Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow partial HTTP response (default nil) due to timeout #12510

Merged
merged 5 commits into from Nov 5, 2019

Conversation

@wvu-r7
Copy link
Contributor

wvu-r7 commented Oct 30, 2019

I also added a disconnect option to send_request_raw to match send_request_cgi.

  • See if pipelining is even functional, specifically through this API; remove from method definition and hardcode to false if it isn't? Refactored to avoid changing the user API!

Before

####################
# Request:
####################
GET /dana-na/../dana/html5acc/guacamole/../../../../../../data/runtime/mtmp/lmdb/dataa/data.mdb?/dana/html5acc/guacamole/ HTTP/1.1
Host: [redacted]
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)


execution expired

After

####################
# Request:
####################
GET /dana-na/../dana/html5acc/guacamole/../../../../../../data/runtime/mtmp/lmdb/dataa/data.mdb?/dana/html5acc/guacamole/ HTTP/1.1
Host: [redacted]
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)


####################
# Response:
####################
HTTP/1.1 200 OK
Cache-Control: max-age=86400, must-revalidate
Last-Modified: Wed, 18 Sep 2019 20:27:02 GMT
Content-Length: 41943040
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000

���������������������

#12220

@wvu-r7 wvu-r7 changed the title Allow partial HTTP response (previously nil) due to timeout Allow partial HTTP response (default nil) due to timeout Oct 30, 2019
@wvu-r7 wvu-r7 added the delayed label Oct 31, 2019
@wvu-r7 wvu-r7 removed the delayed label Oct 31, 2019
@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

wvu-r7 commented Oct 31, 2019

@acammack-r7: Happy with this now. Let me know if there are any other changes to be made. Thanks!

@acammack-r7 acammack-r7 self-assigned this Oct 31, 2019
@acammack-r7

This comment has been minimized.

Copy link
Contributor

acammack-r7 commented Oct 31, 2019

Looks good! I'll take for a spin later.

@busterb

This comment has been minimized.

Copy link
Member

busterb commented Nov 4, 2019

ping @acammack-r7 anything else you wanted changed? If not I can move this forward too.

acammack-r7 added a commit that referenced this pull request Nov 5, 2019
@acammack-r7 acammack-r7 merged commit f302df3 into rapid7:master Nov 5, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@acammack-r7

This comment has been minimized.

Copy link
Contributor

acammack-r7 commented Nov 5, 2019

Sorry, was looking for a good candidate to test this between other stuff. Confirmed working against a server advertising a ridiculously long Content-Length it never filled.

msjenkins-r7 added a commit that referenced this pull request Nov 5, 2019
@acammack-r7

This comment has been minimized.

Copy link
Contributor

acammack-r7 commented Nov 5, 2019

Release Notes

Modules that use the Msf::Exploit::HttpClient mixin can now elect to receive a partial response to an HTTP request when the server times out before sending the total length advertised in the response headers.

@wvu-r7 wvu-r7 deleted the wvu-r7:feature/http branch Nov 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.