rex-socket 0.1.60 → 0.1.62

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a61eea97f22de5fbf53bd8b10afdc2a49affa0d3ced6a6457dbc78c7c13f88c4
-  data.tar.gz: 0b43ec7143f9dca80b8bc38105e6873252eda7b19b023e393432580169002620
+  metadata.gz: 8f5d0dfb0bb9e3a72914fe37c326aa979f75a6f845208337af3f21ff9b36313c
+  data.tar.gz: 63faf272cb65e2f42da0ff023390da3437e225dfce065314f05b0560b76949bd
 SHA512:
-  metadata.gz: c055962142f5fcadf24016b0274d065dafe53b47bff9a290fed250fe8a99a11a4a6a29b414b6d9656ce3304903ae4c620c03601235b6008f047e2ad171f2e375
-  data.tar.gz: 37943cfd24524c9a8474132c1d7cb3051a221173ad493ed7a3ad103e1223163bd1bc7da1639b21fa6c36add59c3777012aee7acdd6484e0c1f45230722d34c56
+  metadata.gz: 6586170be5a1241d17dd818afefc55e981330e7369e984e69be0c1e9a7b5db68185f0b2a73d4176ecdbdcd5e81c48ea9cfc6c8ae5ec04009024f75e3ace90939
+  data.tar.gz: b277f06f584d268172a7aa30f408a415a9a4136519d5aba34d98e0c7ce5c9f54cc915aed182ca461a1baa29d459ef790dbf0d29270ece45eabf3f0e15414c7d8

data/lib/rex/socket/comm/local.rb

@@ -122,40 +122,31 @@ class Rex::Socket::Comm::Local
   # Creates a socket using the supplied Parameter instance.
   #
   def self.create_by_type(param, type, proto = 0)
-
     # Detect IPv6 addresses and enable IPv6 accordingly
     if Rex::Socket.support_ipv6?
-
-      local = Rex::Socket.resolv_nbo(param.localhost) if param.localhost
-      peer  = Rex::Socket.resolv_nbo(param.peerhost) if param.peerhost
-
       # Enable IPv6 dual-bind mode for unbound UDP sockets on Linux
-      if type == ::Socket::SOCK_DGRAM && Rex::Compat.is_linux && !local && !peer
+      if type == ::Socket::SOCK_DGRAM && Rex::Compat.is_linux && !param.localhost && !param.peerhost
         param.v6 = true
 
       # Check if either of the addresses is 16 octets long
-      elsif (local && local.length == 16) || (peer && peer.length == 16)
+      elsif (param.localhost && Rex::Socket.is_ipv6?(param.localhost)) || (param.peerhost && Rex::Socket.is_ipv6?(param.peerhost))
         param.v6 = true
       end
 
       if param.v6
-        if local && local.length == 4
-          if local == "\x00\x00\x00\x00"
+        if param.localhost && Rex::Socket.is_ipv4?(param.localhost)
+          if Rex::Socket.addr_atoi(param.localhost) == 0
             param.localhost = '::'
-          elsif local == "\x7f\x00\x00\x01"
-            param.localhost = '::1'
           else
-            param.localhost = '::ffff:' + Rex::Socket.getaddress(param.localhost, true)
+            param.localhost = '::ffff:' + param.localhost
           end
         end
 
-        if peer && peer.length == 4
-          if peer == "\x00\x00\x00\x00"
+        if param.peerhost && Rex::Socket.is_ipv4?(param.peerhost)
+          if Rex::Socket.addr_atoi(param.peerhost) == 0
             param.peerhost = '::'
-          elsif peer == "\x7f\x00\x00\x01"
-            param.peerhost = '::1'
           else
-            param.peerhost = '::ffff:' + Rex::Socket.getaddress(param.peerhost, true)
+            param.peerhost = '::ffff:' + param.peerhost
           end
         end
       end
@@ -179,7 +170,7 @@ class Rex::Socket::Comm::Local
     if param.localport || param.localhost
       begin
 
