From 7087457f9eea2da270f5fc79aea9459f3439f80c Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 27 Feb 2007 09:15:53 +0000 Subject: [PATCH] A few more updates to the HTTP exploit mixin, still needs some work before it is completed git-svn-id: file:///home/svn/framework3/trunk@4481 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/exploit/http.rb | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/msf/core/exploit/http.rb b/lib/msf/core/exploit/http.rb index 98359585f8..2b3476bb84 100644 --- a/lib/msf/core/exploit/http.rb +++ b/lib/msf/core/exploit/http.rb @@ -34,19 +34,29 @@ module Exploit::Remote::HttpClient register_evasion_options( [ - OptEnum.new('HTTP::uri_encode', [false, 'Enable URI encoding', 'none', ['none','hex-normal', 'hex-all', 'u-normal', 'u-all'], 'hex-normal']) + OptEnum.new('HTTP::uri_encode', [false, 'Enable URI encoding', 'hex-normal', ['none', 'hex-normal', 'hex-all', 'hex-random', 'u-normal', 'u-all', 'u-random']]), + OptBool.new('HTTP::uri_full_url', [false, 'Use the full URL for all HTTP requests', false]), + OptInt.new('HTTP::pad_method_uri_count', [false, 'How many whitespace characters to use between the method and uri', 1]), + OptInt.new('HTTP::pad_uri_version_count', [false, 'How many whitespace characters to use between the uri and version', 1]), + OptEnum.new('HTTP::pad_method_uri_type', [false, 'What type of whitespace to use between the method and uri', 'space', ['space', 'tab', 'apache']]), + OptEnum.new('HTTP::pad_uri_version_type', [false, 'What type of whitespace to use between the uri and version', 'space', ['space', 'tab', 'apache']]), + OptBool.new('HTTP::method_random_valid', [false, 'Use a random, but valid, HTTP method for request', false]), + OptBool.new('HTTP::method_random_invalid', [false, 'Use a random invalid, HTTP method for request', false]), + OptBool.new('HTTP::method_random_case', [false, 'Use random casing for the HTTP method', false]), + OptBool.new('HTTP::uri_dir_self_reference', [false, 'Insert self-referential directories into the uri', false]), + OptBool.new('HTTP::uri_dir_fake_relative', [false, 'Insert fake relative directories into the uri', false]), + OptBool.new('HTTP::uri_use_backslaces', [false, 'Use back slashes instead of forward slashes in the uri ', false]), + OptBool.new('HTTP::pad_fake_headers', [false, 'Insert random, fake headers into the HTTP request', false]), + OptInt.new('HTTP::pad_fake_headers_count', [false, 'How many fake headers to insert into the HTTP request', 0]) # -# Still re-implementing the following options +# Remaining evasions to implement # - + # OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', 'false']), # OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']), -# OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']), -# OptBool.new('HTTP::junk_slashes', [false, 'Enable insertion of random junk HTTP headers', 'false']), # OptBool.new('HTTP::junk_directories', [false, 'Enable insertion of random junk directories in the URI', 'false']), # OptBool.new('HTTP::junk_params', [false, 'Enable insertion of random junk parameters', 'false']), -# OptBool.new('HTTP::junk_self_referring_directories', [false, 'Enable insertion of random self referring directories (eg: /./././)', 'false']), # OptInt.new('HTTP::junk_pipeline', [true, 'Insert the specified number of junk pipeline requests', 0]), # OptBool.new('HTTP::fake_uri_end', [false, 'Add a fake end of URI (eg: /%20HTTP/1.0/../../)', 'false']), # OptBool.new('HTTP::fake_param_start', [false, 'Add a fake start of params to the URI (eg: /%3fa=b/../)', 'false']),