From 4c0d05bba63154388a3dddcaba25a41ab3342edd Mon Sep 17 00:00:00 2001 From: ajuaristi Date: Wed, 30 Jul 2014 18:24:39 +0200 Subject: [PATCH] Checkpoint plain HTTP. --- hydra-http-form.c | 49 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/hydra-http-form.c b/hydra-http-form.c index 1120243..00384ac 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -83,12 +83,6 @@ int success_cond = 0; int getcookie = 1; int auth_flag = 0; -char redirected_url_buff[2048] = ""; -int redirected_flag = 0; - -#define MAX_REDIRECT 8 -#define MAX_CONTENT_LENGTH 20 -int redirected_cpt = MAX_REDIRECT; char cookie[4096] = "", cmiscptr[1024]; extern char *webtarget; @@ -96,6 +90,14 @@ extern char *slash; int webport, freemischttpform = 0; char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; +#define MAX_REDIRECT 8 +#define MAX_CONTENT_LENGTH 20 +#define MAX_PROXY_LENGTH 2048 // sizeof(cookieurl) * 2 + +char redirected_url_buff[2048] = ""; +int redirected_flag = 0; +int redirected_cpt = MAX_REDIRECT; + char *cookie_request, *normal_request; // Buffers for HTTP headers ptr_header_node ptr_head = NULL; @@ -446,10 +448,10 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc char *empty = ""; char * buffer; char *login, *pass, clogin[256], cpass[256]; - char header[8096], *upd3variables, cuserheader[1024]; + char header[8096], *upd3variables; char *http_request; int found = !success_cond, i, j; - char content_length[MAX_CONTENT_LENGTH]; + char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; memset(header, 0, sizeof(header)); cookie[0] = 0; // reset cookies from potential previous attempt @@ -483,11 +485,34 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc // proxy without authentication if (getcookie) { //doing a GET to get cookies - //buffer = prepare_http_request(type, url, NULL); - hydra_report(stdout, "HTTP headers (Proxy Noauth Cookies): %s", buffer); + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); + http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + i = analyze_server_response(s); // ignore result + if (strlen(cookie) > 0) + add_header("Cookie", cookie, HEADER_TYPE_DEFAULT); + hydra_reconnect(s, ip, port, options); + } + + // now prepare for the "real" request + if (strcmp(type, "POST") == 0) { + memset(proxy_string, 0, sizeof(proxy_string)); + snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, url); + snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); + add_header("Content-Length", content_length, HEADER_TYPE_DEFAULT); + add_header("Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); + normal_request = stringify_headers(); + http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; + } else { + normal_request = stringify_headers(); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) + return 1; } - //buffer = prepare_http_request(type, url, NULL); - hydra_report(stdout, "HTTP headers (Proxy Noauth): %s", buffer); } else { // direct web server, no proxy if (getcookie) {