cookie cleanup
This commit is contained in:
parent
ac8b53a585
commit
a22ebdf76d
|
@ -11,13 +11,17 @@ module Msf
|
||||||
def initialize(name, value = nil, **attr_hash)
|
def initialize(name, value = nil, **attr_hash)
|
||||||
if name.is_a?(::HTTP::Cookie)
|
if name.is_a?(::HTTP::Cookie)
|
||||||
@cookie = name
|
@cookie = name
|
||||||
elsif name && value && attr_hash
|
elsif value
|
||||||
@cookie = ::HTTP::Cookie.new(name, value, **attr_hash)
|
|
||||||
elsif name && value
|
|
||||||
@cookie = ::HTTP::Cookie.new(name, value)
|
@cookie = ::HTTP::Cookie.new(name, value)
|
||||||
else
|
else
|
||||||
@cookie = ::HTTP::Cookie.new(name)
|
@cookie = ::HTTP::Cookie.new(name)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
attr_hash.each_pair do |k, v|
|
||||||
|
if respond_to?("#{k}=".to_sym)
|
||||||
|
send("#{k}=".to_sym, v)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def name
|
def name
|
||||||
|
@ -65,10 +69,6 @@ module Msf
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def expired?(time = Time.now)
|
|
||||||
@cookie.expired?(time)
|
|
||||||
end
|
|
||||||
|
|
||||||
def path
|
def path
|
||||||
@cookie.path
|
@cookie.path
|
||||||
end
|
end
|
||||||
|
@ -98,11 +98,15 @@ module Msf
|
||||||
end
|
end
|
||||||
|
|
||||||
def domain
|
def domain
|
||||||
@cookie.domain
|
if @cookie.domain.nil?
|
||||||
|
nil
|
||||||
|
else
|
||||||
|
@cookie.domain.to_s
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def domain=(domain)
|
def domain=(domain)
|
||||||
if domain.nil? || domain.is_a?(DomainName)
|
if domain.nil?
|
||||||
@cookie.domain = domain
|
@cookie.domain = domain
|
||||||
else
|
else
|
||||||
@cookie.domain = domain.to_s
|
@cookie.domain = domain.to_s
|
||||||
|
@ -133,6 +137,10 @@ module Msf
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def expired?(time = Time.now)
|
||||||
|
@cookie.expired?(time)
|
||||||
|
end
|
||||||
|
|
||||||
def session?
|
def session?
|
||||||
@cookie.session?
|
@cookie.session?
|
||||||
end
|
end
|
||||||
|
|
|
@ -40,7 +40,7 @@ module Msf
|
||||||
@cookie_jar.clear
|
@cookie_jar.clear
|
||||||
end
|
end
|
||||||
|
|
||||||
# Removes expired cookies and returns self. If `session` is true,
|
# Removes expired cookies and returns self. If `expire_all` is true,
|
||||||
# all session cookies are removed as well.
|
# all session cookies are removed as well.
|
||||||
def cleanup(expire_all = false)
|
def cleanup(expire_all = false)
|
||||||
@cookie_jar.cleanup(expire_all)
|
@cookie_jar.cleanup(expire_all)
|
||||||
|
|
|
@ -373,19 +373,19 @@ module Exploit::Remote::HttpClient
|
||||||
# reads the response
|
# reads the response
|
||||||
#
|
#
|
||||||
# If a +Msf::Exploit::Remote::HTTP::HttpCookieJar+ instance is passed in the +opts+ dict under a 'cookie' key, said CookieJar will be used in
|
# If a +Msf::Exploit::Remote::HTTP::HttpCookieJar+ instance is passed in the +opts+ dict under a 'cookie' key, said CookieJar will be used in
|
||||||
# the request instead of the module +cookie_jar+
|
# the request instead of the module +cookie_jar+. Any other object passed under the `cookie` key will be converted to a string using +to_s+
