Class: Ronin::Vulns::WebVuln::HTTPRequest Private

Inherits:

Object

• Object
• Ronin::Vulns::WebVuln::HTTPRequest

Defined in:

lib/ronin/vulns/web_vuln/http_request.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Represents a HTTP request.

Constant Summary

CRLF =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

HTTP newline deliminator.

"\r\n"

Instance Attribute Summary

• #cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? readonly private

  Additional Cookie header for the request.

• #form_data ⇒ Hash{String => Object}^? readonly private

  The form data that may be sent in the body of the request.

• #headers ⇒ Hash{Symbol,String => String}^? readonly private

  Additional HTTP header names and values to add to the request.

• #password ⇒ String^? readonly private

  The password to authenticate with.

• #query_params ⇒ Hash{String,Symbol => String}^? readonly private

  The query param for the request.

• #referer ⇒ String^? readonly private

  The optional HTTP Referer header for the request.

• #request_method ⇒ :copy, ... readonly private

  The HTTP request method.

• #url ⇒ URI::HTTP readonly private

  The URL of the request.

• #user ⇒ String^? readonly private

  The user to authenticate as.

• #user_agent ⇒ String, ... readonly private

  The optional HTTP User-Agent header to send with each request.

Instance Method Summary

• #initialize(url, request_method: :get, user: nil, password: nil, user_agent: nil, referer: nil, query_params: nil, headers: nil, cookie: nil, form_data: nil) ⇒ HTTPRequest constructor private

  Initializes the HTTP request object.

• #to_curl ⇒ String private

  Converts the HTTP request to a curl command.

• #to_http ⇒ String private

  Converts the HTTP request to a raw HTTP request.

• #user_agent_string ⇒ String^? private

  The User-Agent string for the request.

Constructor Details

#initialize(url, request_method: :get, user: nil, password: nil, user_agent: nil, referer: nil, query_params: nil, headers: nil, cookie: nil, form_data: nil) ⇒ HTTPRequest

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the HTTP request object.

The HTTP request mehtod for each request.

Parameters:

• url (URI::HTTP) —

  The URL to test or exploit.

• request_method (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock) (defaults to: :get)
• user (String, nil) (defaults to: nil) —

  The user to authenticate as.

• password (String, nil) (defaults to: nil) —

  The password to authenticate with.

• query_params (Hash{Symbol,String => String}, nil) (defaults to: nil) —

  Additional URL query params for the request.

• headers (Hash{Symbol,String => String}, nil) (defaults to: nil) —

  Additional HTTP header names and values to add to the request.

• user_agent (String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil) (defaults to: nil) —

  Optional User-Agent header to send with requests.

• cookie (String, Hash{String => String}, nil) (defaults to: nil) —

  Additional Cookie header for the request..

• form_data (Hash, nil) (defaults to: nil) —

  The form data that may be sent in the body of the request.

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 129

def initialize(url, request_method: :get,
                    user:           nil,
                    password:       nil,
                    user_agent:     nil,
                    referer:        nil,
                    query_params:   nil,
                    headers:        nil,
                    cookie:         nil,
                    form_data:      nil)
  @url = url

  if query_params && !query_params.empty?
    @url = url.dup

    @url.query_params = query_params
  end

  @request_method = request_method
  @user           = user
  @password       = password
  @user_agent     = user_agent
  @referer        = referer

  @query_params = query_params
  @cookie       = if cookie
                    Support::Network::HTTP::Cookie.new(cookie)
                  end
  @headers      = headers
  @form_data    = form_data
end

Instance Attribute Details

#cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional Cookie header for the request.

Returns:

• (Ronin::Support::Network::HTTP::Cookie, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 85

def cookie
  @cookie
end

#form_data ⇒ Hash{String => Object}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The form data that may be sent in the body of the request.

Returns:

• (Hash{String => Object}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 95

def form_data
  @form_data
end

#headers ⇒ Hash{Symbol,String => String}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional HTTP header names and values to add to the request.

Returns:

• (Hash{Symbol,String => String}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 90

def headers
  @headers
end

#password ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The password to authenticate with.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 57

def password
  @password
end

#query_params ⇒ Hash{String,Symbol => String}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The query param for the request.

Returns:

• (Hash{String,Symbol => String}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 80

def query_params
  @query_params
end

#referer ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP Referer header for the request.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 75

def referer
  @referer
end

#request_method ⇒ :copy, ... (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP request method.

Returns:

• (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 47

def request_method
  @request_method
end

#url ⇒ URI::HTTP (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The URL of the request.

Returns:

• (URI::HTTP)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 40

def url
  @url
end

#user ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The user to authenticate as.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 52

def user
  @user
end

#user_agent ⇒ String, ... (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP User-Agent header to send with each request.

Returns:

• (String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil)

Since:

• 0.2.0

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 70

def user_agent
  @user_agent
end

Instance Method Details

#to_curl ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Converts the HTTP request to a curl command.

Returns:

• (String)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 180

def to_curl
  escape = ->(str) { "'#{str.to_s.tr("'","\\'")}'" }

  command = ['curl']

  if @request_method != :get
    command << '--request' << @request_method.upcase
  end

  if (@user || @password)
    command << '--user' << escape.call("#{@user}:#{@password}")
  end

  if @user_agent
    command << '--user-agent' << escape.call(user_agent_string)
  end

  if @referer
    command << '--referer' << escape.call(@referer)
  end

  if (@cookie && !@cookie.empty?)
    command << '--cookie' << escape.call(@cookie)
  end

  if @headers
    @headers.each do |name,value|
      command << '--header' << escape.call("#{name}: #{value}")
    end
  end

  if (@form_data && !@form_data.empty?)
    form_string = URI.encode_www_form(@form_data)
    command << '--form-string' << escape.call(form_string)
  end

  command << escape.call(@url)

  return command.join(' ')
end

#to_http ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Converts the HTTP request to a raw HTTP request.

Returns:

• (String)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 229

def to_http
  request = []
  request << "#{@request_method.upcase} #{@url.request_uri} HTTP/1.1"

  if (@form_data && !@form_data.empty?)
    request << "Content-Type: x-www-form-urlencoded"
  end

  if (@user || @password)
    basic_auth = ["#{@user}:#{@password}"].pack('m0')
    request << "Authorization: Basic #{basic_auth}"
  end

  request << "User-Agent: #{user_agent_string}" if @user_agent
  request << "Referer: #{@referer}" if @referer
  request << "Cookie: #{@cookie}"   if (@cookie && !@cookie.empty?)

  if @headers
    @headers.each do |name,value|
      request << "#{name}: #{value}"
    end
  end

  if (@form_data && !@form_data.empty?)
    request << ''
    request << URI.encode_www_form(@form_data)
  end

  return request.join(CRLF) << CRLF
end

#user_agent_string ⇒ String^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The User-Agent string for the request.

Returns:

• (String, nil)

Since:

• 0.2.0

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 167

def user_agent_string
  case @user_agent
  when String, nil then @user_agent
  else
    Support::Network::HTTP::UserAgents[@user_agent]
  end
end