Move under Msf::WebServices namespace

GSoC/Meterpreter_Web_Console
Matthew Kienow 2018-10-23 23:46:40 -04:00
parent 1cb23301a6
commit e144cc6738
No known key found for this signature in database
GPG Key ID: 40787F8B1EAC6E41
3 changed files with 83 additions and 79 deletions

View File

@ -8,60 +8,62 @@ require 'msf/core/web_services/servlet_helper'
require 'msf/core/web_services/servlet/auth_servlet'
require 'msf/core/web_services/servlet/json_rpc_servlet'
class JsonRpcApp < Sinatra::Base
helpers ServletHelper
helpers Msf::RPC::JSON::DispatcherHelper
module Msf::WebServices
class JsonRpcApp < Sinatra::Base
helpers ServletHelper
helpers Msf::RPC::JSON::DispatcherHelper
# Servlet registration
register AuthServlet
register JsonRpcServlet
# Servlet registration
register AuthServlet
register JsonRpcServlet
set :framework, Msf::Simple::Framework.create({})
set :dispatchers, {}
set :framework, Msf::Simple::Framework.create({})
set :dispatchers, {}
configure do
set :sessions, {key: 'msf-ws.session', expire_after: 300}
set :session_secret, ENV.fetch('MSF_WS_SESSION_SECRET') { SecureRandom.hex(16) }
end
before do
# store DBManager in request environment so that it is available to Warden
request.env['msf.db_manager'] = get_db
# store flag indicating whether authentication is initialized in the request environment
@@auth_initialized ||= get_db.users({}).count > 0
request.env['msf.auth_initialized'] = @@auth_initialized
end
use Warden::Manager do |config|
# failed authentication is handled by this application
config.failure_app = self
# don't intercept 401 responses since the app will provide custom failure messages
config.intercept_401 = false
config.default_scope = :api
config.scope_defaults :user,
# whether to persist the result in the session or not
store: true,
# list of strategies to use
strategies: [:password],
# action (route) of the failure application
action: "#{AuthServlet.api_unauthenticated_path}/user"
config.scope_defaults :api,
# whether to persist the result in the session or not
store: false,
# list of strategies to use
strategies: [:api_token],
# action (route) of the failure application
action: AuthServlet.api_unauthenticated_path
config.scope_defaults :admin_api,
# whether to persist the result in the session or not
store: false,
# list of strategies to use
strategies: [:admin_api_token],
# action (route) of the failure application
action: AuthServlet.api_unauthenticated_path
end
configure do
set :sessions, {key: 'msf-ws.session', expire_after: 300}
set :session_secret, ENV.fetch('MSF_WS_SESSION_SECRET') { SecureRandom.hex(16) }
end
before do
# store DBManager in request environment so that it is available to Warden
request.env['msf.db_manager'] = get_db
# store flag indicating whether authentication is initialized in the request environment
@@auth_initialized ||= get_db.users({}).count > 0
request.env['msf.auth_initialized'] = @@auth_initialized
end
use Warden::Manager do |config|
# failed authentication is handled by this application
config.failure_app = self
# don't intercept 401 responses since the app will provide custom failure messages
config.intercept_401 = false
config.default_scope = :api
config.scope_defaults :user,
# whether to persist the result in the session or not
store: true,
# list of strategies to use
strategies: [:password],
# action (route) of the failure application
action: "#{AuthServlet.api_unauthenticated_path}/user"
config.scope_defaults :api,
# whether to persist the result in the session or not
store: false,
# list of strategies to use
strategies: [:api_token],
# action (route) of the failure application
action: AuthServlet.api_unauthenticated_path
config.scope_defaults :admin_api,
# whether to persist the result in the session or not
store: false,
# list of strategies to use
strategies: [:admin_api_token],
# action (route) of the failure application
action: AuthServlet.api_unauthenticated_path
end
end

View File

@ -1,34 +1,36 @@
require 'msf/core/rpc'
module JsonRpcServlet
module Msf::WebServices
module JsonRpcServlet
def self.api_path
'/api/:version/json-rpc'
end
def self.api_path
'/api/:version/json-rpc'
end
def self.registered(app)
app.post JsonRpcServlet.api_path, &post_rpc
end
def self.registered(app)
app.post JsonRpcServlet.api_path, &post_rpc
end
#######
private
#######
#######
private
#######
# Process JSON-RPC request
def self.post_rpc
lambda {
warden.authenticate!
begin
body = request.body.read
tmp_params = sanitize_params(params)
data = get_dispatcher(settings.dispatchers, tmp_params[:version].to_sym, settings.framework).process(body)
set_raw_response(data)
rescue => e
print_error("There was an error executing the RPC: #{e.message}.", e)
error = Msf::RPC::JSON::Dispatcher.create_error_response(Msf::RPC::JSON::InternalError.new(e))
data = Msf::RPC::JSON::Dispatcher.to_json(error)
set_raw_response(data, code: 500)
end
}
# Process JSON-RPC request
def self.post_rpc
lambda {
warden.authenticate!
begin
body = request.body.read
tmp_params = sanitize_params(params)
data = get_dispatcher(settings.dispatchers, tmp_params[:version].to_sym, framework).process(body)
set_raw_response(data)
rescue => e
print_error("There was an error executing the RPC: #{e.message}.", e)
error = Msf::RPC::JSON::Dispatcher.create_error_response(Msf::RPC::JSON::InternalError.new(e))
data = Msf::RPC::JSON::Dispatcher.to_json(error)
set_raw_response(data, code: 500)
end
}
end
end
end

View File

@ -18,4 +18,4 @@ end
# Note: setup Rails environment before calling require
require 'msf/core/web_services/json_rpc_app'
run JsonRpcApp
run Msf::WebServices::JsonRpcApp