343 lines
7.2 KiB
Ruby
343 lines
7.2 KiB
Ruby
require 'rex/proto/http'
|
|
|
|
module Rex
|
|
module Proto
|
|
module Http
|
|
|
|
DefaultProtocol = '1.1'
|
|
|
|
###
|
|
#
|
|
# This class represents an HTTP packet.
|
|
#
|
|
###
|
|
class Packet
|
|
|
|
#
|
|
# Parser processing codes
|
|
#
|
|
module ParseCode
|
|
Completed = 1
|
|
Partial = 2
|
|
Error = 3
|
|
end
|
|
|
|
#
|
|
# Parser states
|
|
#
|
|
module ParseState
|
|
ProcessingHeader = 1
|
|
ProcessingBody = 2
|
|
Completed = 3
|
|
end
|
|
|
|
require 'rex/proto/http/header'
|
|
|
|
#
|
|
# Initializes an instance of an HTTP packet.
|
|
#
|
|
def initialize()
|
|
self.headers = Header.new
|
|
self.auto_cl = true
|
|
|
|
reset
|
|
end
|
|
|
|
#
|
|
# Return the associated header value, if any.
|
|
#
|
|
def [](key)
|
|
self.headers[key]
|
|
end
|
|
|
|
#
|
|
# Set the associated header value.
|
|
#
|
|
def []=(key, value)
|
|
self.headers[key] = value
|
|
end
|
|
|
|
#
|
|
# Parses the supplied buffer. Returns one of the two parser processing
|
|
# codes (Completed, Partial, or Error).
|
|
#
|
|
def parse(buf)
|
|
|
|
# Append the incoming buffer to the buffer queue.
|
|
self.bufq += buf
|
|
|
|
begin
|
|
# If we're processing headers, do that now.
|
|
if (self.state == ParseState::ProcessingHeader)
|
|
parse_header
|
|
end
|
|
|
|
# If we're processing the body (possibly after having finished
|
|
# processing headers), do that now.
|
|
if (self.state == ParseState::ProcessingBody)
|
|
parse_body
|
|
end
|
|
rescue
|
|
self.error = $!
|
|
|
|
return ParseCode::Error
|
|
end
|
|
|
|
# Return completed or partial to the parsing status to the caller
|
|
(self.state == ParseState::Completed) ? ParseCode::Completed : ParseCode::Partial
|
|
end
|
|
|
|
#
|
|
# Reset the parsing state and buffers.
|
|
#
|
|
def reset
|
|
self.bufq = ''
|
|
self.state = ParseState::ProcessingHeader
|
|
self.headers.reset
|
|
self.body = ''
|
|
self.transfer_chunked = nil
|
|
self.inside_chunk = nil
|
|
end
|
|
|
|
#
|
|
# Returns whether or not parsing has completed.
|
|
#
|
|
def completed?
|
|
comp = false
|
|
|
|
# If the parser state is processing the body and there are an
|
|
# undetermined number of bytes left to read, we just need to say that
|
|
# things are completed as it's hard to tell whether or not they really
|
|
# are.
|
|
if ((self.state == ParseState::ProcessingBody) and
|
|
(self.body_bytes_left < 0) )
|
|
comp = true
|
|
# Or, if the parser state actually is completed, then we're good.
|
|
elsif (self.state == ParseState::Completed)
|
|
comp = true
|
|
end
|
|
|
|
return comp
|
|
end
|
|
|
|
#
|
|
# Build a 'Transfer-Encoding: chunked' payload with random chunk sizes
|
|
#
|
|
def chunk(str, min_size = 1, max_size = 1000)
|
|
chunked = ''
|
|
|
|
# min chunk size is 1 byte
|
|
if (min_size < 1); min_size = 1; end
|
|
|
|
# don't be dumb
|
|
if (max_size < min_size); max_size = min_size; end
|
|
|
|
while (str.size > 0)
|
|
chunk = str.slice!(0, rand(max_size - min_size) + min_size)
|
|
chunked += sprintf("%x", chunk.size) + "\r\n" + chunk + "\r\n"
|
|
end
|
|
chunked += "0\r\n\r\n"
|
|
end
|
|
|
|
#
|
|
# Converts the packet to a string.
|
|
#
|
|
def to_s
|
|
content = self.body.dup
|
|
# Update the content length field in the header with the body length.
|
|
if (content)
|
|
if (self.auto_cl == true && self.transfer_chunked == true)
|
|
raise RuntimeError, "'Content-Length' and 'Transfer-Encoding: chunked' are incompatable"
|
|
elsif self.auto_cl == true
|
|
self.headers['Content-Length'] = content.length
|
|
elsif self.transfer_chunked == true
|
|
if self.proto != '1.1'
|
|
raise RuntimeError, 'Chunked encoding is only available via 1.1'
|
|
end
|
|
self.headers['Transfer-Encoding'] = 'chunked'
|
|
content = self.chunk(content, self.chunk_min_size, self.chunk_max_size)
|
|
end
|
|
end
|
|
|
|
str = self.headers.to_s(cmd_string)
|
|
str += content || ''
