Class: Ronin::Vulns::WebVuln::HTTPRequest Private

Inherits:

Object

• Object
• Ronin::Vulns::WebVuln::HTTPRequest

Defined in:

lib/ronin/vulns/web_vuln/http_request.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Represents a HTTP request.

Constant Summary

CRLF =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

HTTP newline deliminator.

"\r\n"

Instance Attribute Summary

• #cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? readonly private

  Additional Cookie header for the request.

• #form_data ⇒ Hash{String => Object}^? readonly private

  The form data that may be sent in the body of the request.

• #headers ⇒ Hash{Symbol,String => String}^? readonly private

  Additional HTTP header names and values to add to the request.

• #password ⇒ String^? readonly private

  The password to authenticate with.

• #query_params ⇒ Hash{String,Symbol => String}^? readonly private

  The query param for the request.

• #referer ⇒ String^? readonly private

  The optional HTTP Referer header for the request.

• #request_method ⇒ :copy, ... readonly private

  The HTTP request method.

• #url ⇒ URI::HTTP readonly private

  The URL of the request.

• #user ⇒ String^? readonly private

  The user to authenticate as.

• #user_agent ⇒ String, ... readonly private

  The optional HTTP User-Agent header to send with each request.

Instance Method Summary

• #initialize(url, request_method: :get, user: nil, password: nil, user_agent: nil, referer: nil, query_params: nil, headers: nil, cookie: nil, form_data: nil) ⇒ HTTPRequest constructor private

  Initializes the HTTP request object.

• #to_curl ⇒ String private

  Converts the HTTP request to a curl command.

• #to_http ⇒ String private

  Converts the HTTP request to a raw HTTP request.

• #user_agent_string ⇒ String^? private

  The User-Agent string for the request.

Constructor Details

#initialize(url, request_method: :get, user: nil, password: nil, user_agent: nil, referer: nil, query_params: nil, headers: nil, cookie: nil, form_data: nil) ⇒ HTTPRequest

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the HTTP request object.

The HTTP request mehtod for each request.

Parameters:

• url (URI::HTTP) —

  The URL to test or exploit.

• request_method (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock) (defaults to: :get)
• user (String, nil) (defaults to: nil) —

  The user to authenticate as.

• password (String, nil) (defaults to: nil) —

  The password to authenticate with.

• query_params (Hash{Symbol,String => String}, nil) (defaults to: nil) —

  Additional URL query params for the request.

• headers (Hash{Symbol,String => String}, nil) (defaults to: nil) —

  Additional HTTP header names and values to add to the request.

• user_agent (String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil) (defaults to: nil) —

  Optional User-Agent header to send with requests.

• cookie (String, Hash{String => String}, nil) (defaults to: nil) —

  Additional Cookie header for the request..

• form_data (Hash, nil) (defaults to: nil) —

  The form data that may be sent in the body of the request.

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 130

def initialize(url, request_method: :get,
                    user:           nil,
                    password:       nil,
                    user_agent:     nil,
                    referer:        nil,
                    query_params:   nil,
                    headers:        nil,
                    cookie:         nil,
                    form_data:      nil)
  @url = url

  if query_params && !query_params.empty?
    @url = url.dup

    @url.query_params = query_params
  end

  @request_method = request_method
  @user           = user
  @password       = password
  @user_agent     = user_agent
  @referer        = referer

  @query_params = query_params
  @cookie       = if cookie
                    Support::Network::HTTP::Cookie.new(cookie)
                  end
  @headers      = headers
  @form_data    = form_data
end

Instance Attribute Details

#cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional Cookie header for the request.

Returns:

• (Ronin::Support::Network::HTTP::Cookie, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 86

def cookie
  @cookie
end

#form_data ⇒ Hash{String => Object}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The form data that may be sent in the body of the request.

Returns:

• (Hash{String => Object}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 96

def form_data
  @form_data
end

#headers ⇒ Hash{Symbol,String => String}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional HTTP header names and values to add to the request.

