2005-07-24 20:53:54 +00:00
|
|
|
require 'rex/proto/http'
|
|
|
|
|
|
|
|
|
|
module Rex
|
|
|
|
|
module Proto
|
|
|
|
|
module Http
|
|
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
DefaultProtocol = '1.1'
|
2005-07-24 20:53:54 +00:00
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# This class represents an HTTP packet.
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
class Packet
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Parser processing codes
|
|
|
|
|
#
|
|
|
|
|
module ParseCode
|
|
|
|
|
Completed = 1
|
|
|
|
|
Partial = 2
|
|
|
|
|
Error = 3
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Parser states
|
|
|
|
|
#
|
|
|
|
|
module ParseState
|
|
|
|
|
ProcessingHeader = 1
|
|
|
|
|
ProcessingBody = 2
|
|
|
|
|
Completed = 3
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
require 'rex/proto/http/header'
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Initializes an instance of an HTTP packet.
|
|
|
|
|
#
|
2005-07-24 20:53:54 +00:00
|
|
|
def initialize()
|
|
|
|
|
self.headers = Header.new
|
2005-09-15 23:37:38 +00:00
|
|
|
self.auto_cl = true
|
2005-07-24 20:53:54 +00:00
|
|
|
|
|
|
|
|
reset
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Return the associated header value, if any.
|
|
|
|
|
#
|
|
|
|
|
def [](key)
|
2007-01-05 05:22:39 +00:00
|
|
|
if (self.headers.include?(key))
|
|
|
|
|
return self.headers[key]
|
|
|
|
|
end
|
2009-11-30 21:15:06 +00:00
|
|
|
|
2007-01-05 05:22:39 +00:00
|
|
|
self.headers.each_pair do |k,v|
|
|
|
|
|
if (k.downcase == key.downcase)
|
|
|
|
|
return v
|
|
|
|
|
end
|
|
|
|
|
end
|
2009-11-30 21:15:06 +00:00
|
|
|
|
2007-01-05 05:22:39 +00:00
|
|
|
return nil
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Set the associated header value.
|
|
|
|
|
#
|
|
|
|
|
def []=(key, value)
|
|
|
|
|
self.headers[key] = value
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Parses the supplied buffer. Returns one of the two parser processing
|
2005-11-15 05:22:13 +00:00
|
|
|
# codes (Completed, Partial, or Error).
|
2005-07-24 20:53:54 +00:00
|
|
|
#
|
|
|
|
|
def parse(buf)
|
2007-05-03 20:01:29 +00:00
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
# Append the incoming buffer to the buffer queue.
|
2009-11-30 21:15:06 +00:00
|
|
|
self.bufq += buf.to_s
|
2005-07-24 20:53:54 +00:00
|
|
|
|
|
|
|
|
begin
|
2009-11-30 21:15:06 +00:00
|
|
|
|
|
|
|
|
# Process the header
|
|
|
|
|
if(self.state == ParseState::ProcessingHeader)
|
|
|
|
|
parse_header
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
2009-11-30 21:15:06 +00:00
|
|
|
|
|
|
|
|
# Continue on to the body if the header was processed
|
|
|
|
|
if(self.state == ParseState::ProcessingBody)
|
2010-12-11 07:37:09 +00:00
|
|
|
# Chunked encoding sets the parsing state on its own
|
|
|
|
|
if (self.body_bytes_left == 0 and not self.transfer_chunked)
|
2007-05-03 20:01:29 +00:00
|
|
|
self.state = ParseState::Completed
|
|
|
|
|
else
|
|
|
|
|
parse_body
|
|
|
|
|
end
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
|
|
|
|
rescue
|
2010-08-18 22:41:07 +00:00
|
|
|
# XXX: BUG: This rescue might be a problem because it will swallow TimeoutError
|
2005-07-24 20:53:54 +00:00
|
|
|
self.error = $!
|
|
|
|
|
return ParseCode::Error
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Return completed or partial to the parsing status to the caller
|
|
|
|
|
(self.state == ParseState::Completed) ? ParseCode::Completed : ParseCode::Partial
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Reset the parsing state and buffers.
|
|
|
|
|
#
|
|
|
|
|
def reset
|
|
|
|
|
self.state = ParseState::ProcessingHeader
|
2009-11-30 21:15:06 +00:00
|
|
|
self.transfer_chunked = false
|
|
|
|
|
self.inside_chunk = false
|
2005-07-24 20:53:54 +00:00
|
|
|
self.headers.reset
|
2009-11-30 21:15:06 +00:00
|
|
|
self.bufq = ''
|
2005-07-24 20:53:54 +00:00
|
|
|
self.body = ''
|
|
|
|
|
end
|
|
|
|
|
|
2009-12-10 18:12:38 +00:00
|
|
|
#
|
|
|
|
|
# Reset the parsing state but leave the buffers.
|
|
|
|
|
#
|
|
|
|
|
def reset_except_queue
|
|
|
|
|
self.state = ParseState::ProcessingHeader
|
|
|
|
|
self.transfer_chunked = false
|
|
|
|
|
self.inside_chunk = false
|
|
|
|
|
self.headers.reset
|
|
|
|
|
self.body = ''
|
|
|
|
|
end
|
|
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
#
|
|
|
|
|
# Returns whether or not parsing has completed.
|
|
|
|
|
#
|
|
|
|
|
def completed?
|
2009-11-30 21:15:06 +00:00
|
|
|
|
|
|
|
|
return true if self.state == ParseState::Completed
|
2005-07-24 20:53:54 +00:00
|
|
|
|
|
|
|
|
# If the parser state is processing the body and there are an
|
|
|
|
|
# undetermined number of bytes left to read, we just need to say that
|
|
|
|
|
# things are completed as it's hard to tell whether or not they really
|
|
|
|
|
# are.
|
2009-11-30 21:15:06 +00:00
|
|
|
if (self.state == ParseState::ProcessingBody and self.body_bytes_left < 0)
|
|
|
|
|
return true
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
|
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
false
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
|
|
|
|
|
2006-01-27 05:33:08 +00:00
|
|
|
#
|
|
|
|
|
# Build a 'Transfer-Encoding: chunked' payload with random chunk sizes
|
|
|
|
|
#
|
|
|
|
|
def chunk(str, min_size = 1, max_size = 1000)
|
2009-10-20 17:24:33 +00:00
|
|
|
chunked = ''
|
2006-01-05 22:20:28 +00:00
|
|
|
|
2009-10-20 17:24:33 +00:00
|
|
|
# min chunk size is 1 byte
|
|
|
|
|
if (min_size < 1); min_size = 1; end
|
2006-01-05 22:20:28 +00:00
|
|
|
|
2009-10-20 17:24:33 +00:00
|
|
|
# don't be dumb
|
|
|
|
|
if (max_size < min_size); max_size = min_size; end
|
2006-01-05 22:20:28 +00:00
|
|
|
|
2009-10-20 17:24:33 +00:00
|
|
|
while (str.size > 0)
|
|
|
|
|
chunk = str.slice!(0, rand(max_size - min_size) + min_size)
|
|
|
|
|
chunked += sprintf("%x", chunk.size) + "\r\n" + chunk + "\r\n"
|
|
|
|
|
end
|
|
|
|
|
chunked += "0\r\n\r\n"
|
2006-01-27 05:33:08 +00:00
|
|
|
end
|
2006-01-05 22:20:28 +00:00
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
#
|
2005-11-15 05:22:13 +00:00
|
|
|
# Converts the packet to a string.
|
2005-07-24 20:53:54 +00:00
|
|
|
#
|
|
|
|
|
def to_s
|
2011-01-25 19:59:56 +00:00
|
|
|
content = self.body.dup
|
|
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
# Update the content length field in the header with the body length.
|
2006-01-05 22:20:28 +00:00
|
|
|
if (content)
|
2009-10-20 17:24:33 +00:00
|
|
|
if !self.compress.nil?
|
|
|
|
|
case self.compress
|
|
|
|
|
when 'gzip'
|
|
|
|
|
self.headers['Content-Encoding'] = 'gzip'
|
|
|
|
|
content = Rex::Text.gzip(content)
|
|
|
|
|
when 'deflate'
|
|
|
|
|
self.headers['Content-Encoding'] = 'deflate'
|
|
|
|
|
content = Rex::Text.zlib_deflate(content)
|
2006-01-30 17:31:32 +00:00
|
|
|
when 'none'
|
2009-11-30 21:15:06 +00:00
|
|
|
# this one is fine...
|
2009-10-20 17:24:33 +00:00
|
|
|
# when 'compress'
|
|
|
|
|
else
|
|
|
|
|
raise RuntimeError, 'Invalid Content-Encoding'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if (self.auto_cl == true && self.transfer_chunked == true)
|
2009-12-10 18:12:38 +00:00
|
|
|
raise RuntimeError, "'Content-Length' and 'Transfer-Encoding: chunked' are incompatible"
|
2009-10-20 17:24:33 +00:00
|
|
|
elsif self.auto_cl == true
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
self.headers['Content-Length'] = content.length
|
2009-10-20 17:24:33 +00:00
|
|
|
elsif self.transfer_chunked == true
|
|
|
|
|
if self.proto != '1.1'
|
|
|
|
|
raise RuntimeError, 'Chunked encoding is only available via 1.1'
|
|
|
|
|
end
|
|
|
|
|
self.headers['Transfer-Encoding'] = 'chunked'
|
|
|
|
|
content = self.chunk(content, self.chunk_min_size, self.chunk_max_size)
|
|
|
|
|
end
|
|
|
|
|
end
|
2005-07-24 20:53:54 +00:00
|
|
|
|
|
|
|
|
str = self.headers.to_s(cmd_string)
|
2009-04-30 20:38:57 +00:00
|
|
|
str += content || ''
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
2005-11-15 05:22:13 +00:00
|
|
|
# Converts the packet from a string.
|
2005-07-24 20:53:54 +00:00
|
|
|
#
|
|
|
|
|
def from_s(str)
|
|
|
|
|
reset
|
|
|
|
|
parse(str)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Returns the command string, such as:
