librex 0.0.1

data/lib/rex/proto/http/client.rb.ut.rb

@@ -0,0 +1,93 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
+
+require 'test/unit'
+require 'rex/proto/http'
+
+class Rex::Proto::Http::Client::UnitTest < Test::Unit::TestCase
+
+	Klass = Rex::Proto::Http::Client
+
+	def test_parse
+		c = Klass.new('www.metasploit.com')
+
+		# Set request factory parameters
+		c.set_config(
+			'vhost'      => 'www.metasploit.com',
+			'agent'      => 'Metasploit Framework/3.3',
+			'version'    => '1.1',
+			'cookie'     => 'NoCookie=NotACookie'
+		)
+
+		# Set client parameters
+		c.set_config(
+			'read_max_data' => 1024 * 1024
+		)
+
+		#
+		# Request the main web page
+		#
+		r = c.request_raw(
+			'method' => 'GET',
+			'uri'    => '/'
+		)
+
+		resp = c.send_recv(r)
+
+		assert_equal(200, resp.code)
+		assert_equal('OK', resp.message)
+		assert_equal('1.1', resp.proto)
+
+		#
+		# Request a file that does not exist
+		#
+		r = c.request_raw(
+			'method' => 'GET',
+			'uri'    => '/NoFileHere.404'
+		)
+
+		resp = c.send_recv(r)
+
+		assert_equal(404, resp.code)
+		assert_equal('Not Found', resp.message)
+		assert_equal('1.1', resp.proto)
+
+
+		#
+		# Send a POST request that results in a 302
+		#
+		c = Klass.new('beta.microsoft.com')
+		c.set_config('vhost' => 'beta.microsoft.com')
+
+		r = c.request_cgi(
+			'method' => 'POST',
+			'uri'    => '/',
+			'vars_post'  => { 'var' => 'val' },
+			'ctype' => 'application/x-www-form-urlencoded'
+		)
+
+		resp = c.send_recv(r)
+
+		assert_equal(200, resp.code)
+		assert_equal('OK', resp.message)
+		assert_equal('1.1', resp.proto)
+	end
+
+	def test_ssl
+		c = Klass.new('www.metasploit.com', 443, {}, true)
+		c.set_config('vhost' => 'www.metasploit.com')
+		r = c.request_raw(
+			'method' => 'GET',
+			'uri'    => '/'
+		)
+		resp = c.send_recv(r)
+
+		assert_equal(200, resp.code)
+		assert_equal('OK', resp.message)
+		assert_equal('1.0', resp.proto)
+		c.close
+	end
+
+end
+

data/lib/rex/proto/http/handler.rb

@@ -0,0 +1,46 @@
+module Rex
+module Proto
+module Http
+
+###
+#
+# This class acts as the base class for all handlers.
+#
+###
+class Handler
+
+	require 'rex/proto/http/handler/erb'
+	require 'rex/proto/http/handler/proc'
+
+	#
+	# Initializes the handler instance as being associated with the supplied
+	# server.
+	#
+	def initialize(server)
+		self.server = server
+	end
+
+	#
+	# By default, handlers do not require a relative resource.
+	#
+	def self.relative_resource_required?
+		false
+	end
+
+	#
+	# Calls the class method.
+	#
+	def relative_resource_required?
+		self.class.relative_resource_required?
+	end
+
+protected
+
+	attr_accessor :server # :nodoc:
+
+end
+
+
+end
+end
+end

