Land rapid7#4926, add request plugin for http(s)

kernelsmith · kernelsmith · commit 503f6a125d19 · 2015-06-04T13:51:58.000-05:00
diff --git a/plugins/request.rb b/plugins/request.rb
@@ -0,0 +1,286 @@
+require 'uri'
+
+module Msf
+
+class Plugin::Requests < Msf::Plugin
+
+  class ConsoleCommandDispatcher
+    include Msf::Ui::Console::CommandDispatcher
+
+    HELP_REGEX = /^-?-h(?:elp)?$/
+
+    def name
+      'Request'
+    end
+
+    def commands
+      {
+        'request' => "Make a request of the specified type (#{types.join(', ')})",
+      }
+    end
+
+    def types
+      # dynamically figure out what types are supported based on parse_args_*
+      parse_methods = self.public_methods.select {|m| m.to_s =~ /^parse_args_/}
+      parse_methods.collect {|m| m.to_s.split('_').slice(2..-1).join('_')}
+    end
+
+    def cmd_request(*args)
+      # short circuit the whole deal if they need help
+      return help if args.length == 0
+      return help if args.length == 1 && args.first =~ HELP_REGEX
+
+      # detect the request type from the uri which must be the last arg given
+      uri = args.last
+      if uri && uri =~ /^[A-Za-z]{3,5}:\/\//
+        type = uri.split('://', 2).first
+      else
+        print_error("The last argument must be a valid and supported URI")
+        return help
+      end
+
+      # parse options
+      opts, opt_parser = parse_args(args, type)
+      if opts && opt_parser
+        # handle any "global" options
+        if opts[:output_file]
+          begin
+            opts[:output_file] = File.new(opts[:output_file], 'w')
+          rescue ::Errno::EACCES, Errno::EISDIR, Errno::ENOTDIR
+            return help(opt_parser, 'Failed to open the specified file for output')
+          end
+        end
+        # hand off the actual request to the appropriate request handler
+        handler_method = "handle_request_#{type}".to_sym
+        if self.respond_to?(handler_method)
+          # call the appropriate request handler
+          self.send(handler_method, opts, opt_parser)
+        else
+          # this should be dead code if parse_args is doing it's job correctly
+          help(opt_parser, "No request handler found for type (#{type.to_s}).")
+        end
+      else
+        if types.include? type
+          help(opt_parser)
+        else
+          help
+        end
+      end
+    end
+
+    def parse_args(args, type = 'http')
+      type.downcase!
+      parse_method = "parse_args_#{type}".to_sym
+      if self.respond_to?(parse_method)
+        self.send(parse_method, args, type)
+      else
+        print_error("Unsupported URI type: #{type}")
+      end
+    end
+
+    # arg parsing for requests of type 'http'
+    def parse_args_https(args = [], type = 'https')
+      # just let http do it
+      parse_args_http(args, type)
+    end
+
+    # arg parsing for requests of type 'http'
+    def parse_args_http(args = [], type = 'http')
+      opt_parser = Rex::Parser::Arguments.new(
+        '-0' => [ false, 'Use HTTP 1.0' ],
+        '-1' => [ false, 'Use TLSv1 (SSL)' ],
+        '-2' => [ false, 'Use SSLv2 (SSL)' ],
+        '-3' => [ false, 'Use SSLv3 (SSL)' ],
+        '-A' => [ true,  'User-Agent to send to server' ],
+        '-d' => [ true,  'HTTP POST data' ],
+        '-G' => [ false, 'Send the -d data with an HTTP GET' ],
+        '-h' => [ false, 'This help text' ],
+        '-H' => [ true,  'Custom header to pass to server' ],
+        '-i' => [ false, 'Include headers in the output' ],
+        '-I' => [ false, 'Show document info only' ],
+        '-o' => [ true,  'Write output to <file> instead of stdout' ],
+        '-u' => [ true,  'Server user and password' ],
+        '-X' => [ true,  'Request method to use' ]
+        #'-x' => [ true,  'Proxy to use, format: [proto://][user:pass@]host[:port]' +
+        #                 '  Proto defaults to http:// and port to 1080'],
+      )
+
+      options = {
+        :headers         => {},
+        :print_body      => true,
+        :print_headers   => false,
+        :ssl_version     => 'Auto',
+        :user_agent      => Rex::Proto::Http::Client::DefaultUserAgent,
+        :version         => '1.1'
+      }
+
+      opt_parser.parse(args) do |opt, idx, val|
+        case opt
+        when '-0'
+          options[:version] = '1.0'
+        when '-1'
+          options[:ssl_version] = 'TLS1'
+        when '-2'
+          options[:ssl_version] = 'SSL2'
+        when '-3'
+          options[:ssl_version] = 'SSL3'
+        when '-A'
+          options[:user_agent] = val
+        when '-d'
+          options[:data] = val
+          options[:method] ||= 'POST'
+        when '-G'
+          options[:method] = 'GET'
+        when HELP_REGEX
+          #help(opt_parser)
+          # guard to prevent further option processing & stymie request handling
+          return [nil, opt_parser]
+        when '-H'
+          name, value = val.split(':', 2)
+          options[:headers][name] = value.to_s.strip
+        when '-i'
+          options[:print_headers] = true
+        when '-I'
+          options[:print_headers] = true
+          options[:print_body]    = false
+          options[:method] ||= 'HEAD'
+        when '-o'
+          options[:output_file] = File.expand_path(val)
+        when '-u'
+          val = val.split(':', 2) # only split on first ':' as per curl:
+          # from curl man page: "The user name and passwords are split up on the
+          # first colon, which makes it impossible to use a colon in the user
+          # name with this option.  The password can, still.
