Merge pull request rapid7#20148 from adfoster-r7/add-additional-sni-support

Add additional sni support

Author: cgranleese-r7

Gemfile.lock

@@ -446,7 +446,7 @@ GEM
       rex-core
       rex-struct2
       rex-text
-    rex-core (0.1.33)
+    rex-core (0.1.34)
     rex-encoder (0.1.8)
       metasm
       rex-arch
@@ -476,15 +476,16 @@ GEM
       metasm
       rex-core
       rex-text
-    rex-socket (0.1.60)
+    rex-socket (0.1.61)
       dnsruby
       rex-core
-    rex-sslscan (0.1.11)
+    rex-sslscan (0.1.12)
       rex-core
       rex-socket
       rex-text
     rex-struct2 (0.1.5)
-    rex-text (0.2.60)
+    rex-text (0.2.61)
+      bigdecimal
     rex-zip (0.1.6)
       rex-text
     rexml (3.4.1)

lib/anemone/rex_http.rb

@@ -198,6 +198,7 @@ def connection(url)
     conn.set_config(
       'vhost'      => virtual_host(url),
       'agent'      => user_agent,
+      'ssl_server_name_indication' => @opts[:ssl_server_name_indication],
       'domain'     => @opts[:domain]
     )
 

lib/msf/core/auxiliary/http_crawler.rb

@@ -37,13 +37,12 @@ def initialize(info = {})
         OptInt.new('RequestTimeout', [false, 'The maximum number of seconds to wait for a reply', 15]),
         OptInt.new('RedirectLimit', [false, 'The maximum number of redirects for a single request', 5]),
         OptInt.new('RetryLimit', [false, 'The maximum number of attempts for a single request', 5]),
-        OptString.new('UserAgent', [true, 'The User-Agent header to use for all requests',
-          "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
-        ]),
+        OptString.new('UserAgent', [true, 'The User-Agent header to use for all requests', Rex::UserAgent.random]),
         OptString.new('BasicAuthUser', [false, 'The HTTP username to specify for basic authentication']),
         OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
         OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
         OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
+        OptString.new('SSLServerNameIndication', [ false, 'SSL/TLS Server Name Indication (SNI)', nil]),
         Opt::SSLVersion
       ], self.class
     )
@@ -115,6 +114,7 @@ def run
 
     t.merge!({
       :vhost    => vhost,
+      :ssl_server_name_indication  => datastore['SSLServerNameIndication'] || vhost,
       :host     => rhost,
       :port     => rport,
       :ssl      => ssl,
@@ -269,6 +269,7 @@ def crawler_process_page(t, page, cnt)
   def crawler_options(t)
     opts = {}
     opts[:user_agent]      = datastore['UserAgent']
+    opts[:ssl_server_name_indication] = datastore['SSLServerNameIndication']
     opts[:verbose]         = false
     opts[:threads]         = max_crawl_threads
     opts[:obey_robots_txt] = false

lib/msf/core/auxiliary/web/http.rb

@@ -118,6 +118,7 @@ def connect
 
     c.set_config({
       'vhost' => opts[:target].vhost,
+      'ssl_server_name_indication' => opts[:target].ssl_server_name_indication || opts[:target].vhost,
       'agent' => opts[:user_agent] || Rex::UserAgent.session_agent,
       'domain' => domain
     })

lib/msf/core/auxiliary/web/target.rb

@@ -33,6 +33,9 @@ class Auxiliary::Web::Target
   # Virtual host as a String.
   attr_accessor :vhost
 
+  # @return String SSL/TLS Server Name Indication (SNI)
+  attr_accessor :ssl_server_name_indication
+
   # String URI path.
   attr_accessor :path
 
@@ -64,6 +67,7 @@ class Auxiliary::Web::Target
   #           :port
   #           :forms
   #           :auditable
+  #           :ssl_server_name_indication
   #
   def initialize( options = {} )
     update( options )
@@ -79,6 +83,7 @@ def initialize( options = {} )
   #           :port
   #           :forms
   #           :auditable
+  #           :ssl_server_name_indication
   #
   def update( options = {} )
     options.each { |k, v| send( "#{k}=", v ) }