MetaSploitFraemwork/plugins/request.rb

require 'uri'

module Msf
  class Plugin::Requests < Msf::Plugin

    class ConsoleCommandDispatcher
      include Msf::Ui::Console::CommandDispatcher

      HELP_REGEX = /^-?-h(?:elp)?$/.freeze

      def name
        'Request'
      end

      def commands
        {
          'request' => "Make a request of the specified type (#{types.join(', ')})"
        }
      end

      # Dynamically determine the types of requests that are supported based on
      # methods prefixed with "parse_args".
      #
      # @return [Array<String>] The supported request types.
      def types
        parse_methods = public_methods.select { |m| m.to_s =~ /^parse_args_/ }
        parse_methods.collect { |m| m.to_s.split('_').slice(2..-1).join('_') }
      end

      # The main handler for the request command.
      #
      # @param args [Array<String>] The array of arguments provided by the user.
      # @return [nil]
      def cmd_request(*args)
        # short circuit the whole deal if they need help
        return help if args.empty?
        return help if args.length == 1 && args.first =~ HELP_REGEX

        # detect the request type from the uri which must be the last arg given
        uri = args.last
        if uri && uri =~ %r{^[A-Za-z]{3,5}://}
          type = uri.split('://', 2).first
        else
          print_error('The last argument must be a valid and supported URI')
          return help
        end

        # parse options
        opts, opt_parser = parse_args(args, type)
        if opts && opt_parser
          # handle any "global" options
          if opts[:output_file]
            begin
              opts[:output_file] = File.new(opts[:output_file], 'w')
            rescue ::Errno::EACCES, Errno::EISDIR, Errno::ENOTDIR
              return help(opt_parser, 'Failed to open the specified file for output')
            end
          end
          # hand off the actual request to the appropriate request handler
          handler_method = "handle_request_#{type}".to_sym
          if respond_to?(handler_method)
            # call the appropriate request handler
            send(handler_method, opts, opt_parser)
          else
            # this should be dead code if parse_args is doing it's job correctly
            help(opt_parser, "No request handler found for type (#{type}).")
          end
        elsif types.include? type
          help(opt_parser)
        else
          help
        end
      end

      # Parse the provided arguments by dispatching to the correct method based
      # on the specified type.
      #
      # @param args [Array<String>] The command line arguments to parse.
      # @param type [String] The protocol type that the request is for such as
      #   HTTP.
      # @return [Array<Hash, Rex::Parser::Arguments>] An array with the options
      #   hash and the argument parser.
      def parse_args(args, type = 'http')
        type.downcase!
        parse_method = "parse_args_#{type}".to_sym
        if respond_to?(parse_method)
          send(parse_method, args, type)
        else
          print_error("Unsupported URI type: #{type}")
        end
      end

      # Parse the provided arguments for making HTTPS requests. The argument flags
      # are intended to be similar to the curl utility.
      #
      # @param args [Array<String>] The command line arguments to parse.
      # @param type [String] The protocol type that the request is for.
      # @return [Array<Hash, Rex::Parser::Arguments>] An array with the options
      #   hash and the argument parser.
      def parse_args_https(args = [], type = 'https')
        # just let http do it
        parse_args_http(args, type)
      end

      # Parse the provided arguments for making HTTP requests. The argument flags
      # are intended to be similar to the curl utility.
      #
      # @param args [Array<String>] The command line arguments to parse.
      # @param type [String] The protocol type that the request is for.
      # @return [Array<Hash>, Rex::Parser::Arguments>] An array with the options
      #   hash and the argument parser.
      def parse_args_http(args = [], _type = 'http')
        opt_parser = Rex::Parser::Arguments.new(
          '-0' => [ false, 'Use HTTP 1.0' ],
          '-1' => [ false, 'Use TLSv1 (SSL)' ],
          '-2' => [ false, 'Use SSLv2 (SSL)' ],
          '-3' => [ false, 'Use SSLv3 (SSL)' ],
          '-A' => [ true, 'User-Agent to send to server' ],
          '-d' => [ true, 'HTTP POST data' ],
          '-G' => [ false, 'Send the -d data with an HTTP GET' ],
          '-h' => [ false, 'This help text' ],
          '-H' => [ true, 'Custom header to pass to server' ],
          '-i' => [ false, 'Include headers in the output' ],
          '-I' => [ false, 'Show document info only' ],
          '-o' => [ true, 'Write output to <file> instead of stdout' ],
          '-u' => [ true, 'Server user and password' ],
          '-X' => [ true, 'Request method to use' ]
          # '-x' => [ true,  'Proxy to use, format: [proto://][user:pass@]host[:port]' +
          #                 '  Proto defaults to http:// and port to 1080'],
        )

