Metasploit mailing list archives
Rex http protocol
From: skoda306 at yahoo.com (daniel)
Date: Sat, 21 Apr 2007 22:38:18 -0700 (PDT)
First of all to all metasploit developers, GOOD JOB :) Ok I am new to metasploit developing, and have 1 day experience with ruby so bare with me. I want to start helping in the metasploit developing, I am starting to write a http fuzzer plugin for it but Ive been having problems with the rex http protocol. I overwrote sample.rb and added a trigger command that does as fallow: cli = Client.new("www.google.com") req = Request.new() cli.send_request(req) response = cli.read_response puts response When runned this piece of code with latest metasploit I got a compile error, since send_request(req) end up calling:
From client.rb
def send_request(req) # Connect to the server connect # build the request req_string = req.to_s # Send it on over ret = conn.put(req) # Tell the remote side if we aren't pipelining conn.shutdown(::Socket::SHUT_WR) if (!pipelining?) ret end The problem is in conn.put(req) which requires that the length of req can be accesed. I dont know if its a bug, but did you meant: ret = conn.put(req_string) After I edited this on client.rb the this change my code seems to work just fine. Also I am having some trouble loading/unloading modules. Whenever I load a module, test it, then edit it unload and load back again, the old code is loaded, and I have to restart the msfconsole back again to load my new code, is this normal behavior ? Thanks for the answers daniel This is my test plugin: module Msf ### # # This class illustrates a sample plugin. Plugins can change the behavior of # the framework by adding new features, new user interface commands, or # through any other arbitrary means. They are designed to have a very loose # definition in order to make them as useful as possible. # ### class Plugin::Http_fuzz < Msf::Plugin ### # # This class implements a sample console command dispatcher. # ### class HttpFuzzer include Rex::Proto::Http include Msf::Ui::Console::CommandDispatcher # # The dispatcher's name. # def name "Http_fuzz" end # # Returns the hash of commands supported by this dispatcher. # def commands { "trigger" => "Command to start the fuzzer" # "target" => "Command to set the target to fuzz" # "port" => "Command to set the port to fuzz" } end # # This method handles the sample command. # def cmd_trigger(*args) #Start the fuzzer here cli = Client.new("www.google.com") req = Request.new() cli.send_request(re) response = cli.read_response puts response end end # # The constructor is called when an instance of the plugin is created. The # framework instance that the plugin is being associated with is passed in # the framework parameter. Plugins should call the parent constructor when # inheriting from Msf::Plugin to ensure that the framework attribute on # their instance gets set. # def initialize(framework, opts) super # If this plugin is being loaded in the context of a console application # that uses the framework's console user interface driver, register # console dispatcher commands. add_console_dispatcher(HttpFuzzer) print_status("Sample plugin loaded.") end # # The cleanup routine for plugins gives them a chance to undo any actions # they may have done to the framework. For instance, if a console # dispatcher was added, then it should be removed in the cleanup routine. # def cleanup # If we had previously registered a console dispatcher with the console, # deregister it now. remove_console_dispatcher('Http_fuzz') end # # This method returns a short, friendly name for the plugin. # def name "http fuzzer" end # # This method returns a brief description of the plugin. It should be no # more than 60 characters, but there are no hard limits. # def desc "Http fuzzer testing" end protected end end __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070421/e669fc98/attachment.htm>
Current thread:
- Rex http protocol daniel (Apr 21)
- Rex http protocol mmiller at hick.org (Apr 22)