Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/fuzzers/http/http_get_uri_long.rb
19664 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'English'
7
class MetasploitModule < Msf::Auxiliary
8
include Msf::Exploit::Remote::Tcp
9
include Msf::Auxiliary::Fuzzer
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'HTTP GET Request URI Fuzzer (Incrementing Lengths)',
16
'Description' => %q{
17
This module sends a series of HTTP GET request with incrementing URL lengths.
18
},
19
'Author' => [ 'nullthreat' ],
20
'License' => MSF_LICENSE,
21
'Notes' => {
22
'Stability' => [CRASH_SERVICE_DOWN],
23
'SideEffects' => [],
24
'Reliability' => []
25
}
26
)
27
)
28
register_options([
29
Opt::RPORT(80),
30
OptInt.new('MAXLENGTH', [true, 'The longest string length to try', 16384]),
31
OptString.new('URIBASE', [true, 'The base URL to use for the request fuzzer', '/']),
32
OptString.new('VHOST', [false, 'The virtual host name to use in requests'])
33
])
34
end
35
36
def do_http_get(uri = '', opts = {})
37
@connected = false
38
connect
39
@connected = true
40
41
sock.put("GET #{uri} HTTP/1.1\r\nHost: #{datastore['VHOST'] || rhost}\r\n\r\n")
42
sock.get_once(-1, opts[:timeout] || 0.01)
43
end
44
45
def run
46
last_str = nil
47
last_inp = nil
48
last_err = nil
49
50
pre = make_http_uri_base
51
cnt = 0
52
53
1.upto(datastore['MAXLENGTH'].to_i) do |len|
54
cnt += 1
55
56
str = fuzzer_gen_string(len)
57
58
# XXX: Encode the string or leave it raw? Best to make a new boolean option to enable/disable this
59
uri = pre + str
60
61
if (cnt % 100 == 0)
62
print_status("Fuzzing with iteration #{cnt} using string length #{len}")
63
end
64
65
begin
66
do_http_get(uri, timeout: 0.25)
67
rescue ::Interrupt
68
print_status("Exiting on interrupt: iteration #{cnt} using string length #{len}")
69
raise $ERROR_INFO
70
rescue StandardError => e
71
last_err = e
72
ensure
73
disconnect
74
end
75
76
if !@connected
77
if last_str
78
print_status("The service may have crashed: iteration:#{cnt - 1} len=#{len} uri=''#{last_str}'' error=#{last_err}")
79
else
80
print_status("Could not connect to the service: #{last_err}")
81
end
82
break
83
end
84
85
last_str = str
86
last_inp = @last_fuzzer_input
87
end
88
end
89
90
def make_http_uri_base
91
datastore['URIBASE']
92
end
93
end
94
95