-        # SO_REUSEADDR has undesired semantics on Windows, intead allowing
+        # SO_REUSEADDR has undesired semantics on Windows, instead allowing
         # sockets to be stolen without warning from other unprotected
         # processes.
         unless Rex::Compat.is_windows
@@ -210,7 +201,7 @@ class Rex::Socket::Comm::Local
             klass = Rex::Socket::SslTcpServer
           end
         elsif param.proto == 'sctp'
-            klass = Rex::Socket::SctpServer
+          klass = Rex::Socket::SctpServer
         else
           raise Rex::BindFailed.new(param.localhost, param.localport), caller
         end
@@ -220,8 +211,6 @@ class Rex::Socket::Comm::Local
       end
     # Otherwise, if we're creating a client...
     else
-      chain = []
-
       # If we were supplied with host information
       if param.peerhost
 
@@ -262,14 +251,13 @@ class Rex::Socket::Comm::Local
         end
 
         ip6_scope_idx = 0
-        ip   = Rex::Socket.getaddress(param.peerhost)
-        port = param.peerport
-
-        if param.proxies
-          chain = param.proxies.dup
-          chain.push(['host',param.peerhost,param.peerport])
-          ip = chain[0][1]
-          port = chain[0][2].to_i
+
+        if param.proxies?
+          ip   = param.proxies.first.host
+          port = param.proxies.first.port
+        else
+          ip   = Rex::Socket.getaddress(param.peerhost)
+          port = param.peerport
         end
 
         begin
@@ -326,24 +314,20 @@ class Rex::Socket::Comm::Local
         end
       end
 
-      if chain.size > 1
-        chain.each_with_index {
-          |proxy, i|
-          next_hop = chain[i + 1]
-          if next_hop
-            proxy(sock, proxy[0], next_hop[1], next_hop[2])
-          end
-        }
+      if param.proxies?
+        param.proxies.each_cons(2) do |current_proxy, next_proxy|
+          proxy(sock, current_proxy.scheme, next_proxy.host, next_proxy.port)
+        end
+        current_proxy = param.proxies.last
+        proxy(sock, current_proxy.scheme, param.peerhost, param.peerport)
       end
 
       # Now extend the socket with SSL and perform the handshake
-      if(param.bare? == false and param.ssl)
+      if !param.bare? && param.ssl
         klass = Rex::Socket::SslTcp
         sock.extend(klass)
         sock.initsock(param)
       end
-
-
     end
 
     # Notify handlers that a socket has been created.
@@ -440,76 +424,49 @@ class Rex::Socket::Comm::Local
         raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
       end
 
-      resp = Rex::Proto::Http::Response.new
-      resp.update_cmd_parts(ret.split(/\r?\n/)[0])
+      if (match = ret.match(/HTTP\/.+?\s+(\d+)\s?.+?\r?\n?$/))
+        status_code  = match[1].to_i
+      end
 
-      if resp.code != 200
+      if status_code != 200
         raise Rex::ConnectionProxyError.new(host, port, type, "The proxy returned a non-OK response"), caller
       end
     when Rex::Socket::Proxies::ProxyType::SOCKS4
-      supports_ipv6 = false
-      setup = [4,1,port.to_i].pack('CCn') + Rex::Socket.resolv_nbo(host, supports_ipv6) + Rex::Text.rand_text_alpha(rand(8)+1) + "\x00"
-      size = sock.put(setup)
-      if size != setup.length
-        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
-      end
+      if !Rex::Socket.is_ipv4?(host)
+        if !Rex::Socket.is_name?(host)
+          raise Rex::ConnectionProxyError.new(host, port, type, "The SOCKS4 target host must be an IPv4 address or a hostname"), caller
+        end
 
-      begin
-        ret = sock.get_once(8, 30)
-      rescue IOError
-        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
-      end
+        begin
+          address = Rex::Socket.getaddress(host, false)
+        rescue ::SocketError
+          raise Rex::ConnectionProxyError.new(host, port, type, "The SOCKS4 target '#{host}' could not be resolved to an IP address"), caller
+        end
 
