infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,935 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

109 Commits (19e47d5e82d041885d08c0709b19e1f478db0ba0)

Author SHA1 Message Date
James Lee c3fa62cd59 Whitespace at EOL 2013-03-07 18:16:57 -06:00
David Maloney 6dcca7df78 Remove duplicated header issues 
Headers were getting duped back into client config, causing invalid
requests to be sent out
 2013-03-04 11:24:26 -06:00
David Maloney 6d811ce4b9 empty passwords should be allowed 2013-03-04 09:09:11 -06:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney 902948e5d3 cleanup options 2013-03-01 11:01:00 -06:00
James Lee 5a79fcd11e Ensure we build only one Authorization header 
Also fixes an issue where Host headers were generated with nil by
preferring the vhost from Client instead of the default nil from
ClientRequest.
 2013-02-28 13:47:30 -06:00
James Lee b0745b090a Msf HTTP uses this directly, can't axe it 2013-02-27 17:54:31 -06:00
James Lee 4edd46216f Refactor config -> opts 
Puts all the evasion stuff in the same place as regular HTTP options to
make it easier to deal with.
 2013-02-27 17:29:26 -06:00
James Lee d5ae54cbb6 More accurate docs 2013-02-27 16:27:37 -06:00
James Lee 7a7dd8975f Hmm, turns out something actually used that 
Despite comments to the contrary
 2013-02-26 18:16:54 -06:00
James Lee 29df20996e Move most of the configuration into ClientRequest 
Also fixes in-place modification of the query string which resulted in
duplication of the GET parameters when calling #to_s more than once.
 2013-02-26 17:38:09 -06:00
James Lee 5e0161d3f7 Reflect new ClientRequst in docs 2013-02-26 13:31:24 -06:00
James Lee 5ac20e1b02 Merge branch 'feature/http/authv2' of git://github.com/dmaloney-r7/metasploit-framework into dmaloney-r7-feature/http/authv2 
Conflicts:
	lib/rex/proto/http/client.rb
 2013-02-26 12:08:00 -06:00
David Maloney c104fa6d97 Add spec and a few fixes for set_uri 2013-02-26 11:01:16 -06:00
James Lee 1ce86b7adb Whitespace 2013-02-25 14:29:10 -06:00
David Maloney accd620843 Clean up pry 2013-02-19 23:50:30 -06:00
David Maloney b2563dd6c2 trying to clean up the mess from the revert 2013-02-19 21:25:37 -06:00
David Maloney dac1147473 merge client config into opts 2013-02-19 19:41:42 -06:00
David Maloney de4234f0ad Some more YARD docs 2013-02-19 18:48:03 -06:00
David Maloney a4905e43a2 Fix the way creds are passed + YARD 
some ayrddocs on send_auth plus fix the wierd way i was passing creds
around
 2013-02-19 18:40:39 -06:00
David Maloney 0662677a72 First minor cleanup sweep 2013-02-19 17:19:16 -06:00
David Maloney 87d9af585e fix request_raw 2013-02-17 21:35:19 -06:00
David Maloney dd26b08197 first run at Clientrequest object 
need a reliable object class for request_raw and request_cgi so that we
can manipulate requests in a safe and sane manner. It is not a eprfect
solution, but should fix what we need for the auth work.
 2013-02-17 19:25:27 -06:00
David Maloney f90fdcd5eb Missed nil check 2013-02-11 13:14:05 -06:00
David Maloney 0ccf7dd58a trust any manualy set basic auth header 
for now we will assume the module author knows what they are doing.
 2013-02-11 13:06:26 -06:00
David Maloney 84534caae1 Fix expliciti basic_auth for http 2013-02-11 10:32:44 -06:00
James Lee a15889305a Return a Request object 
Still changes the return type, but now at least .to_s will give you the
right thing and at least a Request object is a logical thing to return.
 2013-02-06 18:56:06 -06:00
David Maloney 888bb80ab6 more comments 2013-02-05 11:55:12 -06:00
David Maloney 16b4fb1faa Added some comment documentation 2013-02-05 10:36:51 -06:00
David Maloney 463a45ccaf if we don't support the auth return original res 