data/lib/rex/proto/http/handler/erb.rb

@@ -0,0 +1,128 @@
+require 'erb'
+include ERB::Util
+
+module Rex
+module Proto
+module Http
+
+###
+#
+# This class implements a handler for ERB (.rhtml) template files.  This is
+# based off the webrick handler.
+#
+###
+class Handler::Erb < Handler
+
+	#
+	# ERB handlers required a relative resource so that the full path name can
+	# be computed.
+	#
+	def self.relative_resource_required?
+		true
+	end
+
+	#
+	# Initializes the ERB handler
+	#
+	def initialize(server, root_path, opts = {})
+		super(server)
+
+		self.root_path = root_path
+		self.opts = opts
+
+		self.opts['MimeType'] = "text/html" unless self.opts['MimeType']
+	end
+
+	#
+	# Called when a request arrives.
+	#
+	def on_request(cli, req)
+		resource = req.relative_resource
+
+		# Make sure directory traversals aren't happening
+		if (resource =~ /\.\./)
+			wlog("Erb::on_request: Dangerous request performed: #{resource}",
+				LogSource)
+			return
+		# If the request is for the root directory, use the document index file.
+		elsif (resource == '/')
+			resource << opts['DocumentIndex'] || 'index.rhtml'
+		end
+
+		begin
+			resp = Response.new
+
+			# Calculate the actual file path on disk.
+			file_path = root_path + resource
+		
+			# Serialize the contents of the file
+			data = ''
+			
+			File.open(file_path, 'rb') { |f|
+				data = f.read
+			}
+
+			# Set the content-type to text/html by default.  We do this before
+			# evaluation so that the script can change it.
+			resp['Content-Type'] = server ? server.mime_type(resource) : 'text/html'
+
+			# If the requested file is a ruby html file, evaluate it.
+			if (File.extname(file_path) == ".rhtml")
+				# Evaluate the data and set the output as the response body.
+				resp.body = evaluate(ERB.new(data), cli, req, resp)
+			# Otherwise, just set the body to the data that was read.
+			else
+				resp.body = data
+			end
+		rescue Errno::ENOENT
+			server.send_e404(cli, req)
+		rescue
+			elog("Erb::on_request: #{$!}\n#{$@.join("\n")}", LogSource)
+
+			resp.code    = 500
+			resp.message = "Internal Server Error"
+			resp.body =
+				"<html><head>" +
+				"<title>Internal Server Error</title>" +
+				"</head><body> " +
+				"<h1>Internal Server Error</h1>" +
+				"The server encountered an error:<br/><br/> <b>" + html_escape($!) + "</b><br/><br/>" +
+				"Stack trace:<br/><br/>" +
+				$@.map { |e| html_escape(e.to_s) }.join("<br/>") + 
+				"</body></html>"
+		end
+
+		# Send the response to the 
+		if (cli and resp)
+			cli.send_response(resp)
+		end
+
+		resp
+	end
+
+	#
+	# Evaulates the ERB context in a specific binding context.
+	#
+	def evaluate(erb, cli, request, response)
+		# If the thing that created this handler wanted us to use a callback
+		# instead of the default behavior, then let's do that.
+		if (opts['ErbCallback'])
+			opts['ErbCallback'].call(erb, cli, request, response)
+		else
+			Module.new.module_eval {
+				query_string = request.qstring
+				meta_vars = request.meta_vars
+				erb.result(binding)
+			}
+		end
+	end
+
+protected
+
+	attr_accessor :root_path, :opts # :nodoc:
+
+end
+
+end
+end
+end

data/lib/rex/proto/http/handler/erb.rb.ut.rb

@@ -0,0 +1,21 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', '..'))
+
+require 'test/unit'
+require 'rex/proto/http'
+
+class Rex::Proto::Http::Handler::Erb::UnitTest < Test::Unit::TestCase
+
+	Klass = Rex::Proto::Http::Handler::Erb
+	Request = Rex::Proto::Http::Request
+
+	def test_erb
+		k = Klass.new(nil, File.dirname(__FILE__))
+		r = k.on_request(nil, Request::Get.new("/erb.rb.ut.rb.rhtml"))
+
+		assert_not_nil(r)
+		assert_equal("foo 4\n", r.body)
+	end
+
+end

data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml

@@ -0,0 +1 @@
+foo <%= 2 + 2 %>

data/lib/rex/proto/http/handler/proc.rb

@@ -0,0 +1,54 @@
+require 'erb'
+
+module Rex
+module Proto
+module Http
+
+###
+#
+# This class is used to wrapper the calling of a procedure when a request
+# arrives.
+#
+###
+class Handler::Proc < Handler
+
+	#
+	# Initializes the proc handler with the supplied procedure
+	#
+	def initialize(server, procedure, virt_dir = false)
+		super(server)
+
+		self.procedure = procedure
+		self.virt_dir  = virt_dir || false
+	end
+
+	#
+	# Returns true if the procedure is representing a virtual directory.
+	#
+	def relative_resource_required?
+		virt_dir	
+	end
+
+	#
+	# Called when a request arrives.
+	#
+	def on_request(cli, req)
+		begin
+			procedure.call(cli, req)
+		rescue Errno::EPIPE
+			elog("Proc::on_request: Client closed connection prematurely", LogSource)
+		rescue
+			elog("Proc::on_request: #{$!}\n\n#{$@.join("\n")}", LogSource)
+		end
+	end
+
+protected
+
+	attr_accessor :procedure # :nodoc:
+	attr_accessor :virt_dir  # :nodoc:
+
+end
+
+end
+end
+end

data/lib/rex/proto/http/handler/proc.rb.ut.rb

@@ -0,0 +1,24 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', '..'))
+
+require 'test/unit'
+require 'rex/proto/http'
+
+class Rex::Proto::Http::Handler::Proc::UnitTest < Test::Unit::TestCase
+
+	Klass = Rex::Proto::Http::Handler::Proc
+	Request = Rex::Proto::Http::Request
+
+	def test_proc
+		cool = 0
+		k = Klass.new(nil, Proc.new { |cli, req|
+			cool = 1
+		})
+			
+		r = k.on_request(nil, Request::Get.new("/erb.rb.ut.rb.rhtml"))
+
+		assert_equal(1, cool)
+	end
+
+end

data/lib/rex/proto/http/header.rb

@@ -0,0 +1,161 @@
+require 'rex/proto/http'
+
+module Rex
+module Proto
+module Http
+
+###
+#
+# Represents the logical HTTP header portion of an HTTP packet (request or
+# response).
+#
+###
+class Packet::Header < Hash
+
+	#
+	# Initializes an HTTP packet header class that inherits from a Hash base
+	# class.
+	#
+	def initialize
+		self.dcase_hash = {}
+
+		reset
+	end
+
+	#
+	# Parses a header from a string.
+	#
+	# XXX - Putting : in a header value breaks this badly
+	def from_s(header)
+		reset
+
+		# ghettoooooo!
+		# If we don't have any newlines..., put one there.
+		if (header.size > 0 && header !~ /\r\n/)
+			header << "\r\n"
+		end
+
+		# put the non-standard line terminations back to normal
+		# gah.  not having look behinds suck,
+		header.gsub!(/([^\r])\n/,'\1' + "\r\n")
+
+		# undo folding, kinda ugly but works for now.
+		header.gsub!(/:\s*\r\n\s+/smi,': ')
+
+		# Extract the command string
+		self.cmd_string = header.slice!(/.+\r\n/)
+
+		# Extract each header value pair
+		header.split(/\r\n/m).each { |str|
+			if (md = str.match(/^(.+?): (.+?)$/))
+				if (self[md[1]])
+					self[md[1]] << ", " + md[2]
+				else
+					self[md[1]] = md[2]
+				end
+			end
+		}
+	end
+
+	#
+	# More advanced [] that does downcase comparison.
+	#
+	def [](key)
+		begin
+			rv = self.fetch(key)
+		rescue IndexError
+			rv = nil
+		end
+		if (rv == nil)
+			begin
+				rv = self.dcase_hash[key.downcase]
+			rescue IndexError
+				rv = nil
+			end
+		end
+
+		return rv
+	end
+
+	#
+	# More advanced []= that does downcase storage.
+	#
+	def []=(key, value)
+		stored = false
+
+		self.each_key { |k|
+			if (k.downcase == key.downcase)
+				self.store(k, value)
+				stored = true
+			end
+		}
+
+		self.store(key, value) if (stored == false)
+		self.dcase_hash[key.downcase] = value
+	end
+
+	#
+	# Converts the header to a string.
+	#
+	def to_s(prefix = '')
+		str = prefix
+
+		if self.junk_headers
+			while str.length < 4096
+				if self.fold
+					str << "X-#{Rex::Text.rand_text_alphanumeric(rand(30) + 5)}:\r\n\t#{Rex::Text.rand_text_alphanumeric(rand(1024) + 1)}\r\n"
+				else
+					str << "X-#{Rex::Text.rand_text_alphanumeric(rand(30) + 5)}: #{Rex::Text.rand_text_alphanumeric(rand(1024) + 1)}\r\n"
+				end
+			end
+		end
+
+		each_pair { |var, val|
+			if self.fold
+				str << "#{var}:\r\n\t#{val}\r\n"
+			else
+				str << "#{var}: #{val}\r\n"
+			end
+		}
+
+		str << "\r\n"
+
+		return str
+	end
+
+	#
+	# Brings in from an array like yo.
+	#
+	def from_a(ary)
+		ary.each { |e|
+			self[e[0]] = e[1]
+		}
+	end
+
+	#
+	# Flushes all header pairs.
+	#
+	def reset
+		self.cmd_string = ''
+		self.clear
+		self.dcase_hash.clear
+	end
+
+	#
+	# The raw command string associated with the header which will vary between
+	# requests and responses.
+	#
+	attr_accessor :junk_headers
+	attr_accessor :cmd_string
+	attr_accessor :fold
+
+protected
+
+	attr_accessor :dcase_hash # :nodoc:
+
+end
+
+end
+end
+end
+