-      if ret.nil? || ret.length < 8
-        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a complete response from the proxy"), caller
-      end
-      if ret[1,1] != "\x5a"
-        raise Rex::ConnectionProxyError.new(host, port, type, "Proxy responded with error code #{ret[0,1].unpack("C")[0]}"), caller
-      end
-    when Rex::Socket::Proxies::ProxyType::SOCKS5
-      auth_methods = [5,1,0].pack('CCC')
-      size = sock.put(auth_methods)
-      if size != auth_methods.length
-        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
-      end
-      ret = sock.get_once(2,30)
-      if ret[1,1] == "\xff"
-        raise Rex::ConnectionProxyError.new(host, port, type, "The proxy requires authentication"), caller
+        host = address
       end
 
-      if Rex::Socket.is_ipv4?(host)
-        accepts_ipv6 = false
-        addr = Rex::Socket.resolv_nbo(host, accepts_ipv6)
-        setup = [5,1,0,1].pack('C4') + addr + [port.to_i].pack('n')
-      elsif Rex::Socket.support_ipv6? && Rex::Socket.is_ipv6?(host)
-        # IPv6 stuff all untested
-        accepts_ipv6 = true
-        addr = Rex::Socket.resolv_nbo(host, accepts_ipv6)
-        setup = [5,1,0,4].pack('C4') + addr + [port.to_i].pack('n')
-      else
-        # Then it must be a domain name.
-        # Unfortunately, it looks like the host has always been
-        # resolved by the time it gets here, so this code never runs.
-        setup = [5,1,0,3].pack('C4') + [host.length].pack('C') + host + [port.to_i].pack('n')
-      end
+      self.proxy_socks4a(sock, type, host, port)
+    when Rex::Socket::Proxies::ProxyType::SOCKS5
+      # follow the unofficial convention where SOCKS5 handles the resolution locally (which leaks DNS)
+      if !Rex::Socket.is_ip_addr?(host)
+        if !Rex::Socket.is_name?(host)
+          raise Rex::ConnectionProxyError.new(host, port, type, "The SOCKS5 target host must be an IP address or a hostname"), caller
+        end
 
-      size = sock.put(setup)
-      if size != setup.length
-        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
-      end
+        begin
+          address = Rex::Socket.getaddress(host, Rex::Socket.support_ipv6?)
+        rescue ::SocketError
+          raise Rex::ConnectionProxyError.new(host, port, type, "The SOCKS5 target '#{host}' could not be resolved to an IP address"), caller
+        end
 
-      begin
-        response = sock.get_once(10, 30)
-      rescue IOError
-        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
+        host = address
       end
 
-      if response.nil? || response.length < 10
-        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a complete response from the proxy"), caller
-      end
-      if response[1,1] != "\x00"
-        raise Rex::ConnectionProxyError.new(host, port, type, "Proxy responded with error code #{response[1,1].unpack("C")[0]}"), caller
-      end
+      self.proxy_socks5h(sock, type, host, port)
+    when Rex::Socket::Proxies::ProxyType::SOCKS5H
+      # follow the unofficial convention where SOCKS5H has the proxy server resolve the hostname to and IP address
+      self.proxy_socks5h(sock, type, host, port)
     else
       raise RuntimeError, "The proxy type specified is not valid", caller
     end
@@ -531,4 +488,72 @@ class Rex::Socket::Comm::Local
   def self.each_event_handler(handler) # :nodoc:
     self.instance.each_event_handler(handler)
   end
+
+  private
+
+  def self.proxy_socks4a(sock, type, host, port)
+    setup = [4,1,port.to_i].pack('CCn') + Rex::Socket.resolv_nbo(host, false) + Rex::Text.rand_text_alpha(rand(8)+1) + "\x00"
+    size = sock.put(setup)
+    if size != setup.length
+      raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
+    end
+
+    begin
+      ret = sock.get_once(8, 30)
+    rescue IOError
+      raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
+    end
+
+    if ret.nil? || ret.length < 8
+      raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a complete response from the proxy"), caller
+    end
+    if ret[1,1] != "\x5a"
+      raise Rex::ConnectionProxyError.new(host, port, type, "Proxy responded with error code #{ret[0,1].unpack("C")[0]}"), caller
+    end
+  end
+
+  def self.proxy_socks5h(sock, type, host, port)
+    auth_methods = [5,1,0].pack('CCC')
+    size = sock.put(auth_methods)
+    if size != auth_methods.length
+      raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller(1)
+    end
+    ret = sock.get_once(2,30)
+    if ret[1,1] == "\xff"
+      raise Rex::ConnectionProxyError.new(host, port, type, "The proxy requires authentication"), caller(1)
+    end
+
+    if Rex::Socket.is_ipv4?(host)
+      accepts_ipv6 = false
+      addr = Rex::Socket.resolv_nbo(host, accepts_ipv6)
+      setup = [5,1,0,1].pack('C4') + addr + [port.to_i].pack('n')
+    elsif Rex::Socket.is_ipv6?(host)
+      raise Rex::RuntimeError.new('Rex::Socket does not support IPv6') unless Rex::Socket.support_ipv6?
+
+      accepts_ipv6 = true
+      addr = Rex::Socket.resolv_nbo(host, accepts_ipv6)
+      setup = [5,1,0,4].pack('C4') + addr + [port.to_i].pack('n')
+    else
+      # Then it must be a domain name.
+      setup = [5,1,0,3].pack('C4') + [host.length].pack('C') + host + [port.to_i].pack('n')
+    end
+
+    size = sock.put(setup)
+    if size != setup.length
+      raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller(1)
+    end
+
+    begin
+      response = sock.get_once(10, 30)
+    rescue IOError
+      raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller(1)
+    end
+
+    if response.nil? || response.length < 10
+      raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a complete response from the proxy"), caller(1)
+    end
+    if response[1,1] != "\x00"
+      raise Rex::ConnectionProxyError.new(host, port, type, "Proxy responded with error code #{response[1,1].unpack("C")[0]}"), caller(1)
+    end
+  end
 end

