require 'rex/proto/http' module Rex module Proto module Http DefaultProtocol = '1.1' ### # # This class represents an HTTP packet. # ### class Packet # # Parser processing codes # module ParseCode Completed = 1 Partial = 2 Error = 3 end # # Parser states # module ParseState ProcessingHeader = 1 ProcessingBody = 2 Completed = 3 end require 'rex/proto/http/header' # # Initializes an instance of an HTTP packet. # def initialize() self.headers = Header.new self.auto_cl = true reset end # # Return the associated header value, if any. # def [](key) self.headers[key] end # # Set the associated header value. # def []=(key, value) self.headers[key] = value end # # Parses the supplied buffer. Returns one of the two parser processing # codes (Completed, Partial, or Error). # def parse(buf) # Append the incoming buffer to the buffer queue. self.bufq += buf begin # If we're processing headers, do that now. if (self.state == ParseState::ProcessingHeader) parse_header end # If we're processing the body (possibly after having finished # processing headers), do that now. if (self.state == ParseState::ProcessingBody) parse_body end rescue self.error = $! return ParseCode::Error end # Return completed or partial to the parsing status to the caller (self.state == ParseState::Completed) ? ParseCode::Completed : ParseCode::Partial end # # Reset the parsing state and buffers. # def reset self.bufq = '' self.state = ParseState::ProcessingHeader self.headers.reset self.body = '' self.transfer_chunked = nil self.inside_chunk = nil end # # Returns whether or not parsing has completed. # def completed? comp = false # If the parser state is processing the body and there are an # undetermined number of bytes left to read, we just need to say that # things are completed as it's hard to tell whether or not they really # are. if ((self.state == ParseState::ProcessingBody) and (self.body_bytes_left < 0) ) comp = true # Or, if the parser state actually is completed, then we're good. elsif (self.state == ParseState::Completed) comp = true end return comp end # # Build a 'Transfer-Encoding: chunked' payload with random chunk sizes # def chunk(str, min_size = 1, max_size = 1000) chunked = '' # min chunk size is 1 byte if (min_size < 1); min_size = 1; end # don't be dumb if (max_size < min_size); max_size = min_size; end while (str.size > 0) chunk = str.slice!(0, rand(max_size - min_size) + min_size) chunked += sprintf("%x", chunk.size) + "\r\n" + chunk + "\r\n" end chunked += "0\r\n\r\n" end # # Converts the packet to a string. # def to_s content = self.body.dup # Update the content length field in the header with the body length. if (content) if (self.auto_cl == true && self.transfer_chunked == true) raise RuntimeError, "'Content-Length' and 'Transfer-Encoding: chunked' are incompatable" elsif self.auto_cl == true self.headers['Content-Length'] = content.length elsif self.transfer_chunked == true if self.proto != '1.1' raise RuntimeError, 'Chunked encoding is only available via 1.1' end self.headers['Transfer-Encoding'] = 'chunked' content = self.chunk(content, self.chunk_min_size, self.chunk_max_size) end end str = self.headers.to_s(cmd_string) str += content || '' end # # Converts the packet from a string. # def from_s(str) reset parse(str) end # # Returns the command string, such as: # # HTTP/1.0 200 OK for a response # # or # # GET /foo HTTP/1.0 for a request # def cmd_string self.headers.cmd_string end attr_reader :headers attr_reader :error attr_accessor :state attr_accessor :bufq attr_accessor :body attr_accessor :auto_cl attr_accessor :max_data attr_accessor :transfer_chunked attr_reader :incomplete attr_accessor :chunk_min_size attr_accessor :chunk_max_size protected attr_writer :headers attr_writer :error attr_writer :incomplete attr_accessor :body_bytes_left attr_accessor :inside_chunk ## # # Overridable methods # ## # # Allows derived classes to split apart the command string. # def update_cmd_parts(str) end ## # # Parsing # ## # # Parses the header portion of the request. # def parse_header # Does the buffer queue contain the entire header? If so, parse it and # transition to the body parsing phase. idx = self.bufq.index(/\r*\n\r*\n/) if (idx and idx >= 0) # Extract the header block head = self.bufq.slice!(0, idx + 4) # Serialize the headers self.headers.from_s(head) # Extract the content length, if any. if (self.headers['Content-Length']) self.body_bytes_left = self.headers['Content-Length'].to_i else self.body_bytes_left = -1 end if (self.headers['Transfer-Encoding']) self.transfer_chunked = 1 if self.headers['Transfer-Encoding'] =~ /chunked/i end connection = self.headers['Connection'] comp_on_close = false if (connection and connection == 'close') comp_on_close = true end # Change states to processing the body if we have a content length of # the connection type is close. if ((self.body_bytes_left > 0) or (comp_on_close) or self.transfer_chunked) self.state = ParseState::ProcessingBody else self.state = ParseState::Completed end else return ParseState::ProcessingHeader end # No command string? Wack. if (self.headers.cmd_string == nil) raise RuntimeError, "Invalid command string", caller end # Allow derived classes to update the parts of the command string self.update_cmd_parts(self.headers.cmd_string) end # # Parses the body portion of the request. # def parse_body # Just return if the buffer is empty if (self.bufq.length == 0) return end # Handle chunked transfer-encoding responses if (self.transfer_chunked and self.inside_chunk != 1 and self.bufq.length) # Remove any leading newlines or spaces self.bufq.lstrip! # Extract the actual hexadecimal length value clen = self.bufq.slice!(/.*\r*\n/) clen.rstrip! if (clen) self.body_bytes_left = clen.hex if (self.body_bytes_left == 0) self.bufq.rstrip! return self.state = ParseState::Completed end self.inside_chunk = 1 end # If there are bytes remaining, slice as many as we can and append them # to our body state. if (self.body_bytes_left > 0) part = self.bufq.slice!(0, self.body_bytes_left) self.body += part self.body_bytes_left -= part.length # Otherwise, just read it all. else self.body += self.bufq self.bufq = '' end # Finish this chunk and move on to the next one if (self.transfer_chunked and self.body_bytes_left == 0) self.inside_chunk = 0 return self.parse_body end # If there are no more bytes left, then parsing has completed and we're # ready to go. if (self.transfer_chunked != 1 and self.body_bytes_left <= 0) return self.state = ParseState::Completed end end end end end end