Merge branch 'bug/unmerge-1444-and-1476' of https://github.com/todb-r7/metasploit-framework into todb-r7-bug/unmerge-1444-and-1476

Author: jvazquez-r7

lib/anemone/rex_http.rb

@@ -188,9 +188,7 @@ def connection(url)
 			context,
 			url.scheme == "https",
 			'SSLv23',
-			@opts[:proxies],
-                    @opts[:username],
-                    @opts[:password]
+			@opts[:proxies]
 		)
 
 		conn.set_config(

lib/msf/core/auxiliary/crawler.rb

@@ -22,9 +22,7 @@ def initialize(info = {})
 				Opt::Proxies,
 				OptInt.new('MAX_PAGES', [ true, 'The maximum number of pages to crawl per URL', 500]),
 				OptInt.new('MAX_MINUTES', [ true, 'The maximum number of minutes to spend on each URL', 5]),
-				OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4]),
-				OptString.new('USERNAME', [false, 'The HTTP username to specify for authentication']),
-				OptString.new('PASSWORD', [false, 'The HTTP password to specify for authentication'])
+				OptInt.new('MAX_THREADS', [ true, 'The maximum number of concurrent requests', 4])
 			], self.class
 		)
 
@@ -36,6 +34,8 @@ def initialize(info = {})
 				OptString.new('UserAgent', [true, 'The User-Agent header to use for all requests',
 					"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
 				]),
+				OptString.new('BasicAuthUser', [false, 'The HTTP username to specify for basic authentication']),
+				OptString.new('BasicAuthPass', [false, 'The HTTP password to specify for basic authentication']),
 				OptString.new('HTTPAdditionalHeaders', [false, "A list of additional headers to send (separated by \\x01)"]),
 				OptString.new('HTTPCookie', [false, "A HTTP cookie header to send with each request"]),
 				OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]),
@@ -118,9 +118,8 @@ def run
 			:info     => ""
 		})
 
-		if datastore['USERNAME'] and datastore['USERNAME'] != ''
-			t[:username] = datastore['USERNAME'].to_s
-			t[:password] = datastore['PASSWORD'].to_s
+		if datastore['BasicAuthUser']
+			t[:http_basic_auth] = [ "#{datastore['BasicAuthUser']}:#{datastore['BasicAuthPass']}" ].pack("m*").gsub(/\s+/, '')
 		end
 
 		if datastore['HTTPCookie']
@@ -279,8 +278,9 @@ def crawler_options(t)
 			opts[:cookies] = t[:cookies]
 		end
 
-		opts[:username] = t[:username] || ''
-		opts[:password] =t[:password] || ''
+		if t[:http_basic_auth]
+			opts[:http_basic_auth] = t[:http_basic_auth]
+		end
 
 		opts
 	end

lib/msf/core/auxiliary/web/http.rb

@@ -10,7 +10,6 @@
 module Msf
 class Auxiliary::Web::HTTP
 
-
 	class Request
 		attr_accessor :url
 		attr_reader	 :opts
@@ -70,7 +69,6 @@ def timed_out
 	attr_reader :framework
 
 	attr_accessor :redirect_limit
-	attr_accessor :username , :password
 
 	def initialize( opts = {} )
 		@opts = opts.dup
@@ -86,8 +84,8 @@ def initialize( opts = {} )
 
 		@request_opts = {}
 		if opts[:auth].is_a? Hash
-			@username = opts[:auth][:user].to_s
-			@password = opts[:auth][:password].to_s
+			@request_opts['basic_auth'] = [ opts[:auth][:user].to_s + ':' +
+								opts[:auth][:password] ]. pack( 'm*' ).gsub( /\s+/, '' )
 		end
 
 		self.redirect_limit = opts[:redirect_limit] || 20
@@ -107,9 +105,7 @@ def connect
 			opts[:target].port,
 			{},
 			opts[:target].ssl,
-			'SSLv23',
-			username,
-			password
+			'SSLv23'
 		)
 
 		c.set_config({
@@ -300,10 +296,6 @@ def _request( url, opts = {} )
 		opts['data'] = body if body
 
 		c = connect
-		if opts['username'] and opts['username'] != ''
-			c.username = opts['username'].to_s
-			c.password = opts['password'].to_s
-		end
 		Response.from_rex_response c.send_recv( c.request_cgi( opts ), timeout )
 	rescue ::Timeout::Error
 		Response.timed_out