CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/fuzzers/http/http_get_uri_strings.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::Tcp

8
  include Msf::Auxiliary::Fuzzer

9


10
  def initialize(info = {})

11
    super(update_info(info,

12
      'Name'           => 'HTTP GET Request URI Fuzzer (Fuzzer Strings)',

13
      'Description'    => %q{

14
        This module sends a series of HTTP GET request with malicious URIs.

15
      },

16
      'Author'         => [ 'nullthreat' ],

17
      'License'        => MSF_LICENSE

18
    ))

19
    register_options([

20
      Opt::RPORT(80),

21
      OptString.new("VHOST", [false, "The virtual host name to use in requests"]),

22
      OptString.new("URIBASE", [true, "The base URL to use for the request fuzzer", "/"])

23
    ])

24
  end

25


26
  def do_http_get(uri='',opts={})

27
    @connected = false

28
    connect

29
    @connected = true

30


31
    sock.put("GET #{uri} HTTP/1.1\r\nHost: #{datastore['VHOST'] || rhost}\r\n\r\n")

32
    sock.get_once(-1, opts[:timeout] || 0.01)

33
  end

34


35
  def run

36
    last_str = nil

37
    last_inp = nil

38
    last_err = nil

39


40
    pre = make_http_uri_base

41
    cnt = 0

42


43
    fuzz_strings do |str|

44
      cnt += 1

45


46
      # XXX: Encode the string or leave it raw? Best to make a new boolean option to enable/disable this

47
      uri = pre + str

48


49
      if(cnt % 100 == 0)

50
        print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")

51
      end

52


53
      begin

54
        r = do_http_get(uri,:timeout => 0.50)

55
      rescue ::Interrupt

56
        print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")

57
        raise $!

58
      rescue ::Exception => e

59
        last_err = e

60
      ensure

61
        disconnect

62
      end

63


64
      if(not @connected)

65
        if(last_str)

66
          print_status("The service may have crashed: iteration:#{cnt-1} method=#{last_inp} uri=''#{last_str}'' error=#{last_err}")

67
        else

68
          print_status("Could not connect to the service: #{last_err}")

69
        end

70
        return

71
      end

72


73
      last_str = str

74
      last_inp = @last_fuzzer_input

75
    end

76
  end

77


78
  def make_http_uri_base

79
    datastore['URIBASE']

80
  end

81
end

82


83