github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-05 12:36:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

SSL SNI support; important http-*:// fix; also http-post support added

Browse source
This commit is contained in:
van Hauser 2016-06-15 19:53:36 +02:00
parent 4c25bddad7
commit 1579369097
52 changed files with 437 additions and 418 deletions
Download patch file Download diff file Expand all files Collapse all files

37
hydra-http.c
View file

@ -11,7 +11,7 @@ int http_auth_mechanism = AUTH_BASIC;
int start_http(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) {
char *empty = "";
char *login, *pass, buffer[500], buffer2[500];
char *header = ""; /* XXX TODO */
char header[64] = "Content-Length: 0\r\n";
char *ptr, *fooptr;
int complete_line = 0;
char tmpreplybuf[1024] = "", *tmpreplybufptr;
@ -21,6 +21,9 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty;
if (strcmp(type, "POST") != 0)
header[0] = 0;
// we must reset this if buf is NULL and we do MD5 digest
if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
http_auth_mechanism = AUTH_BASIC;
@ -234,7 +237,7 @@ int start_http(int s, char *ip, int port, unsigned char options, char *miscptr,
return 1;
}
void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) {
void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname, char *type) {
int run = 1, next_run = 1, sock = -1;
int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
char *ptr, *ptr2;
@ -243,6 +246,8 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return;
printf("DEBUG0: %s\n", miscptr);
if ((webtarget = strstr(miscptr, "://")) != NULL) {
webtarget += strlen("://");
if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */
@ -259,12 +264,12 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
strcpy(miscptr, ptr2);
*ptr2 = 0;
} else
webtarget = NULL;
}
if (cmdlinetarget != NULL && webtarget == NULL)
webtarget = cmdlinetarget;
else if (webtarget == NULL && cmdlinetarget == NULL)
webtarget = hydra_address2string(ip);
webtarget = hostname;
} else
if (strlen(miscptr) == 0)
miscptr = strdup("/");
if (webtarget == NULL)
webtarget = hostname;
if (port != 0)
webport = port;
else if ((options & OPTION_SSL) == 0)
@ -287,7 +292,7 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
} else {
if (port != 0)
mysslport = port;
sock = hydra_connect_ssl(ip, mysslport);
sock = hydra_connect_ssl(ip, mysslport, hostname);
port = mysslport;
}
if (sock < 0) {
@ -319,15 +324,19 @@ void service_http(char *ip, int sp, unsigned char options, char *miscptr, FILE *
}
}
void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http(ip, sp, options, miscptr, fp, port, "GET");
void service_http_get(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "GET");
}
void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
service_http(ip, sp, options, miscptr, fp, port, "HEAD");
void service_http_post(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "POST");
}
int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) {
void service_http_head(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
service_http(ip, sp, options, miscptr, fp, port, hostname, "HEAD");
}
int service_http_init(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *hostname) {
// called before the childrens are forked off, so this is the function
// which should be filled if initial connections and service setup has to be
// performed once only.