3c260ea452
fix #7921 , HttpTrace and chunked encoding
2017-04-05 22:58:11 +02:00
1a96fb03ae
Allow start_service to specify a resource
...
This overrides URIPATH and random_uri if opts['Path'] is specified.
2017-03-09 02:33:02 -06:00
1a0b342e68
Add srvport to HttpServer
...
This allows URIPORT to override SRVPORT.
2017-03-09 02:24:22 -06:00
b06895b604
Hide RPORT more intelligently
2017-02-08 09:40:42 -06:00
31f93de150
Update HttpClient and WordPress mixins
2017-02-06 04:40:26 -06:00
180795f209
Fix #7743 , nil @cnonce in rex/proto/http/client.rb
...
Fix #7743
2017-01-04 11:50:31 -06:00
9f4784354a
Disconnect after making the HTTP transaction in send_request_cgi
...
Add a disconnect call after cgi is done.
2016-11-23 11:20:10 -06:00
e5d3feebea
Final regex fix for jobs arch check
2016-10-29 14:10:01 +10:00
1d617ae389
Implement first pass of architecture/platform refactor
2016-10-28 07:16:05 +10:00
63d13f0f49
check if there is a stance set before checking the value
2016-10-02 19:48:49 -05:00
5a611b0ec4
use the correct scope for the Stance names
2016-09-28 13:48:28 -05:00
006c749e6a
directly check to match the former definition of aggressive?
2016-09-25 23:57:13 -04:00
a30711ddcd
Land #7279 , Use the rubyntlm gem (again)
2016-09-07 16:33:35 -05:00
226ded8d7e
Land #6921 , Support basic and form auth at the same time
2016-08-25 16:31:26 -05:00
61f1e7e9c2
Add server_port to HTTP fingerprint
...
MS-1982
2016-08-24 13:24:24 -05:00
91417e62a8
Cleanup docs
2016-08-18 10:40:32 -05:00
498657ab35
Fix #3860 , tearing down TCP connection for send_request_cgi
...
Fix #3860
2016-08-15 15:45:52 -05:00
4055fd1930
Do e.message instead of e.to_s
2016-08-05 14:12:50 -05:00
d59b6d99ee
Make the debug output more readable
2016-08-05 13:20:53 -05:00
a8d9a5c02c
Print exceptions if needed
2016-08-04 18:14:22 -05:00
7538b3dcf8
Fix #7170 , Add HttpTrace option for HttpClient
...
Fix #7170
2016-08-04 16:09:17 -05:00
a0c42f5dd2
Add wordpress_url_uploads
2016-07-26 19:10:19 -05:00
cfb56211e7
Revert "Revert "Land #7009 , egypt's rubyntlm cleanup""
...
This reverts commit 1164c025a2
2016-07-07 15:00:41 -05:00
1164c025a2
Revert "Land #7009 , egypt's rubyntlm cleanup"
...
This reverts commit d90f0779f8e3e360cc83
2016-07-05 15:22:44 -05:00
4b3f6c5d29
Use rubyntlm for mssql login scanner
2016-06-22 10:15:22 -05:00
b7139da624
Clean up whitespace
2016-06-13 10:51:38 -05:00
776dd57803
get_uri missing port fix
2016-06-12 19:27:34 -05:00
61f9cc360b
Correct casing - should be HttpUsername and HttpPassword
2016-05-27 18:31:54 -05:00
4dcddb2399
Fix #4885 , Support basic and form auth at the same time
...
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.
Fix #4885
2016-05-27 16:25:42 -05:00
fda4c62c1f
Respect SSLCipher in server mixins
...
This allows us to set a sane cipher spec for SSL-enabled server modules.
2016-05-20 16:59:36 -05:00
47d52a250e
Fix #6806 and #6820 - Fix send_request_cgi! redirection
...
This patch fixes two problems:
1. 6820 - If the HTTP server returns a relative path
(example: /test), there is no host to extract, therefore the HOST
header in the HTTP request ends up being empty. When the web
server sees this, it might return an HTTP 400 Bad Request, and
the redirection fails.
2. 6806 - If the HTTP server returns a relative path that begins
with a dot, send_request_cgi! will literally send that in the
GET request. Since that isn't a valid GET request path format,
the redirection fails.
Fix #6806
Fix #6820
2016-04-25 14:30:46 -05:00
1375600780
Land #6644 , datastore validation on assignment
2016-03-17 11:16:12 -05:00
c21bad78e8
Fix some more String defaults
2016-03-16 14:13:18 -05:00
eea8fa86dc
unify the SSLVersion fields between modules and mixins
...
Also actually handle the 'Auto' option that we had in the crawler and remove
hardcoded defaults in modules that do not need them.
2016-03-06 22:06:27 -06:00
85acfabfca
remove various library workarounds for the datastore not preserving types
2016-03-05 23:10:57 -06:00
d7ba37d2e6
Msf::Exploit::Remote::HttpServer print_* fix
...
Exploit::Remote::HttpServer and every descendant utilizes the
print_prefix method which checks whether the module which mixes in
these modules is aggressive. This is done in a proc context most
of the time since its a callback on the underlying Rex HTTP server.
When modules do not define :aggressive? the resulting exceptions
are quietly swallowed, and requestors get an empty response as the
client object dies off.
Add check for response to :aggressive? in :print_prefix to address
this issue.
2016-02-21 20:20:22 -05:00
3d1861b3f4
Land #6526 , integrate {peer} string into logging by default
2016-02-15 15:19:26 -06:00
ad026b3a7a
Add #peer to Tcp
2016-01-28 13:58:24 -06:00
0871fe25e8
change text
2016-01-22 07:38:44 +01:00
e0de78280d
move SSL to the default options
2016-01-22 07:05:23 +01:00
0f7e3e954e
HttpServer's print prefix with... wait for it...
...
print_prefix
2016-01-20 13:44:18 -06:00
2cc54a7a43
Make joomla.xml go first
...
Reason is here:
https://github.com/rapid7/metasploit-framework/pull/6373#issuecomment-166446092
2015-12-21 22:59:13 -06:00
17b67b8f1b
Add trailing /
2015-12-19 17:18:34 -06:00
5ff02956c9
Lower joomla.xml
2015-12-19 13:46:13 -06:00
0fda963601
Have multiple paths to find the generator tag
2015-12-19 13:45:41 -06:00
6dada5f20f
add another we can check
...
administrator/manifests/files/joomla.xml
2015-12-19 12:06:06 -06:00
7d8ecf2341
Add Joomla mixin
2015-12-18 21:14:04 -06:00
7da3b4958e
Change mixins namespaces
2015-10-15 10:35:07 -05:00
6571a8f2c3
Move http apps mixins to the old convention folder
2015-10-15 10:22:54 -05:00
0bb9324c8d
Pass HTTP::version_random_valid and HTTP::version_random_invalid
...
Fixes #5871
2015-08-20 10:05:42 -07:00
Christian Mehlmauer