diff --git a/hydra-http-form.c b/hydra-http-form.c index bbe27ba..1120243 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -96,6 +96,8 @@ extern char *slash; int webport, freemischttpform = 0; char bufferurl[1024], cookieurl[1024] = "", userheader[1024] = "", *url, *variables, *optional1; +char *cookie_request, *normal_request; // Buffers for HTTP headers + ptr_header_node ptr_head = NULL; /* @@ -194,6 +196,22 @@ void hdrrep(char * oldvalue, char * newvalue){ } } +void hdrrepv(char * hdrname, char * new_value){ + ptr_header_node cur_ptr = NULL; + + for(cur_ptr = ptr_head; cur_ptr; cur_ptr = cur_ptr->next){ + if((cur_ptr->type == HEADER_TYPE_DEFAULT) && strcmp(cur_ptr->header, hdrname)){ + cur_ptr->value = (char *) realloc(cur_ptr->value, strlen(new_value)); + if(cur_ptr->value) + strcpy(cur_ptr->value, new_value); + else{ + hydra_report(stderr, "[ERROR] Out of memory"); + hydra_child_exit(1); + } + } + } +} + void cleanup(){ ptr_header_node cur_ptr = ptr_head, next_ptr = cur_ptr; @@ -211,68 +229,69 @@ void cleanup(){ * Concat all the headers in the list in a single string. * Leave the list itself intact: do not clean it here. */ -char * stringify_headers(char * http_request){ +char * stringify_headers(){ char * headers_str = NULL; ptr_header_node cur_ptr = ptr_head; - int ttl_size = strlen(http_request); + int ttl_size = 0; - while(cur_ptr){ - if(cur_ptr->header && cur_ptr->value){ // Check for NULLs - ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 1; - if(headers_str) - headers_str = (char *) realloc(headers_str, sizeof(char) * ttl_size); - else{ - // Garbage appears when strcat()-ing, if we don't blank the newly allocated memory - headers_str = (char *) malloc(sizeof(char) * ttl_size); - if(headers_str) - memset(headers_str, 0, sizeof(char) * ttl_size); - } - if(headers_str){ // Check for errors + for(; cur_ptr; cur_ptr = cur_ptr->next) + ttl_size += strlen(cur_ptr->header) + strlen(cur_ptr->value) + 3; + + headers_str = (char *) malloc(ttl_size + 1); + + if(headers_str){ + memset(headers_str, 0, ttl_size + 1); + for(cur_ptr = ptr_head; cur_ptr; cur_ptr = cur_ptr->next){ strcat(headers_str, cur_ptr->header); - strcat(headers_str, ": "); + strcat(headers_str, ":"); strcat(headers_str, cur_ptr->value); strcat(headers_str, "\r\n"); - }else{ - // Error: out of memory - hydra_report(stderr, "Out of memory for HTTP headers"); - hydra_child_exit(1); - } + } } - // Get to the next header - cur_ptr = cur_ptr->next; - } return headers_str; } -char * prepare_http_request(char * method, char * path, char * postdata){ - char * request = NULL, *headers = NULL; - char tail[] = " HTTP/1.0", - http_request[1030]; - int req_len = (strlen(method) + strlen(path) + 1) <= 1030 ? (strlen(method) + strlen(path) + 1) : 1030; +char * prepare_http_request(char * type, char * path, char * params, char * headers){ + unsigned int reqlen = 0; + char * http_request = NULL; - memset(http_request, 0, 1030); + if(type && path && headers){ + reqlen = strlen(path) + strlen(headers) + 20; + if(params) + reqlen += strlen(params); - if(strcmp(method, "GET") == 0) - strcat(http_request, "GET "); - else if(strcmp(method, "POST") == 0) - strcat(http_request, "POST "); + http_request = (char *) malloc(reqlen); + if(http_request){ + memset(http_request, 0, reqlen); - strncat(http_request, path, 1030 - sizeof(tail) - 5); - strcat(http_request, tail); + // append the request verb (GET or POST) + if(strcmp(type, "GET") == 0) + strcat(http_request, "GET "); + else + strcat(http_request, "POST "); - headers = stringify_headers(http_request); - request = (char *) malloc(strlen(http_request) + strlen(headers) + 5 + (strcmp(method, "POST") == 0 && postdata? strlen(postdata) : 0)); - if(request && headers){ - strcpy(request, http_request); - strcat(request, "\r\n"); - strcat(request, headers); - strcat(request, "\r\n"); - if(strcmp(method, "POST") == 0 && postdata) - strcat(request, postdata); + // append the request path + strcat(http_request, path); + + // if GET, append the params now + if(params && strcmp(type, "GET") == 0){ + strcat(http_request, "?"); + strcat(http_request, params); + } + + // append the headers + strcat(http_request, " HTTP/1.0\r\n"); + strcat(http_request, headers); + strcat(http_request, "\r\n"); + + // if