data/lib/rex/socket/parameters.rb

@@ -51,6 +51,8 @@ class Rex::Socket::Parameters
   #
   # @option hash [String] 'PeerHost' The remote host to connect to
   # @option hash [String] 'PeerHostname' The unresolved remote hostname, used to specify Server Name Indication (SNI)
+  # @option hash [String] 'SSLKeyLogFile' The SSL key log file path, used for network capture
+  #   decryption which is useful to decrypt TLS traffic in wireshark
   # @option hash [String] 'PeerAddr' (alias for 'PeerHost')
   # @option hash [Fixnum] 'PeerPort' The remote port to connect to
   # @option hash [String] 'LocalHost' The local host to communicate from, if any
@@ -116,6 +118,10 @@ class Rex::Socket::Parameters
       self.sslctx = hash['SSLContext']
     end
 
+    if (hash['SSLKeyLogFile'])
+      self.sslkeylogfile = hash['SSLKeyLogFile']
+    end
+
     self.ssl_version = hash.fetch('SSLVersion', nil)
 
     supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
@@ -302,6 +308,11 @@ class Rex::Socket::Parameters
   # @return [String]
   attr_accessor :peerhostname
 
+  # The SSL key log file path, equivalent to the sslkeylogfile parameter hash
+  # key.
+  # @return [String]
+  attr_accessor :sslkeylogfile
+
   # The remote port.  Equivalent to the PeerPort parameter hash key.
   # @return [Fixnum]
   attr_writer :peerport
@@ -312,6 +323,7 @@ class Rex::Socket::Parameters
   # The local host.  Equivalent to the LocalHost parameter hash key.
   # @return [String]
   attr_writer :localhost
+
   def localhost
     return @localhost if @localhost
 
@@ -354,7 +366,9 @@ class Rex::Socket::Parameters
     best_comm = nil
     # If no comm was explicitly specified, try to use the comm that is best fit
     # to handle the provided host based on the current routing table.
-    if server and localhost
+    if proxies?
+      best_comm = Rex::Socket::Comm::Local
+    elsif server && localhost
       best_comm = Rex::Socket::SwitchBoard.best_comm(localhost)
     elsif peerhost
       best_comm =  Rex::Socket::SwitchBoard.best_comm(peerhost)
@@ -472,6 +486,10 @@ class Rex::Socket::Parameters
   # @return [Array]
   attr_accessor :proxies
 
