cookie cleanup
This commit is contained in:
parent
ac8b53a585
commit
a22ebdf76d
|
@ -11,13 +11,17 @@ module Msf
|
|||
def initialize(name, value = nil, **attr_hash)
|
||||
if name.is_a?(::HTTP::Cookie)
|
||||
@cookie = name
|
||||
elsif name && value && attr_hash
|
||||
@cookie = ::HTTP::Cookie.new(name, value, **attr_hash)
|
||||
elsif name && value
|
||||
elsif value
|
||||
@cookie = ::HTTP::Cookie.new(name, value)
|
||||
else
|
||||
@cookie = ::HTTP::Cookie.new(name)
|
||||
end
|
||||
|
||||
attr_hash.each_pair do |k, v|
|
||||
if respond_to?("#{k}=".to_sym)
|
||||
send("#{k}=".to_sym, v)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def name
|
||||
|
@ -65,10 +69,6 @@ module Msf
|
|||
end
|
||||
end
|
||||
|
||||
def expired?(time = Time.now)
|
||||
@cookie.expired?(time)
|
||||
end
|
||||
|
||||
def path
|
||||
@cookie.path
|
||||
end
|
||||
|
@ -98,11 +98,15 @@ module Msf
|
|||
end
|
||||
|
||||
def domain
|
||||
@cookie.domain
|
||||
if @cookie.domain.nil?
|
||||
nil
|
||||
else
|
||||
@cookie.domain.to_s
|
||||
end
|
||||
end
|
||||
|
||||
def domain=(domain)
|
||||
if domain.nil? || domain.is_a?(DomainName)
|
||||
if domain.nil?
|
||||
@cookie.domain = domain
|
||||
else
|
||||
@cookie.domain = domain.to_s
|
||||
|
@ -133,6 +137,10 @@ module Msf
|
|||
end
|
||||
end
|
||||
|
||||
def expired?(time = Time.now)
|
||||
@cookie.expired?(time)
|
||||
end
|
||||
|
||||
def session?
|
||||
@cookie.session?
|
||||
end
|
||||
|
|
|
@ -40,7 +40,7 @@ module Msf
|
|||
@cookie_jar.clear
|
||||
end
|
||||
|
||||
# Removes expired cookies and returns self. If `session` is true,
|
||||
# Removes expired cookies and returns self. If `expire_all` is true,
|
||||
# all session cookies are removed as well.
|
||||
def cleanup(expire_all = false)
|
||||
@cookie_jar.cleanup(expire_all)
|
||||
|
|
|
@ -373,19 +373,19 @@ module Exploit::Remote::HttpClient
|
|||
# reads the response
|
||||
#
|
||||
# If a +Msf::Exploit::Remote::HTTP::HttpCookieJar+ instance is passed in the +opts+ dict under a 'cookie' key, said CookieJar will be used in
|
||||
# the request instead of the module +cookie_jar+
|
||||
# the request instead of the module +cookie_jar+. Any other object passed under the `cookie` key will be converted to a string using +to_s+
