* add uri-encoding as an evasion method (though, exploits could hard code it if they need to...)
git-svn-id: file:///home/svn/incoming/trunk@3516 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
16156c8aea
commit
ca315abe1b
|
@ -28,6 +28,7 @@ module Exploit::Remote::HttpClient
|
||||||
|
|
||||||
register_evasion_options(
|
register_evasion_options(
|
||||||
[
|
[
|
||||||
|
OptEnum.new('HTTP::uri_encode', [false, 'Enable URI encoding', 'none', ['none','hex-normal', 'hex-all', 'u-normal', 'u-all'], 'none']),
|
||||||
OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', 'false']),
|
OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP request via "Transfer-Encoding: chunked"', 'false']),
|
||||||
OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']),
|
OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']),
|
||||||
OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']),
|
OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']),
|
||||||
|
@ -126,6 +127,9 @@ module Exploit::Remote::HttpClient
|
||||||
|
|
||||||
request = c.request(opts)
|
request = c.request(opts)
|
||||||
|
|
||||||
|
if (datastore['HTTP::uri_encode'] && datastore['HTTP::uri_encode'] != 'none')
|
||||||
|
request.uri_encode_mode = datastore['HTTP::uri_encode']
|
||||||
|
end
|
||||||
|
|
||||||
if (datastore['HTTP::chunked'] == true)
|
if (datastore['HTTP::chunked'] == true)
|
||||||
request.auto_cl = false
|
request.auto_cl = false
|
||||||
|
|
Loading…
Reference in New Issue