adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,054 Commits 27 Branches 1,043 Tags
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
Commit Graph

278 Commits

Author SHA1 Message Date
dwelch-r7 560475ebff Land #12733, Add support for repeated key in vars_post 2020-01-27 10:36:06 +00:00
Onur ER a45e4b6d37 Update lib/rex/proto/http/client_request.rb 
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com>
 2019-12-19 20:43:30 +03:00
Onur ER b29523fc2a Added Array Handling 
Handle the repeated key query string 
https://github.com/rapid7/metasploit-framework/pull/12704#discussion_r357748834
 2019-12-16 22:01:32 +03:00
William Vu ce656a850a Update raw_headers 2019-10-31 12:16:31 -05:00
William Vu 866a1c9bed Fix Boolean validation to match our idiom 2019-10-31 11:29:43 -05:00
William Vu b9baa80823 Refactor to use config hash and new option 2019-10-31 11:11:43 -05:00
William Vu b268feda73 Allow partial response due to timeout 2019-10-29 21:25:21 -05:00
William Vu 77395749da s/infinite/indefinite/ 2019-06-25 01:00:08 -05:00
William Vu b49fa29a7f Allow true zero-second timeout in send_request_* 
Also fixes a bogus response when timeout is nil.
 2019-06-24 12:07:24 -05:00
Brent Cook e5a4c2d341 Make auto_cl more selective based on HTTP method 
According to https://tools.ietf.org/html/rfc7230#section-3.3.2, a zero content-length is valid for some kinds of HTTP methods.

Instead of implicitly disabling auto_cl if there is no actual content, disable auto_cl default for HTTP methods where semantics of the message do not anticipate any content. This can still be overridden by a caller if it still wants to add an empty content-length for HTTP methods where it does not normally make sense (e.g. if it exploits a bug.)
 2019-06-04 04:04:08 -05:00
Brent Cook 3cf375c05c if there is no content, don't include content length 2019-06-02 13:27:11 -05:00
Jacob Robles 4777fb7618 Update syntax to match 2019-04-09 20:05:00 -05:00
Jacob Robles ee23a1557e Fix duplicate host header 2019-04-09 09:08:34 -05:00
Pearce Barry ba75d19d34 Fix failing spec. 2018-01-19 15:52:25 -06:00
Pearce Barry 2a6b3671bf Add connection addr+port info to http response object. 
Update owa_login to use this instead of doing lookups on its own.
 2018-01-19 13:37:33 -06:00
Jon Hart 2e62d77e36 Add new method for fetching parsed cookies from an HTTP response 
This fixed #9332.
 2017-12-20 16:19:44 -08:00
Brent Cook 71f13db918 style updates 2017-09-26 15:58:43 -05:00
RageLtMan 8d60fdf9e7 Bug - HTTP Client can call :shutdown on closed IO 
When running Rex HTTP client calls across pivots, pivot sockets
can get closed by the remote server, resulting in a closed :conn
object within the client object. The clients :close method calls
self.conn.shutdown which raises an 'IOError closed stream' on what
is effectively a TCPSocket object in a closed state (under the Rex
abstraction).

