github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-07-14 00:53:16 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed http-form memory leaks

Browse source
This commit is contained in:
van Hauser 2017-11-27 17:44:51 +01:00
parent 445e5026ef
commit a58f785065
2 changed files with 240 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGES
View file

@ -3,6 +3,7 @@ Changelog for hydra
Release 8.7-dev Release 8.7-dev
* fixed various memory leaks in http-form module
* corrected hydra return code to be 0 on success * corrected hydra return code to be 0 on success
* added patch from debian maintainers which fixes spellings * added patch from debian maintainers which fixes spellings
* fixed weird crash on x64 systems * fixed weird crash on x64 systems

397
hydra-http-form.c
View file

@ -69,10 +69,10 @@ typedef struct header_node {
} t_header_node, *ptr_header_node; } t_header_node, *ptr_header_node;
typedef struct cookie_node { typedef struct cookie_node {
char *name; char *name;
char *value; char *value;
struct cookie_node *prev; struct cookie_node *prev;
struct cookie_node *next; struct cookie_node *next;
} t_cookie_node, *ptr_cookie_node; } t_cookie_node, *ptr_cookie_node;
int32_t success_cond = 0; int32_t success_cond = 0;
@ -84,7 +84,7 @@ char cookie[4096] = "", cmiscptr[1024];
extern char *webtarget; extern char *webtarget;
extern char *slash; extern char *slash;
int32_t webport, freemischttpform = 0; int32_t webport, freemischttpform = 0;
char bufferurl[6096+24], cookieurl[6096+24] = "", userheader[6096+24] = "", *url, *variables, *optional1; char bufferurl[6096 + 24], cookieurl[6096 + 24] = "", userheader[6096 + 24] = "", *url, *variables, *optional1;
#define MAX_REDIRECT 8 #define MAX_REDIRECT 8
#define MAX_CONTENT_LENGTH 20 #define MAX_CONTENT_LENGTH 20
@ -94,7 +94,7 @@ char redirected_url_buff[2048] = "";
int32_t redirected_flag = 0; int32_t redirected_flag = 0;
int32_t redirected_cpt = MAX_REDIRECT; int32_t redirected_cpt = MAX_REDIRECT;
char *cookie_request, *normal_request; // Buffers for HTTP headers char *cookie_request = NULL, *normal_request = NULL; // Buffers for HTTP headers
/* /*
* Function to perform some initial setup. * Function to perform some initial setup.
@ -115,75 +115,73 @@ ptr_header_node header_exists(ptr_header_node * ptr_head, char *header_name, cha
} }
#if defined(__sun) #if defined(__sun)
/* Written by Kaveh R. Ghazi <ghazi@caip.rutgers.edu> */ /* Written by Kaveh R. Ghazi <ghazi@caip.rutgers.edu> */
char * char *strndup(const char *s, size_t n) {
strndup (const char *s, size_t n)
{
char *result; char *result;
size_t len = strlen (s); size_t len = strlen(s);
if (n < len) if (n < len)
len = n; len = n;
result = (char *) malloc (len + 1); result = (char *) malloc(len + 1);
if (!result) if (!result)
return 0; return 0;
memcpy (result, s, len); memcpy(result, s, len);
result[len] = '\0'; result[len] = '\0';
return(result); return (result);
} }
#endif #endif
int32_t append_cookie(char *name, char *value, ptr_cookie_node *last_cookie) int32_t append_cookie(char *name, char *value, ptr_cookie_node * last_cookie) {
{ ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node));
ptr_cookie_node new_ptr = (ptr_cookie_node) malloc(sizeof(t_cookie_node));
if (!new_ptr) if (!new_ptr)
return 0; return 0;
new_ptr->name = name; new_ptr->name = name;
new_ptr->value = value; new_ptr->value = value;
new_ptr->next = NULL; new_ptr->next = NULL;
new_ptr->prev = NULL; new_ptr->prev = NULL;
if (*last_cookie == NULL) if (*last_cookie == NULL)
*last_cookie = new_ptr; *last_cookie = new_ptr;
else else
(*last_cookie)->next = new_ptr; (*last_cookie)->next = new_ptr;
return 1; return 1;
} }
char * stringify_cookies(ptr_cookie_node ptr_cookie) char *stringify_cookies(ptr_cookie_node ptr_cookie) {
{ ptr_cookie_node cur_ptr = NULL;
ptr_cookie_node cur_ptr = NULL; uint32_t length = 1;
uint32_t length = 1; char *cookie_hdr = (char *) malloc(length);
char *cookie_hdr = (char *) malloc(length);
if (cookie_hdr) { if (cookie_hdr) {
memset(cookie_hdr, 0, length); memset(cookie_hdr, 0, length);
for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { for (cur_ptr = ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) {