POST, append the params now + if(params && strcmp(type, "POST") == 0) + strcat(http_request, params); + } } - return request; + return http_request; } int strpos(char *str, char *target) { @@ -352,9 +371,11 @@ int analyze_server_response(int s) { endcookie1 = strchr(str, '\n'); endcookie2 = strchr(str, ';'); //terminate string after cookie data - if (endcookie1 != NULL && endcookie1 < endcookie2) - *endcookie1 = 0; - else if (endcookie2 != NULL) + if (endcookie1 != NULL && ((endcookie1 < endcookie2) || (endcookie2 == NULL))){ + if(*(endcookie1 - 1) == '\r') + endcookie1--; + *endcookie1 = 0; + }else if (endcookie2 != NULL) *endcookie2 = 0; // is the cookie already there? if yes, remove it! if (index(startcookie, '=') != NULL && (ptr = index(startcookie, '=')) - startcookie + 1 <= sizeof(tmpname)) { @@ -423,10 +444,10 @@ void hydra_reconnect(int s, char *ip, int port, unsigned char options) { int start_http_form(int s, char *ip, int port, unsigned char options, char *miscptr, FILE * fp, char *type) { char *empty = ""; - char *buffer, // Buffer for HTTP headers - *proxy_string; + char * buffer; char *login, *pass, clogin[256], cpass[256]; char header[8096], *upd3variables, cuserheader[1024]; + char *http_request; int found = !success_cond, i, j; char content_length[MAX_CONTENT_LENGTH]; @@ -449,106 +470,35 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc hdrrep("^USER^", clogin); hdrrep("^PASS^", cpass); -/////////////////////////////////////////////////////////////////////////////////////////////////////////// - /* again: no snprintf to be portable. dont worry, buffer cant overflow */ if (use_proxy == 1 && proxy_authentication != NULL) { - // proxy with authentication - add_header("Host", webtarget, HEADER_TYPE_DEFAULT); - add_header("User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); - proxy_string = (char *) malloc(strlen(proxy_authentication) + 6); - if(proxy_string) { - strcpy(proxy_string, "Basic "); - strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6); - add_header("Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT); - }else{ - hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header."); - hydra_child_exit(1); - } if (getcookie) { - //doing a GET to save cookies -// sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla 5.0 (Hydra Proxy Auth)\r\n%s%s\r\n", -// webtarget, webport, cookieurl, webtarget, proxy_authentication, header, cuserheader); - buffer = prepare_http_request(type, url, NULL); + //buffer = prepare_http_request(type, url, NULL); hydra_report(stdout, "HTTP headers (Proxy Auth Cookies): %s", buffer); -/* if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - i = analyze_server_response(s); // return value ignored - if (strlen(cookie) > 0) { - sprintf(header, "Cookie: %s\r\n", cookie); - } - hydra_reconnect(s, ip, port, options);*/ } - buffer = prepare_http_request(type, url, NULL); + //buffer = prepare_http_request(type, url, NULL); hydra_report(stdout, "HTTP headers (Proxy Auth): %s", buffer); - /*if (strcmp(type, "POST") == 0) { - sprintf(buffer, - "POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", - webtarget, webport, url, webtarget, proxy_authentication, (int) strlen(upd3variables), header, cuserheader, upd3variables); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - } else { - sprintf(buffer, - "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nProxy-Authorization: Basic %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy Auth)\r\n%s%s\r\n", - webtarget, webport, url, upd3variables, webtarget, proxy_authentication, header, cuserheader); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - }*/ } else { if (use_proxy == 1) { // proxy without authentication - add_header("Host", webtarget, HEADER_TYPE_DEFAULT); - add_header("User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); if (getcookie) { //doing a GET to get cookies - buffer = prepare_http_request(type, url, NULL); + //buffer = prepare_http_request(type, url, NULL); hydra_report(stdout, "HTTP headers (Proxy Noauth Cookies): %s", buffer); - -// sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra Proxy)\r\n%s%s\r\n", webtarget, webport, cookieurl, webtarget, header, -// cuserheader); -/* if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) { - sprintf(header, "Cookie: %s\r\n", cookie); - } - hydra_reconnect(s, ip, port, options);*/ } - buffer = prepare_http_request(type, url, NULL); + //buffer = prepare_http_request(type, url, NULL); hydra_report(stdout, "HTTP headers (Proxy Noauth): %s", buffer); - /*if (strcmp(type, "POST") == 0) { - sprintf(buffer, - "POST http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: %d\r\n%s%s\r\n%s", - webtarget, webport, url, webtarget, (int) strlen(upd3variables), header, cuserheader, upd3variables); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - } else { - sprintf(buffer, "GET http://%s:%d%.600s?%s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/5.0 (Hydra)\r\n%s%s\r\n", webtarget, webport, url, upd3variables, webtarget, - header, cuserheader); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { - return 1; - } - }*/ } else { // direct web server, no proxy - add_header("Host", webtarget, HEADER_TYPE_DEFAULT); - add_header("User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); - if (getcookie) { //doing a GET to save cookies - buffer = prepare_http_request(type, url, NULL); - hydra_report(stdout, "HTTP headers (Direct Cookies): %s", buffer); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + http_request = prepare_http_request("GET", cookieurl, NULL, cookie_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - } i = analyze_server_response(s); // ignore result - if (strlen(cookie) > 0) { + if (strlen(cookie) > 0){ add_header("Cookie", cookie, HEADER_TYPE_DEFAULT); + normal_request = stringify_headers(); } hydra_reconnect(s, ip, port, options); } @@ -558,34 +508,35 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc snprintf(content_length, MAX_CONTENT_LENGTH - 1, "%d", (int) strlen(upd3variables)); add_header("Content-Length", content_length, HEADER_TYPE_DEFAULT); add_header("Content-Type", "application/x-www-form-urlencoded", HEADER_TYPE_DEFAULT); - buffer = prepare_http_request(type, url, upd3variables); - hydra_report(stdout, "HTTP headers (Direct): %s", buffer); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + normal_request = stringify_headers(); + http_request = prepare_http_request("POST", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - } } else { - buffer = prepare_http_request(type, url, NULL); - hydra_report(stdout, "HTTP headers (Direct): %s", buffer); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + normal_request = stringify_headers(); + http_request = prepare_http_request("GET", url, upd3variables, normal_request); + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - } } } } - /*found = analyze_server_response(s); + found = analyze_server_response(s); + if (auth_flag) { // we received a 401 error - user using wrong module hydra_report(stderr, "[ERROR] the target is using HTTP auth, not a web form, received HTTP error code 401. Use module \"http%s-get\" instead.\n", (options & OPTION_SSL) > 0 ? "s" : ""); return 4; } - if (strlen(cookie) > 0) { - sprintf(header, "Cookie: %.1000s\r\n", cookie); - } + + if (strlen(cookie) > 0) + add_header("Cookie", cookie, HEADER_TYPE_DEFAULT); + //if page was redirected, follow the location header redirected_cpt = MAX_REDIRECT; if (debug) printf("[DEBUG] attempt result: found %d, redirect %d, location: %s\n", found, redirected_flag, redirected_url_buff); + while (found == 0 && redirected_flag && (redirected_url_buff[0] != 0) && (redirected_cpt > 0)) { //we have to split the location char *startloc, *endloc; @@ -674,19 +625,21 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc sprintf(buffer, "GET http://%s:%d%.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", webtarget, webport, str3, str2, header); } else { //direct web server, no proxy - sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header); + //sprintf(buffer, "GET %.600s HTTP/1.0\r\nHost: %s\r\nUser-Agent: Mozilla/4.0 (Hydra)\r\n%s\r\n", str3, str2, header); + hdrrepv("Host", str2); + normal_request = stringify_headers(); + http_request = prepare_http_request("GET", str3, NULL, normal_request); } } hydra_reconnect(s, ip, port, options); - if (hydra_send(s, buffer, strlen(buffer), 0) < 0) { + if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; - } + found = analyze_server_response(s); - if (strlen(cookie) > 0) { - sprintf(header, "Cookie: %s\r\n", cookie); - } + if (strlen(cookie) > 0) + add_header("Cookie", cookie, HEADER_TYPE_DEFAULT); } } @@ -697,184 +650,24 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc } else { hydra_completed_pair(); } - return 1;*/ -////////////////////////////////////////////////////////////////////////////////////////////////////////// - -/* char * http_request = prepare_http_request(type, url); - hydra_report(stdout, "HTTP headers:\n%s\r\n", http_request);*/ - - hydra_child_exit(1); - return 1; + return 1; } void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port, char *type) { int run = 1, next_run = 1, sock = -1; int myport = PORT_HTTP, mysslport = PORT_HTTP_SSL; - char *ptr, *ptr2; + // register our socket descriptor hydra_register_socket(sp); - if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { - webtarget += strlen("://"); - if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ - *ptr2 = 0; - ptr2++; - ptr = ptr2; - if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) - miscptr = ptr; - else - miscptr = slash; /* to make things easier to user */ - } else if ((ptr2 = index(webtarget, '/')) != NULL) { - if (freemischttpform == 0) { - freemischttpform = 1; - miscptr = malloc(strlen(ptr2) + 1); - strcpy(miscptr, ptr2); - *ptr2 = 0; - } - } else - webtarget = NULL; - } - if (cmdlinetarget != NULL && webtarget == NULL) - webtarget = cmdlinetarget; - else if (webtarget == NULL && cmdlinetarget == NULL) - webtarget = hydra_address2string(ip); - if (port != 0) - webport = port; - else if ((options & OPTION_SSL) == 0) - webport = myport; - else - webport = mysslport; - - sprintf(bufferurl, "%.1000s", miscptr); - url = bufferurl; - ptr = url; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - variables = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - cond = ptr; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - optional1 = ptr; - if (strstr(url, "\\:") != NULL) { - if ((ptr = malloc(strlen(url))) != NULL) { - strcpy(ptr, hydra_strrep(url, "\\:", ":")); - url = ptr; - } - } - if (strstr(variables, "\\:") != NULL) { - if ((ptr = malloc(strlen(variables))) != NULL) { - strcpy(ptr, hydra_strrep(variables, "\\:", ":")); - variables = ptr; - } - } - if (strstr(cond, "\\:") != NULL) { - if ((ptr = malloc(strlen(cond))) != NULL) { - strcpy(ptr, hydra_strrep(cond, "\\:", ":")); - cond = ptr; - } - } - if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) - hydra_child_exit(2); - -//printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1); - - if (*cond == 0) { - fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); - hydra_child_exit(2); - } - - sprintf(cookieurl, "%.1000s", url); - - //conditions now have to contain F or S to set the fail or success condition - if (*cond != 0 && (strpos(cond, "F=") == 0)) { - success_cond = 0; - cond += 2; - } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { - success_cond = 1; - cond += 2; - } else { - //by default condition is a fail - success_cond = 0; - } - - char *header = NULL, *value = NULL; - while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { - switch (optional1[0]) { - case 'c': // fall through - case 'C': - ptr = optional1 + 2; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); - optional1 = ptr; - break; - case 'h': - // add a new header at the end - ptr = optional1 + 2; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - ptr2 = ptr; - while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) - ptr2++; - if (*ptr2 != 0) - *ptr2++ = 0; - /* - * At this point: - * - (optional1 + 2) contains the header's name - * - ptr contains the header's value - */ - if(add_header(optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)){ - // Success: break the switch and go ahead - optional1 = ptr2; - break; - } - // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); - hydra_child_exit(1); - break; - case 'H': - // add a new header, or replace an existing one's value - ptr = optional1 + 2; - while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) - ptr++; - if (*ptr != 0) - *ptr++ = 0; - ptr2 = ptr; - while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) - ptr2++; - if (*ptr2 != 0) - *ptr2++ = 0; - /* - * At