github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-07 13:31:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

HTTP Form redirect following fix

Browse source
This commit is contained in:
van Hauser 2015-07-15 23:17:29 +02:00
parent 8eacfaec9f
commit a2d47904d5
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGES
View file

@ -6,6 +6,7 @@ Release 8.2-pre
* Added new -O option to hydra to support SSL servers that do not suport TLS * Added new -O option to hydra to support SSL servers that do not suport TLS
* Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
* Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!
* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
* Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) * Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
* Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
* Fixed for SSL connection to support TLSv1.2 etc. * Fixed for SSL connection to support TLSv1.2 etc.

10
hydra-http-form.c
View file

@ -368,6 +368,7 @@ char *stringify_headers(ptr_header_node * ptr_head) {
return headers_str; return headers_str;
} }
char *prepare_http_request(char *type, char *path, char *params, char *headers) { char *prepare_http_request(char *type, char *path, char *params, char *headers) {
unsigned int reqlen = 0; unsigned int reqlen = 0;
char *http_request = NULL; char *http_request = NULL;
@ -619,6 +620,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} else { } else {
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0");
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
@ -665,6 +668,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} else { } else {
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0");
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
@ -709,6 +714,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} else { } else {
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0");
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
@ -818,6 +825,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc
if (verbose) if (verbose)
hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3);
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0");
//re-use the code above to check for proxy use //re-use the code above to check for proxy use
if (use_proxy == 1 && proxy_authentication != NULL) { if (use_proxy == 1 && proxy_authentication != NULL) {
// proxy with authentication // proxy with authentication