make sure we return the original 401 if we don't support the auth.
 2013-02-05 09:57:33 -06:00
David Maloney af6b0615fb fix pipelining 
winrm is unforgiving of pipelining from non ntlm requests into the
challenge response cycle. we must clear our initial tcp session before
starting ntlm auth for winrm
 2013-02-04 16:42:24 -06:00
David Maloney 9b84e5b3c4 Fix raw requests to work as well as cgi 2013-02-04 13:59:58 -06:00
David Maloney 9497e38ef7 Fix http login scanner 
Fix the http_login scanner to use new buitin auth
 2013-02-04 12:31:19 -06:00
David Maloney 8d817dcbb5 fix iis digest support mistake 
Digest auth working automatically
 2013-02-01 15:49:18 -06:00
David Maloney 6c12fa26bc oodles of small fixes 
Basic, NTLM and Negotiate auth all working transparently
Have to test digest auth still
 2013-02-01 15:12:11 -06:00
David Maloney 61969d575b remove mixin require, more datastore clenaup 2013-02-01 15:12:11 -06:00
David Maloney efe0947286 Start fixing datastore options 2013-02-01 15:12:11 -06:00
David Maloney ef1fc58e5e Remove mixin, start moving into Rex 
move auth awareness into rex itself
 2013-02-01 15:12:11 -06:00
HD Moore adc9532ec7 Reset this back to master's copy, fixes this pull 2012-10-28 23:13:32 -05:00
HD Moore 43fe219a05 This improves handling of 100-continue responses 2012-10-28 22:57:18 -05:00
sinn3r 1828857a63 Change conditions 
When 'encod_params' is set to true explicitly, or does not have a
value, we make sure it's true. Otherwise, false.
 2012-09-15 18:08:29 -05:00
sinn3r 0967d1bfc4 Allow modules to disable URI encoding for GET/POST variables 
Often in HTTP modules, people are forced to to use 'data' instead
of 'vars_get' or 'vars_post', because the parameters (especially
the names) are URI-encoded, and the application actually may not
recognize the names/values.  The new 'encode_params' option allows
that feature to be disabled.  However, to make sure we're not
changing existing HTTP modules' behaviors, 'encode_params' is
still true by default (which is the original behavior we've always
been using).
 2012-09-15 17:40:42 -05:00
James Lee a1cfb32f93 Fix a typo that breaks post param padding 
Corner case and doesn't really *break* things, just means you end up
with one big param instead of multiple due to missing ampersands.
 2012-07-17 12:29:28 -06:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
HD Moore 03b65c6a48 Handle cases where a user-agent was set via headers 2012-05-31 14:59:25 -05:00
James Lee 7c85a2796a Whitespace cleanup 2012-05-24 17:10:26 -06:00
James Lee 7ea5f87960 Allow proper ruby types for evasion configuration 
At some point in the distant past, the datastore was all strings and the
various option types got parsed out in the appropriate places. Then, in
the somewhat more recent past, the options started getting converted to
regular ruby types (such as TrueClass for a BOOL options, etc) earlier
in their life.  Apparently, that change broke boolean http evasions.
This commit fixes them by ensuring that +true+ is just as acceptable as
"true".

Fixes #6198, thanks Ashish for the report
 2012-01-06 20:05:29 -07:00
HD Moore 49ff9f594a Properly enclose IPv6 addresses with brackets inside of the Host header 2011-12-10 13:24:58 -06:00
HD Moore 5fec13a389 Propogate the timeout in send_recv() down to the TCP connect call as well 
git-svn-id: file:///home/svn/framework3/trunk@14021 4d416f70-5f16-0410-b530-b9f4589650da
 2011-10-21 15:41:37 +00:00
James Lee d50577066f remove some silliness of registering UserAgent as an option since it's already an advanced option for HttpClient, make the default obvious 
git-svn-id: file:///home/svn/framework3/trunk@13394 4d416f70-5f16-0410-b530-b9f4589650da
 2011-07-28 22:57:47 +00:00