length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value); length += 2 + strlen(cur_ptr->name) + strlen(cur_ptr->value);
cookie_hdr = (char *) realloc(cookie_hdr, length); cookie_hdr = (char *) realloc(cookie_hdr, length);
if (cookie_hdr) { if (cookie_hdr) {
strcat(cookie_hdr, cur_ptr->name); strcat(cookie_hdr, cur_ptr->name);
strcat(cookie_hdr, "="); strcat(cookie_hdr, "=");
strcat(cookie_hdr, cur_ptr->value); strcat(cookie_hdr, cur_ptr->value);
if (cur_ptr->next) if (cur_ptr->next)
strcat(cookie_hdr, ";"); strcat(cookie_hdr, ";");
} else } else
goto bail; goto bail;
} }
goto success; goto success;
} }
bail: bail:
if (cookie_hdr) { if (cookie_hdr) {
free(cookie_hdr); free(cookie_hdr);
cookie_hdr = NULL; cookie_hdr = NULL;
} }
success: success:
return cookie_hdr; return cookie_hdr;
} }
/* /*
@ -195,55 +193,59 @@ success:
* +--------+ * +--------+
* Returns 1 if success, or 0 otherwise. * Returns 1 if success, or 0 otherwise.
*/ */
int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char * cookie_expr) int32_t add_or_update_cookie(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
{ ptr_cookie_node cur_ptr = NULL;
ptr_cookie_node cur_ptr = NULL; char *cookie_name = NULL, *cookie_value = strstr(cookie_expr, "=");
char * cookie_name = NULL,
* cookie_value = strstr(cookie_expr, "="); if (cookie_value) {
if (cookie_value) { cookie_name = strndup(cookie_expr, cookie_value - cookie_expr);
cookie_name = strndup(cookie_expr, cookie_value - cookie_expr); cookie_value = strdup(cookie_value + 1);
cookie_value = strdup(cookie_value + 1);
// we've got the cookie's name and value, now it's time to insert or update the list
// we've got the cookie's name and value, now it's time to insert or update the list if (*ptr_cookie == NULL) {
if (*ptr_cookie == NULL) { // no cookies
// no cookies append_cookie(cookie_name, cookie_value, ptr_cookie);
append_cookie(cookie_name, cookie_value, ptr_cookie); } else {
} else { for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) {
for (cur_ptr = *ptr_cookie; cur_ptr; cur_ptr = cur_ptr->next) { if (strcmp(cur_ptr->name, cookie_name) == 0) {
if (strcmp(cur_ptr->name, cookie_name) == 0) { free(cur_ptr->value); // free old value
free(cur_ptr->value); free(cookie_name); // we already have it
cur_ptr->value = cookie_value; cur_ptr->value = cookie_value;
break; break;
} }
if (cur_ptr->next == NULL) { if (cur_ptr->next == NULL) {
append_cookie(cookie_name, cookie_value, &cur_ptr); append_cookie(cookie_name, cookie_value, &cur_ptr);
break; break;
} }
} }
} }
} else } else
return 0; return 0;
return 1; return 1;
} }
int32_t process_cookies(ptr_cookie_node * ptr_cookie, char * cookie_expr) int32_t process_cookies(ptr_cookie_node * ptr_cookie, char *cookie_expr) {
{ char *tok = NULL;
char *tok = NULL; char *expr = strdup(cookie_expr);
char *expr = strdup(cookie_expr); int32_t res = 0;
int32_t res = 0;
if (strstr(cookie_expr, ";")) { if (strstr(cookie_expr, ";")) {
tok = strtok(expr, ";"); tok = strtok(expr, ";");
while (tok) { while (tok) {
res = add_or_update_cookie(ptr_cookie, tok); res = add_or_update_cookie(ptr_cookie, tok);
if (!res) if (!res) {
return res; free(expr);
tok = strtok(NULL, ";"); return res;
} }
return res; tok = strtok(NULL, ";");
} else { }
return add_or_update_cookie(ptr_cookie, expr); free(expr);
} return res;
} else {
add_or_update_cookie(ptr_cookie, expr);
free(expr);
return 0;
}
} }
/* /*
@ -271,7 +273,7 @@ int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char t
(type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) || (type == HEADER_TYPE_DEFAULT && !header_exists(ptr_head, new_header, HEADER_TYPE_USERHEADER_REPL)) ||
(type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) || (type == HEADER_TYPE_USERHEADER_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) ||
(type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) (type == HEADER_TYPE_DEFAULT_REPL && !header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT))
) { ) {
/* /*
* We are in one of the following scenarios: * We are in one of the following scenarios:
* 1. A default header with no user-supplied headers that replace it. * 1. A default header with no user-supplied headers that replace it.
