diff --git a/lib/rex/proto/http/response.rb b/lib/rex/proto/http/response.rb index 71f1c1a8ae..1a08d13264 100644 --- a/lib/rex/proto/http/response.rb +++ b/lib/rex/proto/http/response.rb @@ -67,7 +67,7 @@ class Response < Packet cookies = "" if (self.headers.include?('Set-Cookie')) set_cookies = self.headers['Set-Cookie'] - key_vals = set_cookies.scan(/\s?([^, ;]+?)=([^, ;]*?);/) + key_vals = set_cookies.scan(/\s?([^, ;]+?)=([^, ;]*?)[;,]/) key_vals.each do |k, v| # Dont downcase actual cookie name as may be case sensitive name = k.downcase diff --git a/spec/lib/rex/proto/http/response_spec.rb b/spec/lib/rex/proto/http/response_spec.rb index dc474a0877..67c23c9588 100644 --- a/spec/lib/rex/proto/http/response_spec.rb +++ b/spec/lib/rex/proto/http/response_spec.rb @@ -116,6 +116,22 @@ describe Rex::Proto::Http::Response do HEREDOC end + def get_cookies_comma_separated + <<-HEREDOC.gsub(/^ {6}/, '') + HTTP/1.1 200 OK + Expires: Thu, 26 Oct 1978 00:00:00 GMT + Content-Length: 8556 + Server: CherryPy/3.1.2 + Date: Sun, 06 Jul 2014 20:09:28 GMT + Cache-Control: no-store, max-age=0, no-cache, must-revalidate + Content-Type: text/html;charset=utf-8 + Set-Cookie: cval=880350187, session_id_8000=83466b1a1a7a27ce13d35f78155d40ca3a1e7a28; expires=Mon, 07 Jul 2014 20:09:28 GMT; httponly; Path=/, uid=348637C4-9B10-485A-BFA9-5E892432FCFD; expires=Fri, 05-Jul-2019 20:09:28 GMT + + +