WIP: Drop session objects before JSON conversion

The session object is not intended to be store in the DB.
There are a ton of subobjects and unneeded data that causes the JSON conversion
to hang or fail with 'stack level too deep' errors.

Author: jbarnett-r7

lib/metasploit/framework/data_service/proxy/session_data_proxy.rb

@@ -5,6 +5,11 @@ def report_session(opts)
       data_service.report_session(opts)
     rescue  Exception => e
       puts"Call to  #{data_service.class}#report_session threw exception: #{e.message}"
+      puts e.backtrace.each { |line| puts "#{line}\n" }
     end
   end
-end
+end
+
+
+
+

lib/metasploit/framework/data_service/remote/http/core.rb

@@ -45,6 +45,7 @@ def post_data(path, data_hash)
     begin
       raise 'Data to post to remote service cannot be null or empty' if (data_hash.nil? || data_hash.empty?)
 
+      puts "#{Time.now} - Posting #{data_hash} to #{path}"
       client =  @client_pool.pop()
       request_opts = build_request_opts(POST_REQUEST, data_hash, path)
       request = client.request_raw(request_opts)
@@ -77,6 +78,8 @@ def post_data(path, data_hash)
   #
   def get_data(path, data_hash = nil)
     begin
+
+      puts "#{Time.now} - Getting #{path} with #{data_hash ? data_hash : "nil"}"
       client =  @client_pool.pop()
       request_opts = build_request_opts(GET_REQUEST, data_hash, path)
       request = client.request_raw(request_opts)
@@ -192,11 +195,11 @@ def append_workspace(data_hash)
     end
 
     if (workspace && (workspace.is_a?(OpenStruct) || workspace.is_a?(::Mdm::Workspace)))
-      data_hash['workspace'] = workspace.name
+      data_hash[:workspace] = workspace.name
     end
 
     if (workspace.nil?)
-      data_hash['workspace'] = current_workspace_name
+      data_hash[:workspace] = current_workspace_name
     end
 
     data_hash
@@ -206,9 +209,19 @@ def build_request_opts(request_type, data_hash, path)
     request_opts = {
         'method' => request_type,
         'ctype' => 'application/json',
-        'uri' => path}
+        'uri' => path
+    }
 
     if (!data_hash.nil? && !data_hash.empty?)
+      data_hash.each do |k,v|
+        if v.is_a?(Msf::Session)
+          puts "#{Time.now} - DEBUG: Dropping Msf::Session object before converting to JSON."
+          puts "data_hash is #{data_hash}"
+          puts "Callstack:"
+          caller.each { |line| puts "#{line}\n"}
+          data_hash.delete(k)
+        end
+      end
       json_body = append_workspace(data_hash).to_json
       request_opts['data'] = json_body
     end

lib/metasploit/framework/data_service/remote/http/remote_session_data_service.rb

@@ -43,7 +43,7 @@ def parse_host_opts(msf_session)
   def parse_session_data(msf_session)
     hash = Hash.new()
     # TODO: what to do with this shiz
-    # hash[:datastore] = msf_session.exploit_datastore.to_h
+    hash[:datastore] = msf_session.exploit_datastore.to_h
     hash[:desc] = msf_session.info
     hash[:local_id] = msf_session.sid
     hash[:platform] = msf_session.session_type
@@ -58,7 +58,7 @@ def parse_host_opts(msf_session)
     hash = Hash.new()
     hash[:host] = msf_session.session_host
     hash[:arch] = msf_session.arch if msf_session.respond_to?(:arch) and msf_session.arch
-    hash[:workspace] = msf_session[:workspace] || msf_session.workspace
+    hash[:workspace] = msf_session.workspace || msf_session[:workspace]
     return hash
   end
 

lib/metasploit/framework/data_service/remote/http/remote_session_event_data_service.rb

@@ -4,7 +4,6 @@ module RemoteSessionEventDataService
   include ResponseDataHelper
 
   SESSION_EVENT_PATH = '/api/1/msf/session_event'
-  SESSION_EVENT_SEARCH_PATH = SESSION_EVENT_PATH + "/search"
 
   def session_events(opts = {})
     json_to_open_struct_object(self.get_data(SESSION_EVENT_PATH, opts), [])

lib/msf/base/sessions/meterpreter.rb

@@ -497,14 +497,17 @@ def load_session_info
             end
           end
 
+          sysinfo = sys.config.sysinfo
+          host = Msf::Util::Host.normalize_host(self)
+
           framework.db.report_note({
             :type => "host.os.session_fingerprint",
-            :host => self,
+            :host => host,
             :workspace => wspace,
             :data => {
-              :name => sys.config.sysinfo["Computer"],
-              :os => sys.config.sysinfo["OS"],
-              :arch => sys.config.sysinfo["Architecture"],
+              :name => sysinfo["Computer"],
+              :os => sysinfo["OS"],
+              :arch => sysinfo["Architecture"],
             }
           })
 

lib/msf/core/db_manager/http/servlet/loot_servlet.rb

@@ -55,7 +55,7 @@ def self.report_loot
             ext = "txt"
         end
         # This method is available even if there is no database, don't bother checking
-        host = Msf::Util::Host.normalize_host(host)
+        host = Msf::Util::Host.normalize_host(opts[:host])
 
         ws = (opts[:workspace] ? opts[:workspace] : 'default')
         name =

lib/msf/core/db_manager/session.rb

@@ -120,7 +120,6 @@ def report_session_dto(session_dto)
 
     ::ActiveRecord::Base.connection_pool.with_connection {
       workspace = find_workspace(session_dto[:workspace])
-
       host_data = session_dto[:host_data]
       h_opts = {}
       h_opts[:host]      = host_data[:host]
@@ -144,7 +143,7 @@ def report_session_dto(session_dto)
           via_payload: session_data[:via_payload],
       }
 
-      if sess_data[:via_exploit] == 'exploit/multi/handler' and sess_data[:datastore]['ParentModule']
+      if sess_data[:via_exploit] == 'exploit/multi/handler' and sess_data[:datastore] and sess_data[:datastore]['ParentModule']
         sess_data[:via_exploit] = sess_data[:datastore]['ParentModule']
       end