Returns:

• (Hash{Symbol,String => String}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 91

def headers
  @headers
end

#password ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The password to authenticate with.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 58

def password
  @password
end

#query_params ⇒ Hash{String,Symbol => String}^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The query param for the request.

Returns:

• (Hash{String,Symbol => String}, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 81

def query_params
  @query_params
end

#referer ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP Referer header for the request.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 76

def referer
  @referer
end

#request_method ⇒ :copy, ... (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP request method.

Returns:

• (:copy, :delete, :get, :head, :lock, :mkcol, :move, :options, :patch, :post, :propfind, :proppatch, :put, :trace, :unlock)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 48

def request_method
  @request_method
end

#url ⇒ URI::HTTP (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The URL of the request.

Returns:

• (URI::HTTP)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 41

def url
  @url
end

#user ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The user to authenticate as.

Returns:

• (String, nil)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 53

def user
  @user
end

#user_agent ⇒ String, ... (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional HTTP User-Agent header to send with each request.

Returns:

• (String, :random, :chrome, :chrome_linux, :chrome_macos, :chrome_windows, :chrome_iphone, :chrome_ipad, :chrome_android, :firefox, :firefox_linux, :firefox_macos, :firefox_windows, :firefox_iphone, :firefox_ipad, :firefox_android, :safari, :safari_macos, :safari_iphone, :safari_ipad, :edge, :linux, :macos, :windows, :iphone, :ipad, :android, nil)

Since:

• 0.2.0

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 71

def user_agent
  @user_agent
end

Instance Method Details

#to_curl ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Converts the HTTP request to a curl command.

Returns:

• (String)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 181

def to_curl
  escape = ->(str) { "'#{str.to_s.tr("'","\\'")}'" }

  command = ['curl']

  if @request_method != :get
    command << '--request' << @request_method.upcase
  end

  if (@user || @password)
    command << '--user' << escape.call("#{@user}:#{@password}")
  end

  if @user_agent
    command << '--user-agent' << escape.call(user_agent_string)
  end

  if @referer
    command << '--referer' << escape.call(@referer)
  end

  if (@cookie && !@cookie.empty?)
    command << '--cookie' << escape.call(@cookie)
  end

  if @headers
    @headers.each do |name,value|
      command << '--header' << escape.call("#{name}: #{value}")
    end
  end

  if (@form_data && !@form_data.empty?)
    form_string = URI.encode_www_form(@form_data)
    command << '--form-string' << escape.call(form_string)
  end

  command << escape.call(@url)

  return command.join(' ')
end

#to_http ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Converts the HTTP request to a raw HTTP request.

Returns:

• (String)

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 230

def to_http
  request = []
  request << "#{@request_method.upcase} #{@url.request_uri} HTTP/1.1"

  if (@form_data && !@form_data.empty?)
    request << "Content-Type: x-www-form-urlencoded"
  end

  if (@user || @password)
    basic_auth = ["#{@user}:#{@password}"].pack('m0')
    request << "Authorization: Basic #{basic_auth}"
  end

  request << "User-Agent: #{user_agent_string}" if @user_agent
  request << "Referer: #{@referer}" if @referer
  request << "Cookie: #{@cookie}"   if (@cookie && !@cookie.empty?)

  if @headers
    @headers.each do |name,value|
      request << "#{name}: #{value}"
    end
  end

  if (@form_data && !@form_data.empty?)
    request << ''
    request << URI.encode_www_form(@form_data)
  end

  return request.join(CRLF) << CRLF
end

#user_agent_string ⇒ String^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The User-Agent string for the request.

Returns:

• (String, nil)

Since:

• 0.2.0

# File 'lib/ronin/vulns/web_vuln/http_request.rb', line 168

def user_agent_string
  case @user_agent
  when String, nil then @user_agent
  else
    Support::Network::HTTP::UserAgents[@user_agent]
  end
end