Christian Mehlmauer
3c260ea452
fix #7921 , HttpTrace and chunked encoding
2017-04-05 22:58:11 +02:00
Brent Cook
f69b4a330e
handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations
2017-01-22 10:20:03 -06:00
wchen-r7
180795f209
Fix #7743 , nil @cnonce in rex/proto/http/client.rb
...
Fix #7743
2017-01-04 11:50:31 -06:00
Jin Qian
cdc82891d8
Fix the issue 7593 where I get a stacktrace when running module auxiliary/scanner/http/blind_sql_query
...
Add a guard against the case when opts['vars_get'] is nil
2016-11-21 17:39:09 -06:00
Brent Cook
1d4b0de560
Land #6616 , Added an Outlook EWS NTLM login module.
2016-09-09 11:43:52 -05:00
James Lee
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
.
2016-07-07 15:00:41 -05:00
James Lee
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8
, reversing
changes made to e3e360cc83
.
2016-07-05 15:22:44 -05:00
James Lee
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
James Lee
039e8f5899
Use rubyntlm for HTTP Negotiate auth
2016-06-22 10:15:22 -05:00
Adam Cammack
fda4c62c1f
Respect SSLCipher in server mixins
...
This allows us to set a sane cipher spec for SSL-enabled server modules.
2016-05-20 16:59:36 -05:00
wchen-r7
d4b89edf9c
Fix #6398 , Missing Content-Length header in HTTP POST
...
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).
Fix #6398
2016-04-28 11:44:10 -05:00
rwhitcroft
4b10331cf0
style fixups
2016-03-01 10:18:25 -05:00
wchen-r7
bff4b4d5fc
Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP
...
This patches changes two things:
1. If a module has a custom Content-Length, it will respect that
instead of forcing its own.
2. If a request does not have anything in the body, the
Content-Length header will not be set.
Fix #6609
Fix #6587
2016-02-29 10:50:21 -06:00
rwhitcroft
f735a904ff
create owa_ews_login module, modify HttpClient to accept preferred_auth option
2016-02-28 22:01:05 -05:00
wchen-r7
d6921fa133
Add Atlassian HipChat for Jira Plugin Velocity Template Injection
...
CVE-2015-5603
Also fixes a bug in response.rb (Fix #6254 )
2015-11-18 11:34:25 -06:00
wchen-r7
f6b9f38326
This method is not needed because Nokogiri does that already
2015-10-23 19:38:17 -05:00
wchen-r7
065d042ec4
Update doc a little bit
2015-10-21 16:29:27 -05:00
wchen-r7
12cdd786a6
Add more Nokogiri and RKelly support for Rex::Proto::Http::Response
...
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
2015-10-21 16:26:31 -05:00
Jon Hart
407d701fd9
Remove unnecessary version_random_case option
2015-08-20 10:05:16 -07:00
Jon Hart
2e4944b8ec
Remove unnecessary version_random_case option
2015-08-20 10:05:04 -07:00
Brent Cook
015d045730
read max_size bytes at a time
2015-08-18 15:56:57 -05:00
Brent Cook
c3438955d4
Land #5169 , stop reading when the HTTP socket is closed
2015-05-01 11:40:49 -05:00
rwhitcroft
70f94bbd96
break loop if socket is closed
2015-04-21 11:09:17 -04:00
wchen-r7
f280e5191b
I forgot to move this require statement
2015-04-16 21:11:09 -05:00
wchen-r7
3493d25ff9
Move all this to Rex
2015-04-16 21:07:23 -05:00
rwhitcroft
602e9c8df1
Update client.rb
2015-04-16 16:06:16 -04:00
rwhitcroft
6ef86b69a7
Fix loop spinning in HttpClient
2015-04-16 10:49:47 -04:00
William Vu
5eec07d4d1
Fix duplicate hash key "jpeg"
...
In lib/rex/proto/http/server.rb.
2015-02-24 05:19:42 -06:00
Christian Mehlmauer
4f11dc009a
fixes #4490 , class.to_s should not be used for checks
2014-12-31 10:46:24 +01:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
James Lee
f68628c487
Add minimal specs for rex/proto/http/packet/header
2014-09-12 14:30:27 -05:00
HD Moore
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
jvazquez-r7
f51feb7f52
Modify get_cookies regular expression
2014-07-06 13:22:31 -05:00
HD Moore
43d65cc93a
Merge branch 'master' into feature/recog
...
Resolves conflicts:
Gemfile
data/js/detect/os.js
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-07-06 09:17:44 -05:00
William Vu
0133e861f8
Fix typo
2014-05-26 23:55:20 -05:00
Christian Mehlmauer
da0a9f66ea
Resolved all msftidy vars_get warnings
2014-05-25 19:29:39 +02:00
HD Moore
a844b5c30a
Merge branch 'master' of github.com:hmoore-r7/metasploit-framework into feature/recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
2014-05-18 10:50:32 -05:00
James Lee
472f029576
Fix random bug when workstation_name is < 6 chars
...
When the local workstation name is less than 6 characters, remote
authentication against a Windows 2008r2 WinRM service always fails. This
doesn't seem to affect authentication against IIS's negotiate
implementation.
2014-05-15 13:27:37 -05:00
Jeff Jarmoc
2849a1bc0c
Update comment again
2014-05-12 13:10:20 -05:00
Jeff Jarmoc
a3cc499a17
Update comment w/ all modes
2014-05-12 13:02:54 -05:00
Jeff Jarmoc
5f523e8a04
Rex::Text::uri_encode - make 'hex-all' really mean all.
...
'hex-all' encoding was previously ignoring slashes.
This pull adds 'hex-noslashes' mode which carries forward the previous functionality, and replaces all existing references to 'hex-all' with 'hex-noslashes' It then adds a replacement 'hex-all' mode, which really encodes *ALL* characters.
2014-05-12 11:26:27 -05:00
joev
42d59d269e
Check #closed? instead of rescuing.
2014-04-03 14:20:48 -05:00
joev
98628b814e
Prevent Rex::Proto::Http::Client from raising on close.
2014-04-03 11:36:18 -05:00
HD Moore
7e227581a7
Rework OS fingerprinting to match Recog changes
...
This commit changes how os_name and os_flavor are handled
for client-side exploits, matching recent changes to the
server-side exploits and scanner fingerprints.
This commit also updates the client-side fingerprinting to
take into account Windows 8.1 and IE 9, 10, and 11.
2014-04-01 08:14:58 -07:00
jvazquez-r7
57320a59f1
Do small clean up for mediawiki_thumb pr
2014-02-10 08:57:09 -06:00
Joe Vennix
e10f9cc518
More whitespace fixes.
2013-11-20 15:07:51 -06:00
Joe Vennix
3ff9da5643
Remove compression options from client sockets.
...
I couldn't verify that it was working, as it always sends 1 compression type of NULL.
2013-11-20 14:41:45 -06:00
Joe Vennix
b70b594a2a
Kill extraneous comma.
2013-11-20 13:47:47 -06:00
Joe Vennix
a7b01e3b72
Put initialize params back on one line, and move attr_accessors.
...
As per @hdm's feedback
2013-11-20 12:29:09 -06:00
Joe Vennix
9f103f8621
Whitespace tweak.
2013-11-20 01:15:15 -06:00