Skip to content

Commit c71b803

Browse files
David MaloneyDavid Maloney
David Maloney
authored and
David Maloney
committed
Add invisible auth to web crawler
the anemone web crawler now properly supports our invisible auth scheme for rex http.
1 parent 9b84e5b commit c71b803

File tree

2 files changed

+11
-9
lines changed

2 files changed

+11
-9
lines changed

lib/anemone/rex_http.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -188,7 +188,9 @@ def connection(url)
188188
context,
189189
url.scheme == "https",
190190
'SSLv23',
191-
@opts[:proxies]
191+
@opts[:proxies],
192+
@opts[:username],
193+
@opts[:password]
192194
)
193195

194196
conn.set_config(

lib/msf/core/auxiliary/crawler.rb

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,9 @@ def initialize(info = {})
2222
Opt::Proxies,
2323
OptInt.new('MAX_PAGES', [ true, 'The maximum number of pages to crawl per URL', 500]),
2424
OptInt.new('MAX_MINUTES', [ true, 'The maximum number of minutes to spend on each URL', 5]),
25-
OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4])
25+
OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4]),
26+
OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication']),
27+
OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication'])
2628
], self.class
2729
)
2830

@@ -34,8 +36,6 @@ def initialize(info = {})
3436
OptString.new('UserAgent', [true, 'The User-Agent header to use for all requests',
3537
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
3638
]),
37-
OptString.new('BasicAuthUser', [false, 'The HTTP username to specify for basic authentication']),
38-
OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
3939
OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
4040
OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
4141
OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]),
@@ -118,8 +118,9 @@ def run
118118
:info => ""
119119
})
120120

121-
if datastore['BasicAuthUser']
122-
t[:http_basic_auth] = [ "#{datastore['BasicAuthUser']}:#{datastore['BasicAuthPass']}" ].pack("m*").gsub(/\s+/, '')
121+
if datastore['USERNAME'] and datastore['USERNAME'] != ''
122+
t[:username] = datastore['USERNAME'].to_s
123+
t[:password] = datastore['PASSWORD'].to_s
123124
end
124125

125126
if datastore['HTTPCookie']
@@ -278,9 +279,8 @@ def crawler_options(t)
278279
opts[:cookies] = t[:cookies]
279280
end
280281

281-
if t[:http_basic_auth]
282-
opts[:http_basic_auth] = t[:http_basic_auth]
283-
end
282+
opts[:username] = t[:username] || ''
283+
opts[:password] =t[:password] || ''
284284

285285
opts
286286
end

0 commit comments

Comments
 (0)