this point: - * - (optional1 + 2) contains the header's name - * - ptr contains the header's value - */ - if(add_header(optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)){ - // Success: break the switch and go ahead - optional1 = ptr2; - break; - } - // Error: abort execution - hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); - hydra_child_exit(1); - break; - // no default - } - } - + /* + * Iterate through the runs. Values are the following: + * - 1 -> Open connection to remote server. + * - 2 -> Run password attempts. + * - 3 -> Disconnect and end with success. + * - 4 -> Disconnect and end with error. + */ while (1) { if (run == 2) { if (memcmp(hydra_get_next_pair(), &HYDRA_EXIT, sizeof(HYDRA_EXIT)) == 0) { @@ -886,30 +679,30 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F } switch (run) { case 1: /* connect and service init function */ - { - if (sock >= 0) - sock = hydra_disconnect(sock); - if ((options & OPTION_SSL) == 0) { - if (port != 0) - myport = port; - sock = hydra_connect_tcp(ip, myport); - port = myport; - } else { - if (port != 0) - mysslport = port; - sock = hydra_connect_ssl(ip, mysslport); - port = mysslport; - } - if (sock < 0) { - hydra_report(stderr, "[ERROR] Child with pid %d terminating, can not connect\n", (int) getpid()); - if (freemischttpform) - free(miscptr); - freemischttpform = 0; - hydra_child_exit(1); - } - next_run = 2; - break; - } + { + if (sock >= 0) + sock = hydra_disconnect(sock); + if ((options & OPTION_SSL) == 0) { + if (port != 0) + myport = port; + sock = hydra_connect_tcp(ip, myport); + port = myport; + } else { + if (port != 0) + mysslport = port; + sock = hydra_connect_ssl(ip, mysslport); + port = mysslport; + } + if (sock < 0) { + hydra_report(stderr, "[ERROR] Child with pid %d terminating, cannot connect\n", (int) getpid()); + if (freemischttpform) + free(miscptr); + freemischttpform = 0; + hydra_child_exit(1); + } + next_run = 2; + break; + } case 2: /* run the cracking function */ next_run = start_http_form(sock, ip, port, options, miscptr, fp, type); break; @@ -943,12 +736,10 @@ void service_http_form(char *ip, int sp, unsigned char options, char *miscptr, F } void service_http_get_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - //// service_http_form(ip, sp, options, miscptr, fp, port, "GET"); } void service_http_post_form(char *ip, int sp, unsigned char options, char *miscptr, FILE * fp, int port) { - //// service_http_form(ip, sp, options, miscptr, fp, port, "POST"); } @@ -963,5 +754,215 @@ int service_http_form_init(char *ip, int sp, unsigned char options, char *miscpt // 0 all OK // -1 error, hydra will exit, so print a good error message here + char *ptr, *ptr2; + char *proxy_string; + + if (webtarget != NULL && (webtarget = strstr(miscptr, "://")) != NULL) { + webtarget += strlen("://"); + if ((ptr2 = index(webtarget, ':')) != NULL) { /* step over port if present */ + *ptr2 = 0; + ptr2++; + ptr = ptr2; + if (*ptr == '/' || (ptr = index(ptr2, '/')) != NULL) + miscptr = ptr; + else + miscptr = slash; /* to make things easier to user */ + } else if ((ptr2 = index(webtarget, '/')) != NULL) { + if (freemischttpform == 0) { + freemischttpform = 1; + miscptr = malloc(strlen(ptr2) + 1); + strcpy(miscptr, ptr2); + *ptr2 = 0; + } + } else + webtarget = NULL; + } + if (cmdlinetarget != NULL && webtarget == NULL) + webtarget = cmdlinetarget; + else if (webtarget == NULL && cmdlinetarget == NULL) + webtarget = hydra_address2string(ip); + if (port != 0) + webport = port; + else if ((options & OPTION_SSL) == 0) + webport = PORT_HTTP; + else + webport = PORT_HTTP_SSL; + + sprintf(bufferurl, "%.1000s", miscptr); + url = bufferurl; + ptr = url; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + variables = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + cond = ptr; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + optional1 = ptr; + if (strstr(url, "\\:") != NULL) { + if ((ptr = malloc(strlen(url))) != NULL) { + strcpy(ptr, hydra_strrep(url, "\\:", ":")); + url = ptr; + } + } + if (strstr(variables, "\\:") != NULL) { + if ((ptr = malloc(strlen(variables))) != NULL) { + strcpy(ptr, hydra_strrep(variables, "\\:", ":")); + variables = ptr; + } + } + if (strstr(cond, "\\:") != NULL) { + if ((ptr = malloc(strlen(cond))) != NULL) { + strcpy(ptr, hydra_strrep(cond, "\\:", ":")); + cond = ptr; + } + } + if (url == NULL || variables == NULL || cond == NULL /*|| optional1 == NULL */ ) + hydra_child_exit(2); + + //printf("url: %s, var: %s, cond: %s, opt: %s\n", url, variables, cond, optional1); + + if (*cond == 0) { + fprintf(stderr, "[ERROR] invalid number of parameters in module option\n"); + return -1; + } + + sprintf(cookieurl, "%.1000s", url); + + //conditions now have to contain F or S to set the fail or success condition + if (*cond != 0 && (strpos(cond, "F=") == 0)) { + success_cond = 0; + cond += 2; + } else if (*cond != 0 && (strpos(cond, "S=") == 0)) { + success_cond = 1; + cond += 2; + } else { + //by default condition is a fail + success_cond = 0; + } + + char *header = NULL, *value = NULL; + while ( /*(optional1 = strtok(NULL, ":")) != NULL */ *optional1 != 0) { + switch (optional1[0]) { + case 'c': // fall through + case 'C': + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + sprintf(cookieurl, "%.1000s", hydra_strrep(optional1 + 2, "\\:", ":")); + optional1 = ptr; + break; + case 'h': + // add a new header at the end + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + /* + * At this point: + * - (optional1 + 2) contains the header's name + * - ptr contains the header's value + */ + if(add_header(optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER)){ + // Success: break the switch and go ahead + optional1 = ptr2; + break; + } + // Error: abort execution + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); + return -1; + case 'H': + // add a new header, or replace an existing one's value + ptr = optional1 + 2; + while (*ptr != 0 && (*ptr != ':' || *(ptr - 1) == '\\')) + ptr++; + if (*ptr != 0) + *ptr++ = 0; + ptr2 = ptr; + while (*ptr2 != 0 && (*ptr2 != ':' || *(ptr2 - 1) == '\\')) + ptr2++; + if (*ptr2 != 0) + *ptr2++ = 0; + /* + * At this point: + * - (optional1 + 2) contains the header's name + * - ptr contains the header's value + */ + if(add_header(optional1 + 2, hydra_strrep(ptr, "\\:", ":"), HEADER_TYPE_USERHEADER_REPL)){ + // Success: break the switch and go ahead + optional1 = ptr2; + break; + } + // Error: abort execution + hydra_report(stderr, "[ERROR] Out of memory for HTTP headers."); + return -1; + // no default + } + } + + /* again: no snprintf to be portable. dont worry, buffer cant overflow */ + if (use_proxy == 1 && proxy_authentication != NULL) { + // proxy with authentication + add_header("Host", webtarget, HEADER_TYPE_DEFAULT); + add_header("User-Agent", "Mozilla 5.0 (Hydra Proxy Auth)", HEADER_TYPE_DEFAULT); + proxy_string = (char *) malloc(strlen(proxy_authentication) + 6); + if(proxy_string) { + strcpy(proxy_string, "Basic "); + strncat(proxy_string, proxy_authentication, strlen(proxy_authentication) - 6); + add_header("Proxy-Authorization", proxy_string, HEADER_TYPE_DEFAULT); + }else{ + hydra_report(stderr, "Out of memory for \"Proxy-Authorization\" header."); + return -1; + } + if (getcookie) { + //doing a GET to save cookies + cookie_request = stringify_headers(); + hydra_report(stdout, "HTTP headers (Proxy Auth Cookies): %s", cookie_request); + } + normal_request = stringify_headers(); + hydra_report(stdout, "HTTP headers (Proxy Auth): %s", normal_request); + } else { + if (use_proxy == 1) { + // proxy without authentication + add_header("Host", webtarget, HEADER_TYPE_DEFAULT); + add_header("User-Agent", "Mozilla/5.0 (Hydra Proxy)", HEADER_TYPE_DEFAULT); + if (getcookie) { + //doing a GET to get cookies + cookie_request = stringify_headers(); + hydra_report(stdout, "HTTP headers (Proxy Noauth Cookies): %s", cookie_request); + } + normal_request = stringify_headers(); + hydra_report(stdout, "HTTP headers (Proxy Noauth): %s", normal_request); + } else { + // direct web server, no proxy + add_header("Host", webtarget, HEADER_TYPE_DEFAULT); + add_header("User-Agent", "Mozilla/5.0 (Hydra)", HEADER_TYPE_DEFAULT); + + if (getcookie) { + //doing a GET to save cookies + cookie_request = stringify_headers(); +// hydra_report(stdout, "HTTP headers (Direct Cookies): %s", cookie_request); + } + + normal_request = stringify_headers(); +// hydra_report(stdout, "HTTP Headers (Direct): %s", normal_request); + } + } + return 0; }