|
|
end
|
|
|
|
#
|
|
# Converts the packet from a string.
|
|
#
|
|
def from_s(str)
|
|
reset
|
|
|
|
parse(str)
|
|
end
|
|
|
|
#
|
|
# Returns the command string, such as:
|
|
#
|
|
# HTTP/1.0 200 OK for a response
|
|
#
|
|
# or
|
|
#
|
|
# GET /foo HTTP/1.0 for a request
|
|
#
|
|
def cmd_string
|
|
self.headers.cmd_string
|
|
end
|
|
|
|
attr_reader :headers
|
|
attr_reader :error
|
|
attr_accessor :state
|
|
attr_accessor :bufq
|
|
attr_accessor :body
|
|
attr_accessor :auto_cl
|
|
attr_accessor :max_data
|
|
attr_accessor :transfer_chunked
|
|
attr_reader :incomplete
|
|
|
|
attr_accessor :chunk_min_size
|
|
attr_accessor :chunk_max_size
|
|
|
|
protected
|
|
|
|
attr_writer :headers
|
|
attr_writer :error
|
|
attr_writer :incomplete
|
|
attr_accessor :body_bytes_left
|
|
attr_accessor :inside_chunk
|
|
|
|
##
|
|
#
|
|
# Overridable methods
|
|
#
|
|
##
|
|
|
|
#
|
|
# Allows derived classes to split apart the command string.
|
|
#
|
|
def update_cmd_parts(str)
|
|
end
|
|
|
|
##
|
|
#
|
|
# Parsing
|
|
#
|
|
##
|
|
|
|
#
|
|
# Parses the header portion of the request.
|
|
#
|
|
def parse_header
|
|
|
|
# Does the buffer queue contain the entire header? If so, parse it and
|
|
# transition to the body parsing phase.
|
|
idx = self.bufq.index(/\r*\n\r*\n/)
|
|
|
|
if (idx and idx >= 0)
|
|
# Extract the header block
|
|
head = self.bufq.slice!(0, idx + 4)
|
|
|
|
# Serialize the headers
|
|
self.headers.from_s(head)
|
|
|
|
# Extract the content length, if any.
|
|
if (self.headers['Content-Length'])
|
|
self.body_bytes_left = self.headers['Content-Length'].to_i
|
|
else
|
|
self.body_bytes_left = -1
|
|
end
|
|
|
|
if (self.headers['Transfer-Encoding'])
|
|
self.transfer_chunked = 1 if self.headers['Transfer-Encoding'] =~ /chunked/i
|
|
end
|
|
|
|
connection = self.headers['Connection']
|
|
comp_on_close = false
|
|
|
|
if (connection and connection == 'close')
|
|
comp_on_close = true
|
|
end
|
|
|
|
# Change states to processing the body if we have a content length of
|
|
# the connection type is close.
|
|
if ((self.body_bytes_left > 0) or (comp_on_close) or self.transfer_chunked)
|
|
self.state = ParseState::ProcessingBody
|
|
else
|
|
self.state = ParseState::Completed
|
|
end
|
|
else
|
|
return ParseState::ProcessingHeader
|
|
end
|
|
|
|
# No command string? Wack.
|
|
if (self.headers.cmd_string == nil)
|
|
raise RuntimeError, "Invalid command string", caller
|
|
end
|
|
|
|
# Allow derived classes to update the parts of the command string
|
|
self.update_cmd_parts(self.headers.cmd_string)
|
|
|
|
end
|
|
|
|
#
|
|
# Parses the body portion of the request.
|
|
#
|
|
def parse_body
|
|
|
|
# Just return if the buffer is empty
|
|
if (self.bufq.length == 0)
|
|
return
|
|
end
|
|
|
|
# Handle chunked transfer-encoding responses
|
|
if (self.transfer_chunked and self.inside_chunk != 1 and self.bufq.length)
|
|
|
|
# Remove any leading newlines or spaces
|
|
self.bufq.lstrip!
|
|
|
|
# Extract the actual hexadecimal length value
|
|
clen = self.bufq.slice!(/.*\r*\n/)
|
|
|
|
clen.rstrip! if (clen)
|
|
|
|
self.body_bytes_left = clen.hex
|
|
if (self.body_bytes_left == 0)
|
|
self.bufq.rstrip!
|
|
return self.state = ParseState::Completed
|
|
end
|
|
|
|
self.inside_chunk = 1
|
|
end
|
|
|
|
# If there are bytes remaining, slice as many as we can and append them
|
|
# to our body state.
|
|
if (self.body_bytes_left > 0)
|
|
part = self.bufq.slice!(0, self.body_bytes_left)
|
|
|
|
self.body += part
|
|
self.body_bytes_left -= part.length
|
|
# Otherwise, just read it all.
|
|
else
|
|
self.body += self.bufq
|
|
self.bufq = ''
|
|
end
|
|
|
|
# Finish this chunk and move on to the next one
|
|
if (self.transfer_chunked and self.body_bytes_left == 0)
|
|
self.inside_chunk = 0
|
|
return self.parse_body
|
|
end
|
|
|
|
# If there are no more bytes left, then parsing has completed and we're
|
|
# ready to go.
|
|
if (self.transfer_chunked != 1 and self.body_bytes_left <= 0)
|
|
return self.state = ParseState::Completed
|
|
end
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
end
|
|
end
|