@ -282,8 +284,11 @@ int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char t
* In either case we just add the header to the list. * In either case we just add the header to the list.
*/ */
new_ptr = (ptr_header_node) malloc(sizeof(t_header_node)); new_ptr = (ptr_header_node) malloc(sizeof(t_header_node));
if (!new_ptr) if (!new_ptr) {
free(new_header);
free(new_value);
return 0; return 0;
}
new_ptr->header = new_header; new_ptr->header = new_header;
new_ptr->value = new_value; new_ptr->value = new_value;
new_ptr->type = type; new_ptr->type = type;
@ -298,12 +303,15 @@ int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char t
} else if ((type == HEADER_TYPE_DEFAULT_REPL || type == HEADER_TYPE_USERHEADER_REPL) && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) != NULL) { } else if ((type == HEADER_TYPE_DEFAULT_REPL || type == HEADER_TYPE_USERHEADER_REPL) && (existing_hdr = header_exists(ptr_head, new_header, HEADER_TYPE_DEFAULT)) != NULL) {
// It's a user-supplied header that must replace a default one // It's a user-supplied header that must replace a default one
// Replace the default header's value with this new value // Replace the default header's value with this new value
free(existing_hdr->value); free(existing_hdr->value); // free old value
existing_hdr->value = new_value; existing_hdr->value = new_value;
existing_hdr->type = type; existing_hdr->type = type;
free(new_header); // we dont need this one anymore
} }
} else { } else {
// we're out of memory, so forcefully end // we're out of memory, so forcefully end
free(new_header);
free(new_value);
return 0; return 0;
} }
@ -314,7 +322,7 @@ int32_t add_header(ptr_header_node * ptr_head, char *header, char *value, char t
* Replace in all headers' values every occurrence of oldvalue by newvalue. * Replace in all headers' values every occurrence of oldvalue by newvalue.
* Only user-defined headers are considered. * Only user-defined headers are considered.
*/ */
void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) { void hdrrep(ptr_header_node *ptr_head, char *oldvalue, char *newvalue) {
ptr_header_node cur_ptr = NULL; ptr_header_node cur_ptr = NULL;
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
@ -333,7 +341,7 @@ void hdrrep(ptr_header_node * ptr_head, char *oldvalue, char *newvalue) {
/* /*
* Replace the value of the default header named 'hdrname'. * Replace the value of the default header named 'hdrname'.
*/ */
void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) { void hdrrepv(ptr_header_node *ptr_head, char *hdrname, char *new_value) {
ptr_header_node cur_ptr = NULL; ptr_header_node cur_ptr = NULL;
for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) { for (cur_ptr = *ptr_head; cur_ptr; cur_ptr = cur_ptr->next) {
@ -349,7 +357,7 @@ void hdrrepv(ptr_header_node * ptr_head, char *hdrname, char *new_value) {
} }
} }
void cleanup(ptr_header_node *ptr_head) { void cleanup(ptr_header_node * ptr_head) {
ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr; ptr_header_node cur_ptr = *ptr_head, next_ptr = cur_ptr;
while (next_ptr != NULL) { while (next_ptr != NULL) {
@ -365,7 +373,7 @@ void cleanup(ptr_header_node *ptr_head) {
* Concat all the headers in the list in a single string. * Concat all the headers in the list in a single string.
* Leave the list itself intact: do not clean it here. * Leave the list itself intact: do not clean it here.
