Merge branch 'dmaloney-r7-bug/basic_auth', see also rapid7#1477 and rapid7#1444, rapid7#1477, rapid7#1472

Author: jvazquez-r7

lib/rex/proto/http/client.rb

@@ -209,7 +209,9 @@ def request_raw(opts={})
 		req << set_agent_header(c_ag)
 
 		if (c_auth.length > 0)
-			req << set_basic_auth_header(c_auth)
+			unless c_head['Authorization'] and c_head['Authorization'].include? "Basic"
+				req << set_basic_auth_header(c_auth)
+			end
 		end
 
 		req << set_cookie_header(c_cook)
@@ -239,6 +241,7 @@ def request_raw(opts={})
 	# @return [Request]
 	def request_cgi(opts={})
 		c_ag    = opts['agent']       || config['agent']
+		c_auth = opts['basic_auth'] || config['basic_auth'] || ''
 		c_body  = opts['data']        || ''
 		c_cgi   = opts['uri']         || '/'
 		c_conn  = opts['connection']
@@ -313,6 +316,12 @@ def request_cgi(opts={})
 		req << set_host_header(c_host)
 		req << set_agent_header(c_ag)
 
+		if (c_auth.length > 0)
+			unless c_head['Authorization'] and c_head['Authorization'].include? "Basic"
+				req << set_basic_auth_header(c_auth)
+			end
+		end
+
 		req << set_cookie_header(c_cook)
 		req << set_connection_header(c_conn)
 		req << set_extra_headers(c_head)

modules/auxiliary/scanner/http/tomcat_mgr_login.rb

@@ -87,10 +87,6 @@ def run_host(ip)
 			vprint_error("http://#{rhost}:#{rport}#{uri} - No response")
 			return
 		end
-		if res.code != 401
-			vprint_error("http://#{rhost}:#{rport} - Authorization not requested")
-			return
-		end
 
 		each_user_pass { |user, pass|
 			do_login(user, pass)
@@ -107,10 +103,8 @@ def do_login(user='tomcat', pass='tomcat')
 			res = send_request_cgi({
 				'uri'     => uri,
 				'method'  => 'GET',
-				'headers' =>
-					{
-						'Authorization' => "Basic #{user_pass}",
-					}
+				'username' => user,
+				'password' => pass
 				}, 25)
 			unless (res.kind_of? Rex::Proto::Http::Response)
 				vprint_error("http://#{rhost}:#{rport}#{uri} not responding")