|
||||||
|
# and set as the cookie header of the request.
|
||||||
#
|
#
|
||||||
# Passes `opts` through directly to {Rex::Proto::Http::Client#request_cgi}.
|
# Passes `opts` through directly to {Rex::Proto::Http::Client#request_cgi}.
|
||||||
# Set `opts['keep_cookies']` to keep cookies from responses for reuse in requests.
|
# Set `opts['keep_cookies']` to keep cookies from responses for reuse in requests.
|
||||||
# Cookies returned by the server will be stored in +cookie_jar+
|
# Cookies returned by the server will be stored in +cookie_jar+
|
||||||
#
|
#
|
||||||
# +expire_cookies+ will control if +cleanup+ is called on any passed +Msf::Exploit::Remote::HTTP::HttpCookieJar+ or the client cookiejar
|
# Set `opts['expire_cookies']` to false in order to disable automatic removal of expired cookies
|
||||||
#
|
#
|
||||||
# @return (see Rex::Proto::Http::Client#send_recv))
|
# @return (see Rex::Proto::Http::Client#send_recv))
|
||||||
def send_request_cgi(opts = {}, timeout = 20, disconnect = true)
|
def send_request_cgi(opts = {}, timeout = 20, disconnect = true)
|
||||||
if opts.has_key?('cookie')
|
if opts.has_key?('cookie')
|
||||||
if opts['cookie'].is_a?(Msf::Exploit::Remote::HTTP::HttpCookieJar)
|
if opts['cookie'].is_a?(Msf::Exploit::Remote::HTTP::HttpCookieJar)
|
||||||
cookie_jar.cleanup unless opts['expire_cookies'] == false
|
|
||||||
opts.merge({ 'cookie' => opts['cookie'].cookies.join('; ') })
|
opts.merge({ 'cookie' => opts['cookie'].cookies.join('; ') })
|
||||||
else
|
else
|
||||||
opts.merge({ 'cookie' => opts['cookie'].to_s })
|
opts.merge({ 'cookie' => opts['cookie'].to_s })
|
||||||
|
|
|
@ -256,16 +256,6 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'domain' do
|
describe 'domain' do
|
||||||
describe 'DomainName' do
|
|
||||||
it 'assigned to domain when origin is set will result in a domain based on origin.host' do
|
|
||||||
d = DomainName(random_string)
|
|
||||||
|
|
||||||
cookie.domain = d
|
|
||||||
|
|
||||||
expect(cookie.domain).to eql(d.hostname)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe 'nil' do
|
describe 'nil' do
|
||||||
it 'assigned to domain when origin is not set will result in a nil domain' do
|
it 'assigned to domain when origin is not set will result in a nil domain' do
|
||||||
n = nil
|
n = nil
|
||||||
|
@ -657,7 +647,7 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
||||||
expect(a).to eq(false)
|
expect(a).to eq(false)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'will return false if url without http(s) protocol is passed' do
|
it 'will return false if url without http or https protocol is passed' do
|
||||||
generic_uri = random_string
|
generic_uri = random_string
|
||||||
|
|
||||||
v = cookie.acceptable_from_uri?(generic_uri)
|
v = cookie.acceptable_from_uri?(generic_uri)
|
||||||
|
@ -665,7 +655,7 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
||||||
expect(v).to eq(false)
|
expect(v).to eq(false)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'will return false if url with http(s) protocol is passed but has no host' do
|
it 'will return false if url with http protocol is passed but has no host' do
|
||||||
protcol = 'http://'
|
protcol = 'http://'
|
||||||
|
|
||||||
v = cookie.acceptable_from_uri?(protcol)
|
v = cookie.acceptable_from_uri?(protcol)
|
||||||
|
@ -674,7 +664,16 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
||||||
expect(v).to eq(false)
|
expect(v).to eq(false)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'will return true if url with http(s) protocol is passed with a domain that matches the url domain' do
|
it 'will return false if url with https protocol is passed but has no host' do
|
||||||
|
protcol = 'https://'
|
||||||
|
|
||||||
|
v = cookie.acceptable_from_uri?(protcol)
|
||||||
|
|
||||||
|
expect(URI(protcol).is_a?(::URI::HTTP)).to eq(true)
|
||||||
|
expect(v).to eq(false)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'will return true if url with http protocol is passed with a domain that matches the url domain' do
|
||||||
host = random_string
|
host = random_string
|
||||||
uri = "http://#{host}/#{random_string}"
|
uri = "http://#{host}/#{random_string}"
|
||||||
cookie.domain = host
|
cookie.domain = host
|
||||||
|
@ -684,9 +683,47 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
|
||||||
expect(v).to eq(true)
|
expect(v).to eq(true)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "will return domain.nil? if url with http(s) protocol is passed with a domain that doesn't match the url domain" do
|
it 'will return true if url with https protocol is passed with a domain that matches the url domain' do
|
||||||
|
host = random_string
|
||||||
|
uri = "https://#{host}/#{random_string}"
|
||||||
|
cookie.domain = host
|
||||||
|
|
||||||
|
v = cookie.acceptable_from_uri?(uri)
|
||||||
|
|
||||||
|
expect(v).to eq(true)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "will return true if url with http protocol is passed to a nil domain" do
|
||||||
uri = "http://#{random_string}/#{random_string}"
|
uri = "http://#{random_string}/#{random_string}"
|
||||||
cookie.domain = rand(0..1) == 1 ? nil : random_string
|
cookie.domain = nil
|
||||||
|
|
||||||
|
v = cookie.acceptable_from_uri?(uri)
|
||||||
|
|
||||||
|
expect(v).to eq(cookie.domain.nil?)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "will return false if url with http protocol is passed with a domain that doesn't match the cookie domain" do
|
||||||
|
uri = "http://#{random_string}/#{random_string}"
|
||||||
|
cookie.domain = random_string + 'cookie_domain'
|
||||||
|
|
||||||
|
v = cookie.acceptable_from_uri?(uri)
|
||||||
|
|
||||||
|
expect(v).to eq(cookie.domain.nil?)
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
it "will return true if url with https protocol is passed to a nil domain" do
|
||||||
|
uri = "https://#{random_string}/#{random_string}"
|
||||||
|
cookie.domain = nil
|
||||||
|
|
||||||
|
v = cookie.acceptable_from_uri?(uri)
|
||||||
|
|
||||||
|
expect(v).to eq(cookie.domain.nil?)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "will return false if url with https protocol is passed with a domain that doesn't match the cookie domain" do
|
||||||
|
uri = "https://#{random_string}/#{random_string}"
|
||||||
|
cookie.domain = random_string + 'cookie_domain'
|
||||||
|
|
||||||
v = cookie.acceptable_from_uri?(uri)
|
v = cookie.acceptable_from_uri?(uri)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue