infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WIP: Enable HTTPS client. 

Removed RemoteServiceEndpoint and using URI instead.
GSoC/Meterpreter_Web_Console
James Barnett 2017-12-12 16:42:20 -06:00
parent 76143bdc1d
commit 74c00cf8ba
No known key found for this signature in database
GPG Key ID: 647983861A4EC5EA
5 changed files with 15 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/metasploit/framework/data_service/proxy/core.rb
View File

@ -199,7 +199,7 @@ class DataProxy
@pid = wait_t[0].pid
puts "Started process with pid #{@pid}"
endpoint = Metasploit::Framework::DataService::RemoteServiceEndpoint.new('localhost', 8080)
endpoint = URI.parse('http://localhost:8080')
remote_host_data_service = Metasploit::Framework::DataService::RemoteHTTPDataService.new(endpoint)
register_data_service(remote_host_data_service, true)
end

10
lib/metasploit/framework/data_service/remote/http/core.rb
View File

@ -20,11 +20,11 @@ class RemoteHTTPDataService
POST_REQUEST = 'POST'
#
# @param endpoint - A RemoteServiceEndpoint. Cannot be nil
# @param [String] endpoint A valid http or https URL. Cannot be nil
#
def initialize(endpoint)
validate_endpoint(endpoint)
@endpoint = endpoint
@endpoint = URI.parse(endpoint)
build_client_pool(5)
end
@ -175,7 +175,6 @@ class RemoteHTTPDataService
def validate_endpoint(endpoint)
raise 'Endpoint cannot be nil' if endpoint.nil?
raise "Endpoint: #{endpoint.class} not of type RemoteServiceEndpoint" unless endpoint.is_a?(RemoteServiceEndpoint)
end
def append_workspace(data_hash)
@ -224,7 +223,10 @@ class RemoteHTTPDataService
@client_pool = Queue.new()
(1..size).each {
http = Net::HTTP.new(@endpoint.host, @endpoint.port)
http.use_ssl = true if @endpoint.use_ssl
if @endpoint.is_a?(URI::HTTPS)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
@client_pool << http
}
end

26
lib/metasploit/framework/data_service/remote/http/remote_service_endpoint.rb
View File

@ -1,26 +0,0 @@
module Metasploit
module Framework
module DataService
class RemoteServiceEndpoint
attr_reader :host
attr_reader :port
attr_reader :use_ssl
attr_reader :ssl_version
def initialize (host, port = 80, use_ssl = false, ssl_version = 'TLS1')
raise 'host cannot be null' if host.nil?
@host = host
@port = port
@use_ssl = use_ssl
@ssl_version = use_ssl ? ssl_version : nil
end
def to_s
"host: #{@host}, port: #{@port}"
end
end
end
end
end

4
lib/metasploit/framework/data_service/remote/msf_red/msf_red_service.rb
View File

@ -42,8 +42,8 @@ class MSFRedService
end
def inject_data_service
remote_service_endpoint = Metasploit::Framework::DataService::RemoteServiceEndpoint.new(CONSOLE_SERVICE_HOST_NAME, CONSOLE_SERVICE_PORT)
remote_data_service = Metasploit::Framework::DataService::RemoteHTTPDataService.new(remote_service_endpoint)
endpoint = URI.parse("http://#{CONSOLE_SERVICE_HOST_NAME}:#{CONSOLE_SERVICE_PORT}")
remote_data_service = Metasploit::Framework::DataService::RemoteHTTPDataService.new(endpoint)
remote_data_service.set_header(SESSION_KEY_VALUE, @session_key)
data_service_manager = Metasploit::Framework::DataService::DataProxy.instance
data_service_manager.register_data_service(remote_data_service)

8
lib/msf/ui/console/command_dispatcher/db.rb
View File

@ -100,17 +100,21 @@ module Msf
end
def cmd_add_data_service(*args)
protocol = "http"
while (arg = args.shift)
case arg
when '-h'
host = args.shift
when '-p'
port = args.shift
when '-s'
protocol = "https"
args.shift
end
end
remote_service_endpoint = Metasploit::Framework::DataService::RemoteServiceEndpoint.new(host, port)
remote_data_service = Metasploit::Framework::DataService::RemoteHTTPDataService.new(remote_service_endpoint)
endpoint = "#{protocol}://#{host}:#{port}"
remote_data_service = Metasploit::Framework::DataService::RemoteHTTPDataService.new(endpoint)
data_service_manager = Metasploit::Framework::DataService::DataProxy.instance
data_service_manager.register_data_service(remote_data_service)
end