        options = {
          headers: {},
          print_body: true,
          print_headers: false,
          ssl_version: 'Auto',
          user_agent: Rex::UserAgent.session_agent,
          version: '1.1'
        }

        opt_parser.parse(args) do |opt, _idx, val|
          case opt
          when '-0'
            options[:version] = '1.0'
          when '-1'
            options[:ssl_version] = 'TLS1'
          when '-2'
            options[:ssl_version] = 'SSL2'
          when '-3'
            options[:ssl_version] = 'SSL3'
          when '-A'
            options[:user_agent] = val
          when '-d'
            options[:data] = val
            options[:method] ||= 'POST'
          when '-G'
            options[:method] = 'GET'
          when HELP_REGEX
            # help(opt_parser)
            # guard to prevent further option processing & stymie request handling
            return [nil, opt_parser]
          when '-H'
            name, value = val.split(':', 2)
            options[:headers][name] = value.to_s.strip
          when '-i'
            options[:print_headers] = true
          when '-I'
            options[:print_headers] = true
            options[:print_body] = false
            options[:method] ||= 'HEAD'
          when '-o'
            options[:output_file] = File.expand_path(val)
          when '-u'
            val = val.split(':', 2) # only split on first ':' as per curl:
            # from curl man page: "The user name and passwords are split up on the
            # first colon, which makes it impossible to use a colon in the user
            # name with this option.  The password can, still.
            options[:auth_username] = val.first
            options[:auth_password] = val.last
          when '-p'
            options[:auth_password] = val
          when '-X'
            options[:method] = val
            # when '-x'
            # @TODO proxy
          else
            options[:uri] = val
          end
        end
        unless options[:uri]
          help(opt_parser)
        end
        options[:method] ||= 'GET'
        options[:uri] = URI(options[:uri])
        [options, opt_parser]
      end

      # Perform an HTTPS request based on the user specified options.
      #
      # @param opts [Hash] The options to use for making the HTTPS request.
      # @option opts [String] :auth_username An optional username to use with
      #   basic authentication.
      # @option opts [String] :auth_password An optional password to use with
      #   basic authentication. This is only used when :auth_username is
      #   specified.
      # @option opts [String] :data Any data to include within the body of the
      #   request. Often used with the POST HTTP method.
      # @option opts [Hash] :headers A hash of additional headers to include in
      #   the request.
      # @option opts [String] :method The HTTP method to use in the request.
      # @option opts [#write] :output_file A file to write the response data to.
      # @option opts [Boolean] :print_body Whether or not to print the body of the
      #   response.
      # @option opts [Boolean] :print_headers Whether or not to print the headers
      #   of the response.
      # @option opts [String] :ssl_version The version of SSL to use if the
      #   request scheme is HTTPS.
      # @option opts [String] :uri The target uri to request.
      # @option opts [String] :user_agent The value to use in the User-Agent
      #   header of the request.
      # @param opt_parser [Rex::Parser::Arguments] the argument parser for the
      #   request type.
      # @return [nil]
      def handle_request_https(opts, opt_parser)
        # let http do it
        handle_request_http(opts, opt_parser)
      end