+  def proxies?
+    proxies && !proxies.empty?
+  end
+
   alias peeraddr  peerhost
   alias localaddr localhost
 end

data/lib/rex/socket/proxies.rb

@@ -8,12 +8,41 @@ module Rex
         HTTP = 'http'
         SOCKS4 = 'socks4'
         SOCKS5 = 'socks5'
+        SOCKS5H = 'socks5h'
       end
 
       # @param [String,nil] value A proxy chain of format {type:host:port[,type:host:port][...]}
-      # @return [Array] The array of proxies, i.e. {[['type', 'host', 'port']]}
+      # @return [Array<URI>] The array of proxies
       def self.parse(value)
-        value.to_s.strip.split(',').map { |a| a.strip }.map { |a| a.split(':').map { |b| b.strip } }
+        proxies = []
+        value.to_s.strip.split(',').each do |proxy|
+          proxy = proxy.strip
+
+          # replace the first : with :// so it can be parsed as a URI
+          # URIs will offer more flexibility long term, but we'll keep backwards compatibility for now by treating : as ://
+          proxy = proxy.sub(/\A(\w+):(\w+)/, '\1://\2')
+          uri = URI(proxy)
+
+          unless supported_types.include?(uri.scheme)
+            raise Rex::RuntimeError.new("Unsupported proxy scheme: #{uri.scheme}")
+          end
+
+          if uri.host.nil? || uri.host.empty?
+            raise Rex::RuntimeError.new("A proxy URI must include a valid host.")
+          end
+
+          if uri.port.nil? && uri.scheme.start_with?('socks')
+            uri.port = 1080
+          end
+
+          if uri.port.nil? || uri.port.zero?
+            raise Rex::RuntimeError.new("A proxy URI must include a valid port.")
+          end
+
+          proxies << uri
+        end
+
+        proxies
       end
 
       def self.supported_types

data/lib/rex/socket/ssl_tcp.rb

@@ -84,6 +84,20 @@ begin
     # Build the SSL connection
     self.sslctx  = OpenSSL::SSL::SSLContext.new(version)
 
+    # writing to the sslkeylogfile is required, it adds support for network capture decryption which is useful to
+    # decrypt TLS traffic in wireshark
+    if sslkeylogfile
+      unless self.sslctx.respond_to?(:keylog_cb)
+        raise 'Unable to create sslkeylogfile - Ruby 3.2 or above required for this functionality'
+      end
+
+      self.sslctx.keylog_cb = proc do |_sock, line|
+        File.open(sslkeylogfile, 'ab') do |file|
+          file.write("#{line}\n")
+        end
+      end
+    end
+
     # Configure client certificate
     if params and params.ssl_client_cert
       self.sslctx.cert = OpenSSL::X509::Certificate.new(params.ssl_client_cert)

data/lib/rex/socket/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Socket
-    VERSION = "0.1.60"
+    VERSION = "0.1.62"
   end
 end

data/lib/rex/socket.rb

@@ -805,6 +805,7 @@ module Socket
     if (params)
       self.peerhost  = params.peerhost
       self.peerhostname = params.peerhostname
+      self.sslkeylogfile = params.sslkeylogfile
       self.peerport  = params.peerport
       self.localhost = params.localhost
       self.localport = params.localport
@@ -888,6 +889,10 @@ module Socket
   #
   attr_reader :peerhostname
   #
+  # The SSL key log file path.
+  #
+  attr_reader :sslkeylogfile
+  #
   # The peer port of the connected socket.
   #
   attr_reader :peerport
@@ -912,7 +917,7 @@ module Socket
 
 protected
 
-  attr_writer :peerhost, :peerhostname, :peerport, :localhost, :localport # :nodoc:
+  attr_writer :peerhost, :peerhostname, :sslkeylogfile, :peerport, :localhost, :localport # :nodoc:
   attr_writer :context # :nodoc:
   attr_writer :ipv # :nodoc:
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rex-socket
 version: !ruby/object:Gem::Version
-  version: 0.1.60
+  version: 0.1.62
 platform: ruby
 authors:
 - Metasploit Hackers
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-04-09 00:00:00.000000000 Z
+date: 2025-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake