Class: Ronin::CLI::Commands::Http Private

Inherits:

ValueProcessorCommand

• Object
• Core::CLI::Command
• Ronin::CLI::Command
• ValueProcessorCommand
• Ronin::CLI::Commands::Http

Includes:

CommandKit::Options::Verbose, Printing::HTTP

Defined in:

lib/ronin/cli/commands/http.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Send HTTP requests or spawn an interactive HTTP shell.

Usage

ronin http [options] [URL [...] | --shell URL]

Options

-v, --verbose                    Enables verbose output
-f, --file FILE                  Optional file to read values from
    --method HTTP_METHOD         Send the HTTP request method
    --get                        Send a GET request
    --head                       Send a HEAD request
    --patch                      Send a PATCH request
    --post                       Send a POST request
    --put                        Send a PUT request
    --copy                       Send a COPY request
    --delete                     Send a DELETE request
    --lock                       Send a LOCK request
    --options                    Send a OPTIONS request
    --mkcol                      Send a MKCOL request
    --move                       Send a MOVE request
    --propfind                   Send a PROPFIND request
    --proppatch                  Send a PROPPATCH request
    --trace                      Send a TRACE request
    --unlock                     Send an UNLOCK request
    --shell URL                  Open an interactive HTTP shell
-P, --proxy URL                  The proxy to use
-U, --user-agent-string STRING   The User-Agent string to use
-u random|chrome|firefox|safari|linux|macos|windows|iphone|ipad|android|chrome_linux|chrome_macos|chrome_windows|chrome_iphone|chrome_ipad|chrome_android|firefox_linux|firefox_macos|firefox_windows|firefox_iphone|firefox_ipad|firefox_android|safari_macos|safari_iphone|safari_ipad|edge,
    --user-agent                 The User-Agent alias to use
-H, --header "NAME: VALUE"       Adds a header to the request
-C, --cookie COOKIE              Sets the Cookie header
-c, --cookie-param NAME=VALUE    Sets an additional cookie param
-B, --body STRING                The request body
-F, --body-file FILE             Sends the file as the request body
-f, --form-data NAME=VALUE       Adds a value to the form data
-q, --query-param NAME=VALUE     Adds a query param to the URL
-h, --help                       Print help information

Arguments

[URL ...]                        The URL(s) to request

Since:

• 2.0.0

Constant Summary

URL_REGEX =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

http:// and https:// URL validation regex.

Since:

• 2.0.0

/\A#{URI::DEFAULT_PARSER.make_regexp(%w[http https])}\z/

USER_AGENT_ALIASES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Mapping of user-agent aliases.

Since:

• 2.0.0

{
  'random'  => :random,
  'chrome'  => :chrome,
  'firefox' => :firefox,
  'safari'  => :safari,
  'linux'   => :linux,
  'macos'   => :macos,
  'windows' => :windows,
  'iphone'  => :iphone,
  'ipad'    => :ipad,
  'android' => :android,

  'chrome_linux'   => :chrome_linux,
  'chrome_macos'   => :chrome_macos,
  'chrome_windows' => :chrome_windows,
  'chrome_iphone'  => :chrome_iphone,
  'chrome_ipad'    => :chrome_ipad,
  'chrome_android' => :chrome_android,

  'firefox_linux'   => :firefox_linux,
  'firefox_macos'   => :firefox_macos,
  'firefox_windows' => :firefox_windows,
  'firefox_iphone'  => :firefox_iphone,
  'firefox_ipad'    => :firefox_ipad,

  'firefox_android' => :firefox_android,

  'safari_macos'  => :safari_macos,
  'safari_iphone' => :safari_iphone,
  'safari_ipad'   => :safari_ipad,

  'edge' => :edge
}

Instance Attribute Summary

• #body ⇒ String^? readonly private

  The body to send with the request.

• #cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? readonly private

  The optional Cookie header to send.

• #form_data ⇒ Hash{String => String} readonly private

  Form data.

• #headers ⇒ Hash{String => String} readonly private

  Additional HTTP request headers to send.

• #http_method ⇒ Symbol readonly private

  The HTTP request method.

• #proxy ⇒ URI::HTTP^? readonly private

  The optional proxy to use.

• #query_params ⇒ Hash{String => String} readonly private

  Additional URL query params.

• #user_agent ⇒ String, ... readonly private

  Optional User-agent string to use.

Attributes inherited from ValueProcessorCommand

#files

Instance Method Summary

• #initialize(**kwargs) ⇒ Http constructor private

  Initializes the ronin http command.

• #print_response(response) ⇒ Object private

  Prints the HTTP response.

• #process_value(url) ⇒ Object private

  Requests the given URL.

• #run(*urls) ⇒ Object private

  Runs the ronin http command.

• #start_shell(base_url) ⇒ Object private

  Start the HTTPShell.

Methods included from Printing::HTTP

#print_body, #print_headers, #print_highlighted_body, #print_last_newline, #print_plain_body, #syntax_lexer_for_content_type

Methods included from Printing::SyntaxHighlighting

#syntax_formatter, #syntax_lexer, #syntax_lexer_for, #syntax_theme

Methods inherited from ValueProcessorCommand

#process_file

Constructor Details

#initialize(**kwargs) ⇒ Http

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the ronin http command.

Parameters:

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments.

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 361

def initialize(**kwargs)
  super(**kwargs)

  @proxy        = nil
  @http_method  = :get
  @headers      = {}
  @cookie       = nil
  @user_agent   = nil
  @query_params = {}
  @form_data    = {}
end

Instance Attribute Details

#body ⇒ String^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The body to send with the request.

Returns:

• (String, nil)

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 348

def body
  @body
end

#cookie ⇒ Ronin::Support::Network::HTTP::Cookie^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional Cookie header to send.

Returns:

• (Ronin::Support::Network::HTTP::Cookie, nil)

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 333

def cookie
  @cookie
end

#form_data ⇒ Hash{String => String} (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Form data.

Returns:

• (Hash{String => String})

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 353

def form_data
  @form_data
end

#headers ⇒ Hash{String => String} (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional HTTP request headers to send.

Returns:

• (Hash{String => String})

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 328

def headers
  @headers
end

#http_method ⇒ Symbol (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The HTTP request method.

Returns:

• (Symbol)

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 323

def http_method
  @http_method
end

#proxy ⇒ URI::HTTP^? (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

The optional proxy to use.

Returns:

• (URI::HTTP, nil)

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 318

def proxy
  @proxy
end

#query_params ⇒ Hash{String => String} (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Additional URL query params.

Returns:

• (Hash{String => String})

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 343

def query_params
  @query_params
end

#user_agent ⇒ String, ... (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Optional User-agent string to use.

Returns:

• (String, Symbol, nil)

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 338

def user_agent
  @user_agent
end

Instance Method Details

#print_response(response) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

If --verbose is specified then the response headers will also be printed.

Prints the HTTP response.

Parameters:

• response (Net::HTTPResponse) —

  The HTTP response object.

See Also:

• HTTPMethods#print_response

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 451

def print_response(response)
  super(response, show_headers: options[:verbose])
end

#process_value(url) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Requests the given URL.

Parameters:

• url (String) —

  The URL to request.

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 405

def process_value(url)
  unless url =~ URL_REGEX
    print_error "invalid URL: #{url.inspect}"
    return
  end

  uri = begin
          Addressable::URI.parse(url)
        rescue Addressable::URI::InvalidURIError => error
          print_error "invalid URL: #{error.message}"
          return
        end

  begin
    Support::Network::HTTP.request(
      @http_method, uri, proxy:        @proxy,
                         cookie:       @cookie,
                         user_agent:   @user_agent,
                         query_params: @query_params,
                         headers:      @headers,
                         body:         @body,
                         form_data:    @form_data
    ) do |response|
      # NOTE: we must call HTTP.request with a block to avoid causing
      # #read_body to be called twice.
      print_response(response)
    end
  rescue StandardError => error
    if verbose? then print_exception(error)
    else             print_error(error.message)
    end
  end
end

#run(*urls) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Runs the ronin http command.

Parameters:

• urls (Array<String>) —

  The URL(s) to request.

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 379

def run(*urls)
  if options[:shell]
    start_shell(options[:shell])
  else
    super(*urls)
  end
end

#start_shell(base_url) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Start the HTTPShell.

Parameters:

• base_url (String) —

  The base URL to connect to.

Since:

• 2.0.0

# File 'lib/ronin/cli/commands/http.rb', line 393

def start_shell(base_url)
  HTTPShell.start(base_url, proxy:      @proxy,
                            headers:    @headers,
                            user_agent: @user_agent)
end