New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to msfrpcd for starting JSON-RPC server #11213

Merged
merged 6 commits into from Jan 10, 2019

Conversation

Projects
None yet
3 participants
@mkienow-r7
Copy link
Contributor

mkienow-r7 commented Jan 9, 2019

Adds support to msfrpcd for starting the JSON-RPC server introduced in #10682.

Verification

  • Run msfdb if you do not already have an initialized web service; otherwise, you will need your API token.
  • Start the JSON-RPC server on localhost:8081 in the foreground using msfrpcd: ./msfrpcd -j -a localhost -p 8081 -f
  • Test RPC v1.0 (v10) core method core.version
  • Use cURL to execute the RPC method: curl -k -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer <token>" -d '{"jsonrpc": "2.0", "method": "core.version", "id": 1 }' https://localhost:8081/api/v1/json-rpc | python -m json.tool
  • Verify the JSON-RPC response contains the expected result
  • Press Ctrl-C to terminate the foreground JSON-RPC server
  • Explore other JSON-RPC options for msfrpcd
  • Verify the JSON-RPC server responds accordingly
  • Start msfrpcd without the -j flag
  • Verify the MSFRPC mode of msfrpcd operates as it did before

mkienow-r7 added some commits Jan 9, 2019

@mkienow-r7

This comment has been minimized.

Copy link
Contributor

mkienow-r7 commented Jan 9, 2019

Marked delayed as msfdb should be modified to use the methods from the ServiceHelper class to avoid code duplication.

@mkienow-r7 mkienow-r7 removed the delayed label Jan 9, 2019

@mkienow-r7

This comment has been minimized.

Copy link
Contributor

mkienow-r7 commented Jan 9, 2019

@jbarnett-r7 and I decided to land this PR as-is and open a subsequent PR to update msfdb.

msfrpcd Outdated
RPC_TYPE = 'Msg'

@localconf = "#{ENV['HOME']}/.msf4"
@ws_tag = 'msf-ws'

This comment has been minimized.

@jbarnett-r7

jbarnett-r7 Jan 9, 2019

Contributor

I'm guessing the answer is "following the precedent of msfdb", but why are all of these global variables instead of constants?

This comment has been minimized.

@mkienow-r7

mkienow-r7 Jan 9, 2019

Contributor

That is a correct assumption, that said, I could make those changes.

Show resolved Hide resolved msfrpcd Outdated
msfrpcd Outdated
end

$stderr.puts "[*] JSON-RPC starting on #{opts['ServerHost']}:#{opts['ServerPort']} (#{opts['SSL'] ? "SSL" : "NO SSL"})..."
$stderr.puts "[*] URI: /api/<version>/json-rpc"

This comment has been minimized.

@jbarnett-r7

jbarnett-r7 Jan 9, 2019

Contributor

Could we specify the exact version here somehow? Or at least indicate the format is v<num>?

This comment has been minimized.

@mkienow-r7

mkienow-r7 Jan 9, 2019

Contributor

It's dynamic, but given we really only have v1 (v10) I'll just change it until a future v2 is in use.

mkienow-r7 added some commits Jan 9, 2019

Refactor JSON-RPC related variables
Dynamically get MSF config root directory rather than a fixed value.

@jbarnett-r7 jbarnett-r7 merged commit 0350d87 into rapid7:master Jan 10, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

jbarnett-r7 added a commit that referenced this pull request Jan 10, 2019

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor

jbarnett-r7 commented Jan 10, 2019

Release Notes

Add functionality to msfrpcd to handle starting and stopping the JSON-RPC API. This can be done by running msfrpcd -j.

@mkienow-r7 mkienow-r7 deleted the mkienow-r7:MS-3670-msfrpcd-add-json-rpc branch Jan 10, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment