Merge branch 'dmaloney-r7-http/auth_methods' into rapid7

Author: egypt

lib/anemone/rex_http.rb

@@ -188,7 +188,9 @@ def connection(url)
 			context,
 			url.scheme == "https",
 			'SSLv23',
-			@opts[:proxies]
+			@opts[:proxies],
+                    @opts[:username],
+                    @opts[:password]
 		)
 
 		conn.set_config(

lib/msf/core/auxiliary/crawler.rb

@@ -22,7 +22,9 @@ def initialize(info = {})
 				Opt::Proxies,
 				OptInt.new('MAX_PAGES', [ true, 'The maximum number of pages to crawl per URL', 500]),
 				OptInt.new('MAX_MINUTES', [ true, 'The maximum number of minutes to spend on each URL', 5]),
-				OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4])
+				OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4]),
+				OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication']),
+				OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication'])
 			], self.class
 		)
 
@@ -34,8 +36,6 @@ def initialize(info = {})
 				OptString.new('UserAgent', [true, 'The User-Agent header to use for all requests',
 					"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
 				]),
-				OptString.new('BasicAuthUser', [false, 'The HTTP username to specify for basic authentication']),
-				OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
 				OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
 				OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
 				OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]),
@@ -118,8 +118,9 @@ def run
 			:info     => ""
 		})
 
-		if datastore['BasicAuthUser']
-			t[:http_basic_auth] = [ "#{datastore['BasicAuthUser']}:#{datastore['BasicAuthPass']}" ].pack("m*").gsub(/\s+/, '')
+		if datastore['USERNAME'] and datastore['USERNAME'] != ''
+			t[:username] = datastore['USERNAME'].to_s
+			t[:password] = datastore['PASSWORD'].to_s
 		end
 
 		if datastore['HTTPCookie']
@@ -278,9 +279,8 @@ def crawler_options(t)
 			opts[:cookies] = t[:cookies]
 		end
 
-		if t[:http_basic_auth]
-			opts[:http_basic_auth] = t[:http_basic_auth]
-		end
+		opts[:username] = t[:username] || ''
+		opts[:password] =t[:password] || ''
 
 		opts
 	end

lib/msf/core/auxiliary/web/http.rb

@@ -10,6 +10,7 @@
 module Msf
 class Auxiliary::Web::HTTP
 
+
 	class Request
 		attr_accessor :url
 		attr_reader	 :opts
@@ -69,6 +70,7 @@ def timed_out
 	attr_reader :framework
 
 	attr_accessor :redirect_limit
+	attr_accessor :username , :password
 
 	def initialize( opts = {} )
 		@opts = opts.dup
@@ -84,8 +86,8 @@ def initialize( opts = {} )
 
 		@request_opts = {}
 		if opts[:auth].is_a? Hash
-			@request_opts['basic_auth'] = [ opts[:auth][:user].to_s + ':' +
-								opts[:auth][:password] ]. pack( 'm*' ).gsub( /\s+/, '' )
+			@username = opts[:auth][:user].to_s
+			@password = opts[:auth][:password].to_s
 		end
 
 		self.redirect_limit = opts[:redirect_limit] || 20
@@ -105,7 +107,9 @@ def connect
 			opts[:target].port,
 			{},
 			opts[:target].ssl,
-			'SSLv23'
+			'SSLv23',
+			username,
+			password
 		)
 
 		c.set_config({
@@ -296,6 +300,10 @@ def _request( url, opts = {} )
 		opts['data'] = body if body
 
 		c = connect
+		if opts['username'] and opts['username'] != ''
+			c.username = opts['username'].to_s
+			c.password = opts['password'].to_s
+		end
 		Response.from_rex_response c.send_recv( c.request_cgi( opts ), timeout )
 	rescue ::Timeout::Error
 		Response.timed_out