|
||||
# and set as the cookie header of the request.
|
||||
#
|
||||
# Passes `opts` through directly to {Rex::Proto::Http::Client#request_cgi}.
|
||||
# Set `opts['keep_cookies']` to keep cookies from responses for reuse in requests.
|
||||
# Cookies returned by the server will be stored in +cookie_jar+
|
||||
#
|
||||
# +expire_cookies+ will control if +cleanup+ is called on any passed +Msf::Exploit::Remote::HTTP::HttpCookieJar+ or the client cookiejar
|
||||
# Set `opts['expire_cookies']` to false in order to disable automatic removal of expired cookies
|
||||
#
|
||||
# @return (see Rex::Proto::Http::Client#send_recv))
|
||||
def send_request_cgi(opts = {}, timeout = 20, disconnect = true)
|
||||
if opts.has_key?('cookie')
|
||||
if opts['cookie'].is_a?(Msf::Exploit::Remote::HTTP::HttpCookieJar)
|
||||
cookie_jar.cleanup unless opts['expire_cookies'] == false
|
||||
opts.merge({ 'cookie' => opts['cookie'].cookies.join('; ') })
|
||||
else
|
||||
opts.merge({ 'cookie' => opts['cookie'].to_s })
|
||||
|
|
|
@ -256,16 +256,6 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
|||
end
|
||||
|
||||
describe 'domain' do
|
||||
describe 'DomainName' do
|
||||
it 'assigned to domain when origin is set will result in a domain based on origin.host' do
|
||||
d = DomainName(random_string)
|
||||
|
||||
cookie.domain = d
|
||||
|
||||
expect(cookie.domain).to eql(d.hostname)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'nil' do
|
||||
it 'assigned to domain when origin is not set will result in a nil domain' do
|
||||
n = nil
|
||||
|
@ -657,7 +647,7 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
|||
expect(a).to eq(false)
|
||||
end
|
||||
|
||||
it 'will return false if url without http(s) protocol is passed' do
|
||||
it 'will return false if url without http or https protocol is passed' do
|
||||
generic_uri = random_string
|
||||
|
||||
v = cookie.acceptable_from_uri?(generic_uri)
|
||||
|
@ -665,7 +655,7 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
|||
expect(v).to eq(false)
|
||||
end
|
||||
|
||||
it 'will return false if url with http(s) protocol is passed but has no host' do
|
||||
it 'will return false if url with http protocol is passed but has no host' do
|
||||
protcol = 'http://'
|
||||
|
||||
v = cookie.acceptable_from_uri?(protcol)
|
||||
|
@ -674,7 +664,16 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
|||
expect(v).to eq(false)
|
||||
end
|
||||
|
||||
it 'will return true if url with http(s) protocol is passed with a domain that matches the url domain' do
|
||||
it 'will return false if url with https protocol is passed but has no host' do
|
||||
protcol = 'https://'
|
||||
|
||||
v = cookie.acceptable_from_uri?(protcol)
|
||||
|
||||
expect(URI(protcol).is_a?(::URI::HTTP)).to eq(true)
|
||||
expect(v).to eq(false)
|
||||
end
|
||||
|
||||
it 'will return true if url with http protocol is passed with a domain that matches the url domain' do
|
||||
host = random_string
|
||||
uri = "http://#{host}/#{random_string}"
|
||||
cookie.domain = host
|
||||
|
@ -684,9 +683,47 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
|||
expect(v).to eq(true)
|
||||
end
|
||||
|
||||
it "will return domain.nil? if url with http(s) protocol is passed with a domain that doesn't match the url domain" do
|
||||
it 'will return true if url with https protocol is passed with a domain that matches the url domain' do
|
||||
host = random_string
|
||||
uri = "https://#{host}/#{random_string}"
|
||||
cookie.domain = host
|
||||
|
||||
v = cookie.acceptable_from_uri?(uri)
|
||||
|
||||
expect(v).to eq(true)
|
||||
end
|
||||
|
||||
it "will return true if url with http protocol is passed to a nil domain" do
|
||||
uri = "http://#{random_string}/#{random_string}"
|
||||
cookie.domain = rand(0..1) == 1 ? nil : random_string
|
||||
cookie.domain = nil
|
||||
|
||||
v = cookie.acceptable_from_uri?(uri)
|
||||
|
||||
expect(v).to eq(cookie.domain.nil?)
|
||||
end
|
||||
|
||||
it "will return false if url with http protocol is passed with a domain that doesn't match the cookie domain" do
|
||||
uri = "http://#{random_string}/#{random_string}"
|
||||
cookie.domain = random_string + 'cookie_domain'
|
||||
|
||||
v = cookie.acceptable_from_uri?(uri)
|
||||
|
||||
expect(v).to eq(cookie.domain.nil?)
|
||||
end
|
||||
|
||||
|
||||
it "will return true if url with https protocol is passed to a nil domain" do
|
||||
uri = "https://#{random_string}/#{random_string}"
|
||||
cookie.domain = nil
|
||||
|
||||
v = cookie.acceptable_from_uri?(uri)
|
||||
|
||||
expect(v).to eq(cookie.domain.nil?)
|
||||
end
|
||||
|
||||
it "will return false if url with https protocol is passed with a domain that doesn't match the cookie domain" do
|
||||
uri = "https://#{random_string}/#{random_string}"
|
||||
cookie.domain = random_string + 'cookie_domain'
|
||||
|
||||
v = cookie.acceptable_from_uri?(uri)
|
||||
|
||||
|
|
Loading…
Reference in New Issue