Add invisible auth to Web::HTTP

add the invisible auth support to tasos' http class
2013-02-04 13:39:40 -06:00 · 2013-02-04 13:39:40 -06:00 · 413c37e506
parent 0c57026065
commit 413c37e506
1 changed files with 10 additions and 3 deletions
--- a/lib/msf/core/auxiliary/web/http.rb
+++ b/lib/msf/core/auxiliary/web/http.rb
@ -70,6 +70,7 @@ class Auxiliary::Web::HTTP
 	attr_reader :framework

 	attr_accessor :redirect_limit
+	attr_accessor :username , :password

 	def initialize( opts = {} )
 		@opts = opts.dup
@ -85,8 +86,8 @@ class Auxiliary::Web::HTTP

 		@request_opts = {}
 		if opts[:auth].is_a? Hash
-			@request_opts['basic_auth'] = [ opts[:auth][:user].to_s + ':' +
-								opts[:auth][:password] ]. pack( 'm*' ).gsub( /\s+/, '' )
+			@username = opts[:auth][:user].to_s
+			@password = opts[:auth][:password].to_s
 		end

 		self.redirect_limit = opts[:redirect_limit] || 20
@ -106,7 +107,9 @@ class Auxiliary::Web::HTTP
 			opts[:target].port,
 			{},
 			opts[:target].ssl,
-			'SSLv23'
+			'SSLv23',
+			username,
+			password
 		)

 		c.set_config({
@ -294,6 +297,10 @@ class Auxiliary::Web::HTTP
 		opts['data'] = body if body

 		c = connect
+		if opts['username'] and opts['username'] != ''
+			c.username = opts['username'].to_s
+			c.password = opts['password'].to_s
+		end
 		Response.from_rex_response c.send_recv( c.request_cgi( opts ), timeout )
 	rescue ::Timeout::Error
 		Response.timed_out