*/ */
char *stringify_headers(ptr_header_node * ptr_head) { char *stringify_headers(ptr_header_node *ptr_head) {
char *headers_str = NULL; char *headers_str = NULL;
ptr_header_node cur_ptr = *ptr_head; ptr_header_node cur_ptr = *ptr_head;
int32_t ttl_size = 0; int32_t ttl_size = 0;
@ -467,6 +475,7 @@ return -1 if no response from server
*/ */
int32_t analyze_server_response(int32_t s) { int32_t analyze_server_response(int32_t s) {
int32_t runs = 0; int32_t runs = 0;
redirected_flag = 0; redirected_flag = 0;
auth_flag = 0; auth_flag = 0;
while ((buf = hydra_receive_line(s)) != NULL) { while ((buf = hydra_receive_line(s)) != NULL) {
@ -581,12 +590,13 @@ void hydra_reconnect(int32_t s, char *ip, int32_t port, unsigned char options, c
} }
} }
int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head, ptr_cookie_node ptr_cookie) { int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options, char *miscptr, FILE * fp, char *hostname, char *type, ptr_header_node ptr_head,
ptr_cookie_node ptr_cookie) {
char *empty = ""; char *empty = "";
char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345]; char *login, *pass, clogin[256], cpass[256], b64login[345], b64pass[345];
char header[8096], *upd3variables; char header[8096], *upd3variables;
char *cookie_header = NULL; char *cookie_header = NULL;
char *http_request; char *http_request = NULL;
int32_t found = !success_cond, i, j; int32_t found = !success_cond, i, j;
char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH]; char content_length[MAX_CONTENT_LENGTH], proxy_string[MAX_PROXY_LENGTH];
@ -602,9 +612,9 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = empty; pass = empty;
strcpy(b64login, login); strcpy(b64login, login);
hydra_tobase64((unsigned char *)b64login, strlen(b64login), sizeof(b64login)); hydra_tobase64((unsigned char *) b64login, strlen(b64login), sizeof(b64login));
strcpy(b64pass, pass); strcpy(b64pass, pass);
hydra_tobase64((unsigned char *)b64pass, strlen(b64pass), sizeof(b64pass)); hydra_tobase64((unsigned char *) b64pass, strlen(b64pass), sizeof(b64pass));
strncpy(clogin, html_encode(login), sizeof(clogin) - 1); strncpy(clogin, html_encode(login), sizeof(clogin) - 1);
clogin[sizeof(clogin) - 1] = 0; clogin[sizeof(clogin) - 1] = 0;
strncpy(cpass, html_encode(pass), sizeof(cpass) - 1); strncpy(cpass, html_encode(pass), sizeof(cpass) - 1);
@ -625,6 +635,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
if (getcookie) { if (getcookie) {
memset(proxy_string, 0, sizeof(proxy_string)); memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
@ -644,24 +656,36 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
if (cookie_header != NULL)
free(cookie_header);
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else else
hdrrepv(&ptr_head, "Cookie", cookie_header); hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} else { } else {
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0"); hdrrepv(&ptr_head, "Content-Length", "0");
if (cookie_header != NULL)
free(cookie_header);
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else else
hdrrepv(&ptr_head, "Cookie", cookie_header); hdrrepv(&ptr_head, "Cookie", cookie_header);
normal_request = stringify_headers(&ptr_head); if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
@ -673,6 +697,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
//doing a GET to get cookies //doing a GET to get cookies
memset(proxy_string, 0, sizeof(proxy_string)); memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, cookieurl);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request); http_request = prepare_http_request("GET", proxy_string, NULL, cookie_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
@ -688,43 +714,60 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables)); snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int32_t) strlen(upd3variables));
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", content_length); hdrrepv(&ptr_head, "Content-Length", content_length);
else else
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
if (cookie_header != NULL)
free(cookie_header);
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else else
hdrrepv(&ptr_head, "Cookie", cookie_header); hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request); http_request = prepare_http_request("POST", proxy_string, upd3variables, normal_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} else { } else {
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0"); hdrrepv(&ptr_head, "Content-Length", "0");
cookie_header = stringify_cookies(ptr_cookie); if (cookie_header != NULL)
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) free(cookie_header);
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); cookie_header = stringify_cookies(ptr_cookie);
else if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Cookie", cookie_header); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
normal_request = stringify_headers(&ptr_head); else
hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request); http_request = prepare_http_request("GET", proxy_string, upd3variables, normal_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} }
} else { } else {
// direct web server, no proxy // direct web server, no proxy
normal_request = NULL;
if (getcookie) { if (getcookie) {
//doing a GET to save cookies //doing a GET to save cookies
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
i = analyze_server_response(s); // ignore result i = analyze_server_response(s); // ignore result
if (strlen(cookie) > 0) { if (strlen(cookie) > 0) {
//printf("[DEBUG] Got cookie: %s\n", cookie); //printf("[DEBUG] Got cookie: %s\n", cookie);
process_cookies(&ptr_cookie, cookie); process_cookies(&ptr_cookie, cookie);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
} }
hydra_reconnect(s, ip, port, options, hostname); hydra_reconnect(s, ip, port, options, hostname);
@ -738,24 +781,36 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Length", content_length, HEADER_TYPE_DEFAULT);
if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Content-Type", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT);
if (cookie_header != NULL)
free(cookie_header);
cookie_header = stringify_cookies(ptr_cookie); cookie_header = stringify_cookies(ptr_cookie);
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
else else
hdrrepv(&ptr_head, "Cookie", cookie_header); hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("POST", url, upd3variables, normal_request); http_request = prepare_http_request("POST", url, upd3variables, normal_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
} else { } else {
if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Content-Length", "0"); hdrrepv(&ptr_head, "Content-Length", "0");
cookie_header = stringify_cookies(ptr_cookie); if (cookie_header != NULL)
if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) free(cookie_header);
add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); cookie_header = stringify_cookies(ptr_cookie);
else if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT))
hdrrepv(&ptr_head, "Cookie", cookie_header); add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT);
normal_request = stringify_headers(&ptr_head); else
hdrrepv(&ptr_head, "Cookie", cookie_header);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", url, upd3variables, normal_request); http_request = prepare_http_request("GET", url, upd3variables, normal_request);
if (hydra_send(s, http_request, strlen(http_request), 0) < 0) if (hydra_send(s, http_request, strlen(http_request), 0) < 0)
return 1; return 1;
@ -764,7 +819,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
} }
if (debug) if (debug)
hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request); hydra_report_debug(stdout, "HTTP request sent:\n%s\n", http_request);
found = analyze_server_response(s); found = analyze_server_response(s);
@ -856,7 +911,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
str3[0] = '/'; str3[0] = '/';
} }
if(strrchr(url, ':') == NULL && port != 80) { if (strrchr(url, ':') == NULL && port != 80) {
sprintf(str2, "%s:%d", str2, port); sprintf(str2, "%s:%d", str2, port);
} }
@ -872,7 +927,11 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
hdrrepv(&ptr_head, "Host", str2); hdrrepv(&ptr_head, "Host", str2);
memset(proxy_string, 0, sizeof(proxy_string)); memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request);
} else { } else {
if (use_proxy == 1) { if (use_proxy == 1) {
@ -880,12 +939,20 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
hdrrepv(&ptr_head, "Host", str2); hdrrepv(&ptr_head, "Host", str2);
memset(proxy_string, 0, sizeof(proxy_string)); memset(proxy_string, 0, sizeof(proxy_string));
snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3); snprintf(proxy_string, MAX_PROXY_LENGTH - 1, "http://%s:%d%.600s", webtarget, webport, str3);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", proxy_string, NULL, normal_request); http_request = prepare_http_request("GET", proxy_string, NULL, normal_request);
} else { } else {
//direct web server, no proxy //direct web server, no proxy
hdrrepv(&ptr_head, "Host", str2); hdrrepv(&ptr_head, "Host", str2);
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
if (http_request != NULL)
free(http_request);
http_request = prepare_http_request("GET", str3, NULL, normal_request); http_request = prepare_http_request("GET", str3, NULL, normal_request);
} }
} }
@ -897,7 +964,7 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
found = analyze_server_response(s); found = analyze_server_response(s);
if (strlen(cookie) > 0) if (strlen(cookie) > 0)
process_cookies(&ptr_cookie, cookie); process_cookies(&ptr_cookie, cookie);
} }
} }
@ -912,7 +979,8 @@ int32_t start_http_form(int32_t s, char *ip, int32_t port, unsigned char options
return 1; return 1;
} }
void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type, ptr_header_node * ptr_head, ptr_cookie_node * ptr_cookie) { void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname, char *type, ptr_header_node * ptr_head,
ptr_cookie_node * ptr_cookie) {
int32_t run = 1, next_run = 1, sock = -1; int32_t run = 1, next_run = 1, sock = -1;
int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; int32_t myport = PORT_HTTP, mysslport = PORT_HTTP_SSL;
@ -995,7 +1063,7 @@ void service_http_form(char *ip, int32_t sp, unsigned char options, char *miscpt
void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
ptr_cookie_node ptr_cookie = NULL; ptr_cookie_node ptr_cookie = NULL;
ptr_header_node ptr_head = initialize(ip, options, miscptr); ptr_header_node ptr_head = initialize(ip, options, miscptr);
if (ptr_head) if (ptr_head)
service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie); service_http_form(ip, sp, options, miscptr, fp, port, hostname, "GET", &ptr_head, &ptr_cookie);
@ -1007,7 +1075,7 @@ void service_http_get_form(char *ip, int32_t sp, unsigned char options, char *mi
void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) { void service_http_post_form(char *ip, int32_t sp, unsigned char options, char *miscptr, FILE * fp, int32_t port, char *hostname) {
ptr_cookie_node ptr_cookie = NULL; ptr_cookie_node ptr_cookie = NULL;
ptr_header_node ptr_head = initialize(ip, options, miscptr); ptr_header_node ptr_head = initialize(ip, options, miscptr);
if (ptr_head) if (ptr_head)
service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie); service_http_form(ip, sp, options, miscptr, fp, port, hostname, "POST", &ptr_head, &ptr_cookie);
@ -1034,7 +1102,7 @@ int32_t service_http_form_init(char *ip, int32_t sp, unsigned char options, char
ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) { ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
ptr_header_node ptr_head = NULL; ptr_header_node ptr_head = NULL;
char *ptr, *ptr2, *proxy_string; char *ptr, *ptr2, *proxy_string;
if (use_proxy > 0 && proxy_count > 0) if (use_proxy > 0 && proxy_count > 0)
selected_proxy = random() % proxy_count; selected_proxy = random() % proxy_count;
@ -1146,15 +1214,15 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
break; break;
case 'h': case 'h':
// add a new header at the end // add a new header at the end
ptr = optional1 + 2; ptr = optional1 + 2;
while (*ptr != 0 && *ptr != ':') while (*ptr != 0 && *ptr != ':')
ptr++; ptr++;
if (*(ptr - 1) == '\\') if (*(ptr - 1) == '\\')
*(ptr - 1) = 0; *(ptr - 1) = 0;
if (*ptr != 0){ if (*ptr != 0) {
*ptr = 0; *ptr = 0;
ptr += 2; ptr += 2;
} }
ptr2 = ptr; ptr2 = ptr;
while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\'))
ptr2++; ptr2++;
@ -1175,14 +1243,15 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
return NULL; return NULL;
case 'H': case 'H':
// add a new header, or replace an existing one's value // add a new header, or replace an existing one's value
ptr = optional1 + 2; ptr = optional1 + 2;
while (*ptr != 0 && *ptr != ':') ptr++; while (*ptr != 0 && *ptr != ':')
ptr++;
if (*(ptr - 1) == '\\') if (*(ptr - 1) == '\\')
*(ptr - 1) = 0; *(ptr - 1) = 0;
if (*ptr != 0) { if (*ptr != 0) {
*ptr = 0; *ptr = 0;
ptr += 2; ptr += 2;
} }
ptr2 = ptr; ptr2 = ptr;
@ -1223,8 +1292,12 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
} }
if (getcookie) { if (getcookie) {
//doing a GET to save cookies //doing a GET to save cookies
if (cookie_request != NULL)
free(cookie_request);
cookie_request = stringify_headers(&ptr_head); cookie_request = stringify_headers(&ptr_head);
} }
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
} else { } else {
if (use_proxy == 1) { if (use_proxy == 1) {
@ -1233,8 +1306,12 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); add_header(&ptr_head, "User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT);
if (getcookie) { if (getcookie) {
//doing a GET to get cookies //doing a GET to get cookies
if (cookie_request != NULL)
free(cookie_request);
cookie_request = stringify_headers(&ptr_head); cookie_request = stringify_headers(&ptr_head);
} }
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
} else { } else {
// direct web server, no proxy // direct web server, no proxy
@ -1243,16 +1320,20 @@ ptr_header_node initialize(char *ip, unsigned char options, char *miscptr) {
if (getcookie) { if (getcookie) {
//doing a GET to save cookies //doing a GET to save cookies
if (cookie_request != NULL)
free(cookie_request);
cookie_request = stringify_headers(&ptr_head); cookie_request = stringify_headers(&ptr_head);
} }
if (normal_request != NULL)
free(normal_request);
normal_request = stringify_headers(&ptr_head); normal_request = stringify_headers(&ptr_head);
} }
} }
return ptr_head; return ptr_head;
} }
void usage_http_form(const char* service) { void usage_http_form(const char *service) {
printf("Module %s requires the page and the parameters for the web form.\n\n" printf("Module %s requires the page and the parameters for the web form.\n\n"
"By default this module is configured to follow a maximum of 5 redirections in\n" "By default this module is configured to follow a maximum of 5 redirections in\n"
"a row. It always gathers a new cookie from the same URL without variables\n" "a row. It always gathers a new cookie from the same URL without variables\n"