github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-06 04:51:40 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

optionally include headers in non-form based http requests

Browse source
This commit is contained in:
mathewmarcus 2018-07-16 07:16:58 -05:00
parent 4b1a945c45
commit 9afbddfa95
1 changed files with 34 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

44
hydra-http.c
View file

@ -1,4 +1,3 @@
#include "hydra-mod.h"
#include "hydra-http.h" #include "hydra-http.h"
#include "sasl.h" #include "sasl.h"
@ -9,10 +8,10 @@ char *http_buf = NULL;
int32_t webport, freemischttp = 0; int32_t webport, freemischttp = 0;
int32_t http_auth_mechanism = AUTH_BASIC; int32_t http_auth_mechanism = AUTH_BASIC;
int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type) { int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *type, ptr_header_node ptr_head) {
char *empty = ""; char *empty = "";
char *login, *pass, buffer[500], buffer2[500]; char *login, *pass, *buffer, buffer2[500];
char header[64] = "Content-Length: 0\r\n"; char *header;
char *ptr, *fooptr; char *ptr, *fooptr;
int32_t complete_line = 0; int32_t complete_line = 0;
char tmpreplybuf[1024] = "", *tmpreplybufptr; char tmpreplybuf[1024] = "", *tmpreplybufptr;
@ -22,8 +21,15 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty; pass = empty;
if (strcmp(type, "POST") != 0) if (strcmp(type, "POST") == 0)
header[0] = 0; add_header(&ptr_head, "Content-Length", "0", HEADER_TYPE_DEFAULT);
header = stringify_headers(&ptr_head);
if(!(buffer = malloc(strlen(header) + 500))) {
free(header);
return 3;
}
// we must reset this if buf is NULL and we do MD5 digest // we must reset this if buf is NULL and we do MD5 digest
if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5) if (http_buf == NULL && http_auth_mechanism == AUTH_DIGESTMD5)
@ -63,6 +69,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
fooptr = buffer2; fooptr = buffer2;
sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header); sasl_digest_md5(fooptr, login, pass, buffer, miscptr, type, webtarget, webport, header);
if (fooptr == NULL) { if (fooptr == NULL) {
free(buffer);
free(header);
return 3; return 3;
} }
@ -98,8 +106,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
buf1, header); buf1, header);
} }
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buffer);
free(header);
return 1; return 1;
}
//receive challenge //receive challenge
if (http_buf != NULL) if (http_buf != NULL)
@ -110,8 +121,11 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
http_buf = hydra_receive_line(s); http_buf = hydra_receive_line(s);
} }
if (http_buf == NULL) if (http_buf == NULL) {
free(buffer);
free(header);
return 1; return 1;
}
if (pos != NULL) { if (pos != NULL) {
char *str; char *str;
@ -154,6 +168,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
} }
if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { if (hydra_send(s, buffer, strlen(buffer), 0) < 0) {
free(buffer);
free(header);
return 1; return 1;
} }
@ -190,6 +206,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (http_buf == NULL) { if (http_buf == NULL) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Server did not answer\n"); hydra_report(stderr, "[ERROR] Server did not answer\n");
free(buffer);
free(header);
return 3; return 3;
} }
@ -229,6 +247,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
if (find_auth) { if (find_auth) {
// free(http_buf); // free(http_buf);
// http_buf = NULL; // http_buf = NULL;
free(buffer);
free(header);
return 1; return 1;
} }
} }
@ -236,6 +256,8 @@ int32_t start_http(int32_t s, char *ip, int32_t port, unsigned char options, cha
} }
// free(http_buf); // free(http_buf);
// http_buf = NULL; // http_buf = NULL;
free(buffer);
free(header);
if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0)
return 3; return 3;
return 1; return 1;
@ -318,7 +340,7 @@ void service_http(char *ip, int32_t sp, unsigned char options, char *miscptr, FI
break; break;
} }
case 2: /* run the cracking function */ case 2: /* run the cracking function */
next_run = start_http(sock, ip, port, options, miscptr, fp, type); next_run = start_http(sock, ip, port, options, miscptr, fp, type, ptr_head);
break; break;
case 3: /* clean exit */ case 3: /* clean exit */
if (sock >= 0) if (sock >= 0)
@ -365,5 +387,7 @@ int32_t service_http_init(char *ip, int32_t sp, unsigned char options, char *mis
void usage_http(const char* service) { void usage_http(const char* service) {
printf("Module %s requires the page to authenticate.\n" printf("Module %s requires the page to authenticate.\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar\" or \"https://test.com:8080/members\"\n\n", service); "The following parameters are optional:\n"
" (h|H)=My-Hdr\\: foo to send a user defined HTTP header with each request\n"
"For example: \"/secret\" or \"http://bla.com/foo/bar:H=Cookie\\: sessid=aaaa\" or \"https://test.com:8080/members\"\n\n", service);
} }