+          options[:auth_username] = val.first
+          options[:auth_password] = val.last
+        when '-p'
+          options[:auth_password] = val
+        when '-X'
+          options[:method] = val
+        #when '-x'
+          # @TODO proxy
+        else
+          options[:uri] = val
+        end
+      end
+      unless options[:uri]
+        help(opt_parser)
+      end
+      options[:method] ||= 'GET'
+      options[:uri] = URI(options[:uri])
+      [options, opt_parser]
+    end
+
+    # handling for requests of type 'https'
+    def handle_request_https(opts, opt_parser)
+      # let http do it
+      handle_request_http(opts, opt_parser)
+    end
+
+    # handling for requests of type 'http'
+    def handle_request_http(opts, opt_parser)
+      uri = opts[:uri]
+      http_client = Rex::Proto::Http::Client.new(
+        uri.host,
+        uri.port,
+        {'Msf' => framework},
+        uri.scheme == 'https',
+        opts[:ssl_version]
+      )
+
+      if opts[:auth_username]
+        auth_str = opts[:auth_username] + ':' + opts[:auth_password]
+        auth_str = 'Basic ' + Rex::Text.encode_base64(auth_str)
+        opts[:headers]['Authorization'] = auth_str
+      end
+
+      uri.path = '/' if uri.path.length == 0
+
+      begin
+        http_client.connect
+        req = http_client.request_cgi(
+          'agent'    => opts[:user_agent],
+          'data'     => opts[:data],
+          'headers'  => opts[:headers],
+          'method'   => opts[:method],
+          'password' => opts[:auth_password],
+          'query'    => uri.query,
+          'uri'      => uri.path,
+          'username' => opts[:auth_username],
+          'version'  => opts[:version]
+        )
+
+        response = http_client.send_recv(req)
+      rescue ::OpenSSL::SSL::SSLError
+        print_error('Encountered an SSL error')
+      rescue ::Errno::ECONNRESET => ex
+        print_error('The connection was reset by the peer')
+      rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
+        print_error('Encountered an error')
+      ensure
+        http_client.close
+      end
+
+      unless response
+        opts[:output_file].close if opts[:output_file]
+        return nil
+      end
+
+      if opts[:print_headers]
+        output_line(opts, response.cmd_string)
+        output_line(opts, response.headers.to_s)
+      end
+
+      output_line(opts, response.body) if opts[:print_body]
+      if opts[:output_file]
+        print_status("Wrote #{opts[:output_file].tell} bytes to #{opts[:output_file].path}")
+        opts[:output_file].close
+      end
+    end
+
+    def output_line(opts, line)
+      if opts[:output_file].nil?
+        if line[-2..-1] == "\r\n"
+          print_line(line[0..-3])
+        elsif line[-1] == "\n"
+          print_line(line[0..-2])
+        else
+          print_line(line)
+        end
+      else
+        opts[:output_file].write(line)
+      end
+    end
+
+    def help(opt_parser = nil, msg = 'Usage: request [options] uri')
+      print_line(msg)
+      if opt_parser
+        print_line(opt_parser.usage)
+      else
+        print_line("Supported uri types are: #{types.collect{|t| t + '://'}.join(', ')}")
+        print_line("To see usage for a specific uri type, use request -h uri")
+      end
+    end
+
+  end
+
+  def initialize(framework, opts)
+    super
+    add_console_dispatcher(ConsoleCommandDispatcher)
+  end
+
+  def cleanup
+    remove_console_dispatcher('Request')
+  end
+
+  def name
+    'Request'
+  end
+
+  def desc
+    'Make requests from within Metasploit using various protocols.'
+  end
+
+end # end class
+
+end # end module
