From a4df6d539f3079ec2e6606b58167de900db0deba Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Wed, 18 Mar 2015 00:59:59 -0500
Subject: [PATCH] Cleanup proxy handling code (consistency & bugs)

One subtle bug was that each time a request was received, a null byte was being appended to the datastore options for PROXY_USERNAME and PROXY_PASSWORD. Eventually this would break new sessions. This change centralizes the proxy configuration and cleans up the logic.
---
 lib/msf/core/handler/reverse_http.rb | 43 ++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb
index ff7c468630..9fe563d635 100644
--- a/lib/msf/core/handler/reverse_http.rb
+++ b/lib/msf/core/handler/reverse_http.rb
@@ -158,6 +158,7 @@ module ReverseHttp
       'VirtualDirectory' => true)
 
     print_status("Started #{scheme.upcase} reverse handler on #{listener_uri}")
+    lookup_proxy_settings
   end
 
   #
@@ -175,6 +176,43 @@ module ReverseHttp
 
 protected
 
+  #
+  # Parses the proxy settings and returns a hash
+  #
+  def lookup_proxy_settings
+    info = {}
+    return @proxy_settings if @proxy_settings
+
+    if datastore['PROXY_HOST'].to_s == ""
+      @proxy_settings = info
+      return @proxy_settings
+    end
+
+    info[:host] = datastore['PROXY_HOST'].to_s
+    info[:port] = (datastore['PROXY_PORT'] || 8080).to_i
+    info[:type] = datastore['PROXY_TYPE'].to_s
+
+    if info[:port] == 80
+      info[:info] = info[:host]
+    else
+      info[:info] = "#{info[:host]}:#{info[:port]}"
+    end
+
+    if info[:type] == "HTTP"
+      info[:info] = "http://#{info[:info]}"
+      if datastore['PROXY_USERNAME'].to_s != ""
+        info[:username] = datastore['PROXY_USERNAME'].to_s
+      end
+      if datastore['PROXY_PASSWORD'].to_s != ""
+        info[:password] = datastore['PROXY_PASSWORD'].to_s
+      end
+    else
+      info[:info] = "socks=#{info[:info]}"
+    end
+
+    @proxy_settings = info
+  end
+
   #
   # Parses the HTTPS request
   #
@@ -204,9 +242,8 @@ protected
         blob.sub!('HTTP_COMMUNICATION_TIMEOUT = 300', "HTTP_COMMUNICATION_TIMEOUT = #{datastore['SessionCommunicationTimeout']}")
         blob.sub!('HTTP_USER_AGENT = None', "HTTP_USER_AGENT = '#{var_escape.call(datastore['MeterpreterUserAgent'])}'")
 
-        unless datastore['PROXY_HOST'].blank?
-          proxy_url = "http://#{datastore['PROXY_HOST']}:#{datastore['PROXY_PORT']}"
-          blob.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(proxy_url)}'")
+        if @proxy_settings[:host] && @proxy_settings[:type] == "HTTP"
+          blob.sub!('HTTP_PROXY = None', "HTTP_PROXY = '#{var_escape.call(@proxy_settings[:info])}'")
         end
 
         resp.body = blob