
|
|
|
|
:dirbust => @opts[:dirbust]
|
|
|
|
)
|
2010-11-13 05:25:39 +00:00
|
|
|
# Store the associated raw HTTP request
|
|
|
|
page.request = response.request
|
|
|
|
pages << page
|
2010-11-13 03:33:36 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
return pages
|
|
|
|
rescue => e
|
|
|
|
if verbose?
|
|
|
|
puts e.inspect
|
|
|
|
puts e.backtrace
|
|
|
|
end
|
|
|
|
return [Page.new(url, :error => e)]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The maximum number of redirects to follow
|
|
|
|
#
|
|
|
|
def redirect_limit
|
|
|
|
@opts[:redirect_limit] || REDIRECT_LIMIT
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The user-agent string which will be sent with each request,
|
|
|
|
# or nil if no such option is set
|
|
|
|
#
|
|
|
|
def user_agent
|
|
|
|
@opts[:user_agent]
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The virtual host to override the host header with, per url
|
|
|
|
# TODO: implement
|
|
|
|
#
|
|
|
|
def virtual_host(url)
|
|
|
|
url.host
|
|
|
|
end
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
#
|
|
|
|
# Does this HTTP client accept cookies from the server?
|
|
|
|
#
|
|
|
|
def accept_cookies?
|
|
|
|
@opts[:accept_cookies]
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
#
|
|
|
|
# Retrieve HTTP responses for *url*, including redirects.
|
|
|
|
# Yields the response object, response code, and URI location
|
|
|
|
# for each response.
|
|
|
|
#
|
|
|
|
def get(url, referer = nil)
|
|
|
|
limit = redirect_limit
|
|
|
|
loc = url
|
|
|
|
begin
|
|
|
|
# if redirected to a relative url, merge it with the host of the original
|
|
|
|
# request url
|
|
|
|
loc = url.merge(loc) if loc.relative?
|
|
|
|
|
|
|
|
response, response_time = get_response(loc, referer)
|
2010-11-13 05:20:51 +00:00
|
|
|
code = response.code.to_i
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
redirect_to = nil
|
|
|
|
if code >= 300 and code <= 310
|
|
|
|
redirect_to = URI(response['location']).normalize
|
|
|
|
end
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
yield response, code, loc, redirect_to, response_time
|
2012-11-01 19:14:38 +00:00
|
|
|
|
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
limit -= 1
|
|
|
|
end while (loc = redirect_to) && allowed?(redirect_to, url) && limit > 0
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Get an HTTPResponse for *url*, sending the appropriate User-Agent string
|
|
|
|
#
|
|
|
|
# MODIFIED: Change get_response to allow fine tuning of the HTTP request before
|
|
|
|
# it is sent to the remote system.
|
|
|
|
#
|
|
|
|
def get_response(url, referer = nil)
|
2010-11-13 05:20:51 +00:00
|
|
|
opts = {
|
2012-11-01 19:14:38 +00:00
|
|
|
'uri' => url.path,
|
|
|
|
'query' => url.query
|
2010-11-13 05:20:51 +00:00
|
|
|
}
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 05:20:51 +00:00
|
|
|
opts['agent'] = user_agent if user_agent
|
|
|
|
opts['cookie'] = @cookie_store.to_s unless @cookie_store.empty? || (!accept_cookies? && @opts[:cookies].nil?)
|
2010-11-13 03:33:36 +00:00
|
|
|
|
2010-11-13 05:20:51 +00:00
|
|
|
head = {}
|
|
|
|
if referer
|
|
|
|
head['Referer'] = referer.to_s
|
|
|
|
end
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2011-07-16 13:29:28 +00:00
|
|
|
if @opts[:http_basic_auth]
|
|
|
|
head['Authorization'] = "Basic " + @opts[:http_basic_auth]
|
|
|
|
end
|
|
|
|
|
|
|
|
@opts[:inject_headers].each do |hdr|
|
|
|
|
k,v = hdr.split(':', 2)
|
|
|
|
head[k] = v
|
|
|
|
end
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2011-07-16 13:29:28 +00:00
|
|
|
opts['headers'] = head
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
retries = 0
|
|
|
|
begin
|
|
|
|
start = Time.now()
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
response = nil
|
|
|
|
request = nil
|
|
|
|
begin
|
|
|
|
conn = connection(url)
|
|
|
|
request = conn.request_raw(opts)
|
2012-11-01 19:14:38 +00:00
|
|
|
response = conn.send_recv(request, @opts[:timeout] || 10 )
|
2010-11-13 03:33:36 +00:00
|
|
|
rescue ::Errno::EPIPE, ::Timeout::Error
|
|
|
|
end
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
finish = Time.now()
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
response_time = ((finish - start) * 1000).round
|
|
|
|
@cookie_store.merge!(response['Set-Cookie']) if accept_cookies?
|
|
|
|
return response, response_time
|
|
|
|
rescue EOFError
|
|
|
|
retries += 1
|
|
|
|
retry unless retries > (@opts[:retry_limit] || 3)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def connection(url)
|
|
|
|
context = { }
|
|
|
|
context['Msf'] = @opts[:framework] if @opts[:framework]
|
|
|
|
context['MsfExploit'] = @opts[:module] if @opts[:module]
|
|
|
|
|
|
|
|
conn = Rex::Proto::Http::Client.new(
|
|
|
|
url.host,
|
|
|
|
url.port.to_i,
|
|
|
|
context,
|
|
|
|
url.scheme == "https",
|
|
|
|
'SSLv23',
|
2013-02-20 03:25:37 +00:00
|
|
|
@opts[:proxies],
|
|
|
|
@opts[:username],
|
|
|
|
@opts[:password]
|
2010-11-13 03:33:36 +00:00
|
|
|
)
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
conn.set_config(
|
|
|
|
'vhost' => virtual_host(url),
|
2013-06-07 19:24:14 +00:00
|
|
|
'agent' => user_agent,
|
|
|
|
'domain' => @opts[:domain]
|
2010-11-13 03:33:36 +00:00
|
|
|
)
|
2012-11-01 19:14:38 +00:00
|
|
|
|
2010-11-13 03:33:36 +00:00
|
|
|
conn
|
|
|
|
end
|
|
|
|
|
|
|
|
def verbose?
|
|
|
|
@opts[:verbose]
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Allowed to connect to the requested url?
|
|
|
|
#
|
|
|
|
def allowed?(to_url, from_url)
|
|
|
|
to_url.host.nil? || (to_url.host == from_url.host)
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|