Browse Source

Land #7183, Fix #7170 Add HttpTrace option for HttpClient

Christian Mehlmauer 3 years ago
parent
commit
009089ead7
No account linked to committer's email address
1 changed files with 50 additions and 5 deletions
  1. 50
    5
      lib/msf/core/exploit/http/client.rb

+ 50
- 5
lib/msf/core/exploit/http/client.rb View File

@@ -54,7 +54,8 @@ module Exploit::Remote::HttpClient
54 54
         Opt::SSLVersion,
55 55
         OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
56 56
         OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
57
-        OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout'])
57
+        OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout']),
58
+        OptBool.new('HttpTrace', [false, 'Show the raw HTTP requests and responses', false])
58 59
       ], self.class
59 60
     )
60 61
 
@@ -324,9 +325,30 @@ module Exploit::Remote::HttpClient
324 325
     begin
325 326
       c = connect(opts)
326 327
       r = c.request_raw(opts)
327
-      c.send_recv(r, actual_timeout)
328
-    rescue ::Errno::EPIPE, ::Timeout::Error
328
+
329
+      if datastore['HttpTrace']
330
+        print_line('#' * 20)
331
+        print_line('# Request:')
332
+        print_line('#' * 20)
333
+        print_line(r.to_s)
334
+      end
335
+
336
+      res = c.send_recv(r, actual_timeout)
337
+
338
+      if datastore['HttpTrace']
339
+        print_line('#' * 20)
340
+        print_line('# Response:')
341
+        print_line('#' * 20)
342
+        print_line(res.to_s)
343
+      end
344
+
345
+      res
346
+    rescue ::Errno::EPIPE, ::Timeout::Error => e
347
+      print_line(e.message) if datastore['HttpTrace']
329 348
       nil
349
+    rescue ::Exception => e
350
+      print_line(e.message) if datastore['HttpTrace']
351
+      raise e
330 352
     end
331 353
   end
332 354
 
@@ -343,12 +365,35 @@ module Exploit::Remote::HttpClient
343 365
       actual_timeout =  opts[:timeout] || timeout
344 366
     end
345 367
 
368
+    print_line("*" * 20) if datastore['HttpTrace']
369
+
346 370
     begin
347 371
       c = connect(opts)
348 372
       r = c.request_cgi(opts)
349
-      c.send_recv(r, actual_timeout)
350
-    rescue ::Errno::EPIPE, ::Timeout::Error
373
+
374
+      if datastore['HttpTrace']
375
+        print_line('#' * 20)
376
+        print_line('# Request:')
377
+        print_line('#' * 20)
378
+        print_line(r.to_s)
379
+      end
380
+
381
+      res = c.send_recv(r, actual_timeout)
382
+
383
+      if datastore['HttpTrace']
384
+        print_line('#' * 20)
385
+        print_line('# Response:')
386
+        print_line('#' * 20)
387
+        print_line(res.to_s)
388
+      end
389
+
390
+      res
391
+    rescue ::Errno::EPIPE, ::Timeout::Error => e
392
+      print_line(e.message) if datastore['HttpTrace']
351 393
       nil
394
+    rescue ::Exception => e
395
+      print_line(e.message) if datastore['HttpTrace']
396
+      raise e
352 397
     end
353 398
   end
354 399
 

Loading…
Cancel
Save