Class: Ronin::Vulns::WebVuln::HTTPRequest Private

Inherits:

Object

• Object
• Ronin::Vulns::WebVuln::HTTPRequest

Defined in:

lib/ronin/vulns/web_vuln/http_request.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Represents a HTTP request.

Constant Summary

CRLF =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

HTTP newline deliminator.

"\r\n"

Instance Attribute Summary

• #cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? readonly private

  Additional Cookie header for the request.

• #form_data ⇒ Hash{String => Object}^? readonly private

  The form data that may be sent in the body of the request.

• #headers ⇒ Hash{Symbol,String => String}^? readonly private

  Additional HTTP header names and values to add to the request.

• #password ⇒ String^? readonly private

  The password to authenticate with.

• #query_params ⇒ Hash{String,Symbol => String}^? readonly private

  The query param for the request.

• #referer ⇒ String^? readonly private

  The optional HTTP Referer header for the request.

• #request_method ⇒ :copy, ... readonly private

  The HTTP request method.

• #url ⇒ URI::HTTP readonly private

  The URL of the request.

• #user ⇒ String^? readonly private

  The user to authenticate as.

Instance Method Summary

• #initialize(url, request_method: :get, user: nil, password: nil, referer: nil, query_params: nil, headers: nil, cookie: nil, form_data: nil) ⇒ HTTPRequest constructor private

  Initializes the HTTP request object.

• #to_curl ⇒ String private

  Converts the HTTP request to a curl command.

• #to_http ⇒ String private

  Converts the HTTP request to a raw HTTP request.

Constructor Details

#initialize(url, request_method: :get, user: nil, password: nil, referer: nil, query_params: nil, headers: nil, cookie: nil, form_data: nil) ⇒ HTTPRequest

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the HTTP request object.

The HTTP request mehtod for each request.

Parameters:

• url (URI::HTTP) —

  The URL to test or exploit.

• request_method (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock) (defaults to: :get)
• user (String, nil) (defaults to: nil) —

  The user to authenticate as.

• password (String, nil) (defaults to: nil) —

  The password to authenticate with.

• query_params (Hash{Symbol,String => String}, nil) (defaults to: nil) —

  Additional URL query params for the request.

• headers (Hash{Symbol,String => String}, nil) (defaults to: nil) —

  Additional HTTP header names and values to add to the request.

• cookie (String, Hash{String => String}, nil) (defaults to: nil) —

  Additional Cookie header for the request..

• form_data (Hash, nil) (defaults to: nil) —

  The form data that may be sent in the body of the request.

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 112

def initialize(url, request_method: :get,
                    user:           nil,
                    password:       nil,
                    referer:        nil,
                    query_params:   nil,
                    headers:        nil,
                    cookie:         nil,
                    form_data:      nil)
  @url = url

  if query_params && !query_params.empty?
    @url = url.dup

    @url.query_params = query_params
  end

  @request_method = request_method
  @user           = user
  @password       = password
  @referer        = referer

  @query_params = query_params
  @cookie       = if cookie
                    Support::Network::HTTP::Cookie.new(cookie)
                  end
  @headers      = headers
  @form_data    = form_data
end

Instance Attribute Details

#cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional Cookie header for the request.

Returns:

• (Ronin::Support::Network::HTTP::Cookie, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 71

def cookie
  @cookie
end

#form_data ⇒ Hash{String => Object}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The form data that may be sent in the body of the request.

Returns:

• (Hash{String => Object}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 81

def form_data
  @form_data
end

#headers ⇒ Hash{Symbol,String => String}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional HTTP header names and values to add to the request.

Returns:

• (Hash{Symbol,String => String}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 76

def headers
  @headers
end

#password ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The password to authenticate with.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 56

def password
  @password
end

#query_params ⇒ Hash{String,Symbol => String}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The query param for the request.

Returns:

• (Hash{String,Symbol => String}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 66

def query_params
  @query_params
end

#referer ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP Referer header for the request.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 61

def referer
  @referer
end

#request_method ⇒ :copy, ... (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP request method.

Returns:

• (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 46

def request_method
  @request_method
end

#url ⇒ URI::HTTP (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The URL of the request.

Returns:

• (URI::HTTP)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 39

def url
  @url
end

#user ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The user to authenticate as.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 51

def user
  @user
end

Instance Method Details

#to_curl ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Converts the HTTP request to a curl command.

Returns:

• (String)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 146

def to_curl
  escape = ->(str) { "'#{str.to_s.tr("'","\\'")}'" }

  command = ['curl']

  if @request_method != :get
    command << '--request' << @request_method.upcase
  end

  if (@user || @password)
    command << '--user' << escape.call("#{@user}:#{@password}")
  end

  if @referer
    command << '--referer' << escape.call(@referer)
  end

  if (@cookie && !@cookie.empty?)
    command << '--cookie' << escape.call(@cookie)
  end

  if @headers
    @headers.each do |name,value|
      command << '--header' << escape.call("#{name}: #{value}")
    end
  end

  if (@form_data && !@form_data.empty?)
    form_string = URI.encode_www_form(@form_data)
    command << '--form-string' << escape.call(form_string)
  end

  command << escape.call(@url)

  return command.join(' ')
end

#to_http ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Converts the HTTP request to a raw HTTP request.

Returns:

• (String)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 191

def to_http
  request = []
  request << "#{@request_method.upcase} #{@url.request_uri} HTTP/1.1"

  if (@form_data && !@form_data.empty?)
    request << "Content-Type: x-www-form-urlencoded"
  end

  if (@user || @password)
    basic_auth = ["#{@user}:#{@password}"].pack('m0')
    request << "Authorization: Basic #{basic_auth}"
  end

  request << "Referer: #{@referer}" if @referer
  request << "Cookie: #{@cookie}"   if (@cookie && !@cookie.empty?)

  if @headers
    @headers.each do |name,value|
      request << "#{name}: #{value}"
    end
  end

  if (@form_data && !@form_data.empty?)
    request << ''
    request << URI.encode_www_form(@form_data)
  end

  return request.join(CRLF) << CRLF
end