      # Perform an HTTP request based on the user specified options.
      #
      # @param opts [Hash] The options to use for making the HTTP request.
      # @option opts [String] :auth_username An optional username to use with
      #   basic authentication.
      # @option opts [String] :auth_password An optional password to use with
      #   basic authentication. This is only used when :auth_username is
      #   specified.
      # @option opts [String] :data Any data to include within the body of the
      #   request. Often used with the POST HTTP method.
      # @option opts [Hash] :headers A hash of additional headers to include in
      #   the request.
      # @option opts [String] :method The HTTP method to use in the request.
      # @option opts [#write] :output_file A file to write the response data to.
      # @option opts [Boolean] :print_body Whether or not to print the body of the
      #   response.
      # @option opts [Boolean] :print_headers Whether or not to print the headers
      #   of the response.
      # @option opts [String] :ssl_version The version of SSL to use if the
      #   request scheme is HTTPS.
      # @option opts [String] :uri The target uri to request.
      # @option opts [String] :user_agent The value to use in the User-Agent
      #   header of the request.
      # @param opt_parser [Rex::Parser::Arguments] the argument parser for the
      #   request type.
      # @return [nil]
      def handle_request_http(opts, _opt_parser)
        uri = opts[:uri]
        http_client = Rex::Proto::Http::Client.new(
          uri.host,
          uri.port,
          { 'Msf' => framework },
          uri.scheme == 'https',
          opts[:ssl_version]
        )

        if opts[:auth_username]
          auth_str = opts[:auth_username] + ':' + opts[:auth_password]
          auth_str = 'Basic ' + Rex::Text.encode_base64(auth_str)
          opts[:headers]['Authorization'] = auth_str
        end

        uri.path = '/' if uri.path.empty?

        begin
          http_client.connect
          req = http_client.request_cgi(
            'agent' => opts[:user_agent],
            'data' => opts[:data],
            'headers' => opts[:headers],
            'method' => opts[:method],
            'password' => opts[:auth_password],
            'query' => uri.query,
            'uri' => uri.path,
            'username' => opts[:auth_username],
            'version' => opts[:version]
          )

          response = http_client.send_recv(req)
        rescue ::OpenSSL::SSL::SSLError
          print_error('Encountered an SSL error')
        rescue ::Errno::ECONNRESET
          print_error('The connection was reset by the peer')
        rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
          print_error('Encountered an error')
        ensure
          http_client.close
        end

        unless response
          opts[:output_file].close if opts[:output_file]
          return nil
        end

        if opts[:print_headers]
          output_line(opts, response.cmd_string)
          output_line(opts, response.headers.to_s)
        end

        output_line(opts, response.body) if opts[:print_body]
        if opts[:output_file]
          print_status("Wrote #{opts[:output_file].tell} bytes to #{opts[:output_file].path}")
          opts[:output_file].close
        end
      end

      # Output lines based on the provided options. Data is either printed to the
      # console or written to a file. Trailing new lines are removed.
      #
      # @param opts [Hash] The options as parsed from parse_args.
      # @option opts [#write, nil] :output_file An optional file to write the
      #   output to.
      # @param line [String] The string to output.
      # @return [nil]
      def output_line(opts, line)
        if opts[:output_file].nil?
          if line[-2..] == "\r\n"
            print_line(line[0..-3])
          elsif line[-1] == "\n"
            print_line(line[0..-2])
          else
            print_line(line)
          end
        else
          opts[:output_file].write(line)
        end
      end

      # Print the appropriate help text depending on an optional option parser.
      #
      # @param opt_parser [Rex::Parser::Arguments] the argument parser for the
      #   request type.
      # @param msg [String] the first line of the help text to display to the
      #   user.
      #  @return [nil]
      def help(opt_parser = nil, msg = 'Usage: request [options] uri')
        print_line(msg)
        if opt_parser
          print_line(opt_parser.usage)
        else
          print_line("Supported uri types are: #{types.collect { |t| t + '://' }.join(', ')}")
          print_line('To see usage for a specific uri type, use request -h uri')
        end
      end

    end

    def initialize(framework, opts)
      super
      add_console_dispatcher(ConsoleCommandDispatcher)
    end

    def cleanup
      remove_console_dispatcher('Request')
    end

    def name
      'Request'
    end

    def desc
      'Make requests from within Metasploit using various protocols.'
    end

  end
end