|
|
|
|
|
#
|
|
|
|
|
# HTTP/1.0 200 OK for a response
|
|
|
|
|
#
|
|
|
|
|
# or
|
2009-11-30 21:15:06 +00:00
|
|
|
#
|
2005-07-24 20:53:54 +00:00
|
|
|
# GET /foo HTTP/1.0 for a request
|
|
|
|
|
#
|
|
|
|
|
def cmd_string
|
|
|
|
|
self.headers.cmd_string
|
|
|
|
|
end
|
|
|
|
|
|
2009-12-10 17:04:52 +00:00
|
|
|
attr_accessor :headers
|
2009-11-30 21:15:06 +00:00
|
|
|
attr_accessor :error
|
2005-07-24 20:53:54 +00:00
|
|
|
attr_accessor :state
|
|
|
|
|
attr_accessor :bufq
|
|
|
|
|
attr_accessor :body
|
|
|
|
|
attr_accessor :auto_cl
|
2005-09-15 23:37:38 +00:00
|
|
|
attr_accessor :max_data
|
2006-01-05 22:20:28 +00:00
|
|
|
attr_accessor :transfer_chunked
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
attr_accessor :compress
|
2005-09-15 23:37:38 +00:00
|
|
|
attr_reader :incomplete
|
2006-01-05 22:20:28 +00:00
|
|
|
|
2006-01-27 05:33:08 +00:00
|
|
|
attr_accessor :chunk_min_size
|
|
|
|
|
attr_accessor :chunk_max_size
|
2009-11-30 21:15:06 +00:00
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
protected
|
|
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
attr_writer :incomplete
|
2005-07-24 20:53:54 +00:00
|
|
|
attr_accessor :body_bytes_left
|
2005-09-15 23:37:38 +00:00
|
|
|
attr_accessor :inside_chunk
|
2009-11-30 21:15:06 +00:00
|
|
|
attr_accessor :keepalive
|
2005-07-24 20:53:54 +00:00
|
|
|
|
|
|
|
|
##
|
|
|
|
|
#
|
|
|
|
|
# Overridable methods
|
|
|
|
|
#
|
|
|
|
|
##
|
2009-11-30 21:15:06 +00:00
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
#
|
|
|
|
|
# Allows derived classes to split apart the command string.
|
|
|
|
|
#
|
|
|
|
|
def update_cmd_parts(str)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
#
|
|
|
|
|
# Parsing
|
|
|
|
|
#
|
|
|
|
|
##
|
|
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
def parse_header
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
head,data = self.bufq.split(/\r?\n\r?\n/, 2)
|
2011-01-25 19:59:56 +00:00
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
return if not data
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
self.headers.from_s(head)
|
|
|
|
|
self.bufq = data || ""
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
# Set the content-length to -1 as a placeholder (read until EOF)
|
|
|
|
|
self.body_bytes_left = -1
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
# Extract the content length if it was specified
|
|
|
|
|
if (self.headers['Content-Length'])
|
|
|
|
|
self.body_bytes_left = self.headers['Content-Length'].to_i
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
end
|
|
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
# Look for a chunked transfer header
|
|
|
|
|
if (self.headers['Transfer-Encoding'].to_s.downcase == 'chunked')
|
|
|
|
|
self.transfer_chunked = true
|
2009-12-10 18:12:38 +00:00
|
|
|
self.auto_cl = false
|
2009-11-30 21:15:06 +00:00
|
|
|
end
|
2005-07-24 20:53:54 +00:00
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
# Determine how to handle data when there is no length header
|
2010-08-18 22:41:07 +00:00
|
|
|
if (self.body_bytes_left == -1)
|
|
|
|
|
if (not self.transfer_chunked)
|
|
|
|
|
if (self.headers['Connection'].to_s.downcase.include?('keep-alive'))
|
|
|
|
|
# If we are using keep-alive, but have no content-length and
|
|
|
|
|
# no chunked transfer header, pretend this is the entire
|
|
|
|
|
# buffer and call it done
|
|
|
|
|
self.body_bytes_left = self.bufq.length
|
|
|
|
|
elsif (not self.headers['Content-Length'] and self.class == Rex::Proto::Http::Request)
|
|
|
|
|
# RFC 2616 says: "The presence of a message-body in a request
|
|
|
|
|
# is signaled by the inclusion of a Content-Length or
|
|
|
|
|
# Transfer-Encoding header field in the request's
|
|
|
|
|
# message-headers."
|
|
|
|
|
#
|
|
|
|
|
# So if we haven't seen either a Content-Length or a
|
|
|
|
|
# Transfer-Encoding header, there shouldn't be a message body.
|
|
|
|
|
self.body_bytes_left = 0
|
|
|
|
|
#else
|
2009-11-30 21:15:06 +00:00
|
|
|
# Otherwise we need to keep reading until EOF
|
2010-08-18 22:41:07 +00:00
|
|
|
end
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
2005-09-15 23:37:38 +00:00
|
|
|
end
|
2009-11-30 21:15:06 +00:00
|
|
|
|
|
|
|
|
# Throw an error if we didnt parse the header properly
|
|
|
|
|
if !self.headers.cmd_string
|
2005-09-15 23:37:38 +00:00
|
|
|
raise RuntimeError, "Invalid command string", caller
|
|
|
|
|
end
|
2005-07-25 02:18:37 +00:00
|
|
|
|
2009-11-30 21:15:06 +00:00
|
|
|
# Move the state into body processing
|
|
|
|
|
self.state = ParseState::ProcessingBody
|
|
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
# Allow derived classes to update the parts of the command string
|
|
|
|
|
self.update_cmd_parts(self.headers.cmd_string)
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Parses the body portion of the request.
|
|
|
|
|
#
|
|
|
|
|
def parse_body
|
2005-09-15 23:37:38 +00:00
|
|
|
# Just return if the buffer is empty
|
|
|
|
|
if (self.bufq.length == 0)
|
|
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Handle chunked transfer-encoding responses
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
if (self.transfer_chunked and self.inside_chunk != 1 and self.bufq.length)
|
2009-11-30 21:15:06 +00:00
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
# Remove any leading newlines or spaces
|
|
|
|
|
self.bufq.lstrip!
|
2009-11-30 21:15:06 +00:00
|
|
|
|
2010-06-07 23:43:32 +00:00
|
|
|
# If we didn't get a newline, then this might not be the full
|
|
|
|
|
# length, go back and get more.
|
2011-01-25 19:59:56 +00:00
|
|
|
# e.g.
|
2010-06-07 23:43:32 +00:00
|
|
|
# first packet: "200"
|
|
|
|
|
# second packet: "0\r\n\r\n<html>..."
|
|
|
|
|
if not bufq.index("\n")
|
|
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
# Extract the actual hexadecimal length value
|
2010-06-07 23:43:32 +00:00
|
|
|
clen = self.bufq.slice!(/^[a-fA-F0-9]+\r?\n/)
|
2005-12-08 05:55:44 +00:00
|
|
|
|
|
|
|
|
clen.rstrip! if (clen)
|
2011-01-25 19:59:56 +00:00
|
|
|
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
# if we happen to fall upon the end of the buffer for the next chunk len and have no data left, go get some more...
|
2009-11-30 21:15:06 +00:00
|
|
|
if clen.nil? and self.bufq.length == 0
|
|
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Invalid chunk length, exit out early
|
|
|
|
|
if clen.nil?
|
|
|
|
|
self.state = ParseState::Completed
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
|
2010-12-11 07:37:09 +00:00
|
|
|
self.body_bytes_left = clen.to_i(16)
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
if (self.body_bytes_left == 0)
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
self.bufq.sub!(/^\r?\n/s,'')
|
|
|
|
|
self.state = ParseState::Completed
|
2009-11-30 21:15:06 +00:00
|
|
|
return
|
2005-09-15 23:37:38 +00:00
|
|
|
end
|
2009-11-30 21:15:06 +00:00
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
self.inside_chunk = 1
|
|
|
|
|
end
|
|
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
# If there are bytes remaining, slice as many as we can and append them
|
|
|
|
|
# to our body state.
|
|
|
|
|
if (self.body_bytes_left > 0)
|
|
|
|
|
part = self.bufq.slice!(0, self.body_bytes_left)
|
2009-04-30 20:38:57 +00:00
|
|
|
self.body += part
|
2005-07-24 20:53:54 +00:00
|
|
|
self.body_bytes_left -= part.length
|
|
|
|
|
# Otherwise, just read it all.
|
|
|
|
|
else
|
2009-04-30 20:38:57 +00:00
|
|
|
self.body += self.bufq
|
2005-07-24 20:53:54 +00:00
|
|
|
self.bufq = ''
|
|
|
|
|
end
|
|
|
|
|
|
2005-09-15 23:37:38 +00:00
|
|
|
# Finish this chunk and move on to the next one
|
|
|
|
|
if (self.transfer_chunked and self.body_bytes_left == 0)
|
|
|
|
|
self.inside_chunk = 0
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
self.parse_body
|
|
|
|
|
return
|
2005-09-15 23:37:38 +00:00
|
|
|
end
|
|
|
|
|
|
2005-07-24 20:53:54 +00:00
|
|
|
# If there are no more bytes left, then parsing has completed and we're
|
|
|
|
|
# ready to go.
|
2010-08-18 22:41:07 +00:00
|
|
|
if (not self.transfer_chunked and self.body_bytes_left == 0)
|
* add junk pipelined request support
* fix socket creation on pipelined requests
* when a server says that the connection should be closed (Connection: closed), then close the connection, since its going to regardless, and we don't want to loose our state
* support non-standard line termination in headers. ie \n instead of \r\n
* add junk headers (X-rand: rand)
* add header folding (for evasion)
* add parse_header_re (still leaving parse_header around, though its dead code ATM) that does the right thing on non-standard line endings
* move 'gzip' to a 'compression' option
* add 'deflate' compression option (really, just raw zlib, and only firefox does deflate right)
* fix a bunch of TE:chunked decoding bugs based based on the fact that Apache doesn't always close chunks appropriately
* modify parse_body to not return state, since it doesn't always do that, and the return isn't used... self.state is.
* add TE:chunked request support
* normalize URIs in requests before saving them
* Move params out of the URI, but when the uri is requested, and the method is GET, and there are params, return a URI that has the params that are approrpiately encoded (needed for junk_params, see below)
* move request.to_s support of params to use the request params array when a POST, allows use of junk params support (see below). NOTE: If the body is provided, use the body instead of params, in case you want to hardcode the params in a POST request, eg: php_xmlrpc_eval.rb
* Add junk params when building a param list, eg: a=b becomes asdfasdf=asdrt32a&asdfad=okhgasd&a=b&hjklasdf=hkasgd
* add URI junk slash support (eg: /////foo.html)
* param splitting now supports both '&', and ';', which CGI.pm and PHP both allow
* add URI junk directory support, eg: /asdf/../foo.html
* add param encoding support, eg: param A with value '=' is A=%3d
* add URI junk self referring directory support, eg: /././foo.html
git-svn-id: file:///home/svn/incoming/trunk@3457 4d416f70-5f16-0410-b530-b9f4589650da
2006-01-27 21:57:44 +00:00
|
|
|
self.state = ParseState::Completed
|
2009-11-30 21:15:06 +00:00
|
|
|
return
|
2005-07-24 20:53:54 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
end
|
2009-01-23 21:10:58 +00:00
|
|
|
end
|
2009-11-30 21:15:06 +00:00
|
|
|
|
