fix http-proxy to handle multiline buffer data

This commit is contained in:
Karim Kanso 2020-05-14 09:56:18 +01:00
commit dac0c18f75

View file

@ -10,7 +10,7 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
char *login, *pass, buffer[500], buffer2[500]; char *login, *pass, buffer[500], buffer2[500];
char url[210], host[60]; char url[210], host[60];
char *header = ""; /* XXX TODO */ char *header = ""; /* XXX TODO */
char *ptr, *fooptr; char *ptr, *fooptr, *auth_hdr;
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = empty; login = empty;
@ -50,24 +50,32 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
return 3; return 3;
} }
if (debug) if (debug) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr,
"S:%-.*s\n",
(int)(strchr(http_proxy_buf, '\r') - http_proxy_buf),
http_proxy_buf);
}
free(http_proxy_buf); while (http_proxy_buf != NULL &&
http_proxy_buf = hydra_receive_line(s); (auth_hdr = hydra_strcasestr(http_proxy_buf,
while (http_proxy_buf != NULL && hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate:") == NULL) { "Proxy-Authenticate:")) == NULL) {
free(http_proxy_buf); free(http_proxy_buf);
http_proxy_buf = hydra_receive_line(s); http_proxy_buf = hydra_receive_line(s);
} }
if (http_proxy_buf == NULL) { if (auth_hdr == NULL) {
if (verbose) if (verbose)
hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n"); hydra_report(stderr, "[ERROR] Proxy seems not to require authentication\n");
return 3; return 3;
} }
if (debug) if (debug) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr,
"S:%-.*s\n",
(int)(strchr(auth_hdr, '\r') - auth_hdr),
auth_hdr);
}
// after the first query we should have been disconnected from web server // after the first query we should have been disconnected from web server
s = hydra_disconnect(s); s = hydra_disconnect(s);
@ -78,8 +86,9 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
} }
} }
if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Basic") != NULL) { if (http_proxy_auth_mechanism == AUTH_BASIC || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Basic") != NULL) {
http_proxy_auth_mechanism = AUTH_BASIC; http_proxy_auth_mechanism = AUTH_BASIC;
auth_hdr = NULL;
sprintf(buffer2, "%.50s:%.50s", login, pass); sprintf(buffer2, "%.50s:%.50s", login, pass);
hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2)); hydra_tobase64((unsigned char *)buffer2, strlen(buffer2), sizeof(buffer2));
sprintf(buffer, sprintf(buffer,
@ -105,15 +114,20 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
return 3; return 3;
} }
if (debug) if (debug) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr,
"S:%-.*s\n",
(int)(strchr(http_proxy_buf, '\r') - http_proxy_buf),
http_proxy_buf);
}
} else { } else {
if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: NTLM") != NULL) { if (http_proxy_auth_mechanism == AUTH_NTLM || hydra_strcasestr(auth_hdr, "Proxy-Authenticate: NTLM") != NULL) {
unsigned char buf1[4096]; unsigned char buf1[4096];
unsigned char buf2[4096]; unsigned char buf2[4096];
char *pos = NULL; char *pos = NULL;
http_proxy_auth_mechanism = AUTH_NTLM; http_proxy_auth_mechanism = AUTH_NTLM;
auth_hdr = NULL;
// send auth and receive challenge // send auth and receive challenge
// send auth request: let the server send it's own hostname and domainname // send auth request: let the server send it's own hostname and domainname
buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL); buildAuthRequest((tSmbNtlmAuthRequest *)buf2, 0, NULL, NULL);
@ -178,10 +192,11 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
return 3; return 3;
} else { } else {
#ifdef LIBOPENSSL #ifdef LIBOPENSSL
if (hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest") != NULL) { if (hydra_strcasestr(auth_hdr, "Proxy-Authenticate: Digest") != NULL) {
char *pbuffer, *result; char *pbuffer, *result;
http_proxy_auth_mechanism = AUTH_DIGESTMD5; http_proxy_auth_mechanism = AUTH_DIGESTMD5;
auth_hdr == NULL;
pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest "); pbuffer = hydra_strcasestr(http_proxy_buf, "Proxy-Authenticate: Digest ");
strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer)); strncpy(buffer, pbuffer + strlen("Proxy-Authenticate: Digest "), sizeof(buffer));
buffer[sizeof(buffer) - 1] = '\0'; buffer[sizeof(buffer) - 1] = '\0';
@ -204,8 +219,12 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
http_proxy_buf = hydra_receive_line(s); http_proxy_buf = hydra_receive_line(s);
} }
if (debug && http_proxy_buf != NULL) if (debug && http_proxy_buf != NULL) {
hydra_report(stderr, "S:%s\n", http_proxy_buf); hydra_report(stderr,
"S:%-.*s\n",
(int)(strchr(http_proxy_buf, '\r') - http_proxy_buf),
http_proxy_buf);
}
if (http_proxy_buf == NULL) if (http_proxy_buf == NULL)
return 3; return 3;
@ -213,9 +232,13 @@ int32_t start_http_proxy(int32_t s, char *ip, int32_t port, unsigned char option
} else } else
#endif #endif
{ {
if (http_proxy_buf != NULL) { if (auth_hdr != NULL) {
// buf[strlen(http_proxy_buf) - 1] = '\0'; // buf[strlen(http_proxy_buf) - 1] = '\0';
hydra_report(stderr, "Unsupported Auth type:\n%s\n", http_proxy_buf); hydra_report(stderr,
"Unsupported Auth type:\n%-.*s\n",
(int)(strchr(http_proxy_buf, '\r') - auth_hdr),
auth_hdr);
auth_hdr = NULL;
free(http_proxy_buf); free(http_proxy_buf);
http_proxy_buf = NULL; http_proxy_buf = NULL;
} else { } else {