Land rapid7#5387, @wchen-r7's user-configurable HTTP timeout

jvazquez-r7 · jvazquez-r7 · commit c201955fdf04 · 2015-05-22T15:36:11.000-05:00
Fixes rapid7#5219, Add connection timeout and response timeout for HttpClient
diff --git a/lib/msf/core/exploit/http/client.rb b/lib/msf/core/exploit/http/client.rb
@@ -52,7 +52,8 @@ def initialize(info = {})
         OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]),
         OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'Auto', ['Auto', 'SSL2', 'SSL3', 'TLS1']]),
         OptBool.new('FingerprintCheck', [ false, 'Conduct a pre-exploit fingerprint verification', true]),
-        OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION'])
+        OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION']),
+        OptInt.new('HttpClientTimeout', [false, 'HTTP connection and receive timeout', 20])
       ], self.class
     )
 
@@ -307,10 +308,11 @@ def cleanup
   # Passes +opts+ through directly to Rex::Proto::Http::Client#request_raw.
   #
   def send_request_raw(opts={}, timeout = 20)
+    actual_timeout = datastore['HttpClientTimeout'] || opts[:timeout] || timeout
     begin
       c = connect(opts)
       r = c.request_raw(opts)
-      c.send_recv(r, opts[:timeout] ? opts[:timeout] : timeout)
+      c.send_recv(r, actual_timeout)
     rescue ::Errno::EPIPE, ::Timeout::Error
       nil
     end
@@ -323,10 +325,11 @@ def send_request_raw(opts={}, timeout = 20)
   # Passes +opts+ through directly to Rex::Proto::Http::Client#request_cgi.
   #
   def send_request_cgi(opts={}, timeout = 20)
+    actual_timeout = datastore['HttpClientTimeout'] || opts[:timeout] || timeout
     begin
       c = connect(opts)
       r = c.request_cgi(opts)
-      c.send_recv(r, opts[:timeout] ? opts[:timeout] : timeout)
+      c.send_recv(r, actual_timeout)
     rescue ::Errno::EPIPE, ::Timeout::Error
       nil
     end
@@ -341,7 +344,8 @@ def send_request_cgi(opts={}, timeout = 20)
   #   will contain the full URI.
   #
   def send_request_cgi!(opts={}, timeout = 20, redirect_depth = 1)
-    res = send_request_cgi(opts, timeout)
+    actual_timeout = datastore['HttpClientTimeout'] || opts[:timeout] || timeout
+    res = send_request_cgi(opts, actual_timeout)
     return res unless res && res.redirect? && redirect_depth > 0
 
     redirect_depth -= 1
@@ -360,7 +364,7 @@ def send_request_cgi!(opts={}, timeout = 20, redirect_depth = 1)
       opts['ssl'] = false
     end
 
-    send_request_cgi!(opts, timeout, redirect_depth)
+    send_request_cgi!(opts, actual_timeout, redirect_depth)
   end
 
   #