Resolve by moving the self.conn.closed? check into the conditional
just above the :shutdown call, and remove if from the underlying
:close call as calling :close on an already closed TCPSocket
returns nil as opposed to throwing an exception like the :shutdown
method.
 2017-09-10 03:09:59 -04:00
Anderson 959f9fe2d2 Updated lib/rex/proto/http/client_request.rb to ensure that the host header is formatted 2017-06-29 12:05:02 -07:00
William Vu ee55516e06 Allow lowercase HTTP in command strings 2017-05-10 15:17:20 -05:00
William Vu 3a45c2f321 Allow complete override of Host header 2017-05-10 15:17:20 -05:00
Christian Mehlmauer 3c260ea452 fix #7921, HttpTrace and chunked encoding 2017-04-05 22:58:11 +02:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
wchen-r7 180795f209 Fix #7743, nil @cnonce in rex/proto/http/client.rb 
Fix #7743
 2017-01-04 11:50:31 -06:00
Jin Qian cdc82891d8 Fix the issue 7593 where I get a stacktrace when running module auxiliary/scanner/http/blind_sql_query 
Add a guard against the case when opts['vars_get'] is nil
 2016-11-21 17:39:09 -06:00
Brent Cook 1d4b0de560 Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
James Lee cfb56211e7 Revert "Revert "Land #7009, egypt's rubyntlm cleanup"" 
This reverts commit 1164c025a2.
 2016-07-07 15:00:41 -05:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup" 
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
 2016-07-05 15:22:44 -05:00
James Lee 4b3f6c5d29 Use rubyntlm for mssql login scanner 2016-06-22 10:15:22 -05:00
James Lee 039e8f5899 Use rubyntlm for HTTP Negotiate auth 2016-06-22 10:15:22 -05:00
Adam Cammack fda4c62c1f Respect SSLCipher in server mixins 
This allows us to set a sane cipher spec for SSL-enabled server modules.
 2016-05-20 16:59:36 -05:00
wchen-r7 d4b89edf9c Fix #6398, Missing Content-Length header in HTTP POST 
RFC-7230 states that a Content-Length header is normally sent in
a POST request even when the value (length) is 0, indicating an
empty payload body. Rex HTTP client failed to follow this spec,
and caused some modules to fail (such as winrm_login).

Fix #6398
 2016-04-28 11:44:10 -05:00
rwhitcroft 4b10331cf0 style fixups 2016-03-01 10:18:25 -05:00
wchen-r7 bff4b4d5fc Fix #6609 and #6587 - Change Content-Length behavior in Rex HTTP 
This patches changes two things:

1. If a module has a custom Content-Length, it will respect that
   instead of forcing its own.

2. If a request does not have anything in the body, the
   Content-Length header will not be set.

Fix #6609
Fix #6587
 2016-02-29 10:50:21 -06:00
rwhitcroft f735a904ff create owa_ews_login module, modify HttpClient to accept preferred_auth option 2016-02-28 22:01:05 -05:00
wchen-r7 d6921fa133 Add Atlassian HipChat for Jira Plugin Velocity Template Injection 
CVE-2015-5603

Also fixes a bug in response.rb (Fix #6254)
 2015-11-18 11:34:25 -06:00
wchen-r7 f6b9f38326 This method is not needed because Nokogiri does that already 2015-10-23 19:38:17 -05:00
wchen-r7 065d042ec4 Update doc a little bit 2015-10-21 16:29:27 -05:00
wchen-r7 12cdd786a6 Add more Nokogiri and RKelly support for Rex::Proto::Http::Response 
These new methods allow the module writer to being able to parse
HTML/XML/JSON responses properly without using regex first.
 2015-10-21 16:26:31 -05:00
Jon Hart 407d701fd9 Remove unnecessary version_random_case option 2015-08-20 10:05:16 -07:00
Jon Hart 2e4944b8ec Remove unnecessary version_random_case option 2015-08-20 10:05:04 -07:00
Brent Cook 015d045730 read max_size bytes at a time 2015-08-18 15:56:57 -05:00
Brent Cook c3438955d4 Land #5169, stop reading when the HTTP socket is closed 2015-05-01 11:40:49 -05:00
rwhitcroft 70f94bbd96 break loop if socket is closed 2015-04-21 11:09:17 -04:00
wchen-r7 f280e5191b I forgot to move this require statement 2015-04-16 21:11:09 -05:00
wchen-r7 3493d25ff9 Move all this to Rex 2015-04-16 21:07:23 -05:00
rwhitcroft 602e9c8df1 Update client.rb 2015-04-16 16:06:16 -04:00
rwhitcroft 6ef86b69a7 Fix loop spinning in HttpClient 2015-04-16 10:49:47 -04:00
William Vu 5eec07d4d1 Fix duplicate hash key "jpeg" 
In lib/rex/proto/http/server.rb.
 2015-02-24 05:19:42 -06:00
Christian Mehlmauer 4f11dc009a fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00