Class: Msf::Exploit::Remote::HTTP::HttpCookie

Inherits:

Object

• Object
• Msf::Exploit::Remote::HTTP::HttpCookie

Includes:

Comparable

Defined in:

lib/msf/core/exploit/remote/http/http_cookie.rb

Overview

This class is a representation of a Http Cookie with some built in convenience methods. Acts as a wrapper for the HTTP::Cookie (www.rubydoc.info/gems/http-cookie/1.0.3/HTTP/Cookie) class .

Instance Method Summary

• #<=>(other) ⇒ Object
• #acceptable? ⇒ Boolean

  Tests if it is OK to accept this cookie.

• #acceptable_from_uri?(uri) ⇒ Boolean

  Tests if it is OK to accept this cookie if it is sent from the passed uri.

• #accessed_at ⇒ Object

  Returns the cookie accessed_at value of type Time.

• #accessed_at=(time) ⇒ Object

  Sets the cookie accessed_at time.

• #cookie_value ⇒ Object (also: #to_s)

  Returns a string representation of the cookie for use in a cookie header.

• #created_at ⇒ Object

  Returns the cookie created_at value of type Time.

• #created_at=(time) ⇒ Object

  Sets the cookie accessed_at time.

• #domain ⇒ Object

  Returns the cookie domain of type String.

• #domain=(domain) ⇒ Object

  Sets the cookie domain.

• #expired?(time = Time.now) ⇒ Boolean

  Returns a boolean indicating if the cookie will have expired by the date and time represented by time.

• #expires ⇒ Object

  Returns the value of cookie expires of type Time.

• #expires=(expires) ⇒ Object

  Sets the cookie expires value.

• #httponly ⇒ Object

  Returns the cookie httponly value of type Boolean.

• #httponly=(httponly) ⇒ Object

  Sets the cookie httponly value.

• #initialize(name, value = nil, **attr_hash) ⇒ HttpCookie constructor

  Returns a new HttpCookie.

• #max_age ⇒ Object

  Returns the value of max_age.

• #max_age=(max_age) ⇒ Object

  Sets the cookie max_age of type Integer.

• #name ⇒ Object

  Returns the name of cookie of type String.

• #name=(name) ⇒ Object

  Sets the cookie name.

• #origin ⇒ Object
• #origin=(origin) ⇒ Object
• #path ⇒ Object

  Returns the cookie path of type String.

• #path=(path) ⇒ Object

  Sets the cookie path.

• #secure ⇒ Object

  Returns the cookie secure value of type Boolean.

• #secure=(secure) ⇒ Object

  Sets the cookie secure value.

• #session? ⇒ Boolean

  Returns a boolean indicating if the cookie is a Session Cookie.

• #valid_for_uri?(uri) ⇒ Boolean

  Returns a boolean indicating if the cookie can be sent to the passed uri.

• #value ⇒ Object

  Returns the value of cookie of type String.

• #value=(value) ⇒ Object

  Sets the cookie value.

Constructor Details

#initialize(name, value = nil, **attr_hash) ⇒ HttpCookie

Returns a new HttpCookie.

Name can be a string.

• If a String, the name of the cookie is set to the passed name.

- If only a String is passed to name, the cookie is set as a session cookie.

Value can be a String or nil.

• If a String, the value of the cookie is set as the passed cookie.

• If nil, the value of the cookie is set as an empty String ” and the cookie is set to expire at UNIX_EPOCH

attr_hash can be used to set the values of domain, path, max_age, expires, secure, httponly, accessed_at, created_at.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 25

def initialize(name, value = nil, **attr_hash)
  if value
    @cookie = ::HTTP::Cookie.new(name, value)
  else
    @cookie = ::HTTP::Cookie.new(name)
  end

  attr_hash.each_pair do |k, v|
    if k == 'max-age'.to_sym
      self.max_age= v
    elsif respond_to?("#{k}=".to_sym)
      self.send("#{k}=".to_sym, v)
    end
  end
end

Instance Method Details

#<=>(other) ⇒ Object

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 266

def <=>(other)
  @cookie <=> other
end

#acceptable? ⇒ Boolean

Tests if it is OK to accept this cookie. If either domain or path is missing an ArgumentError is raised.

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 242

def acceptable?
  @cookie.acceptable?
end

#acceptable_from_uri?(uri) ⇒ Boolean

Tests if it is OK to accept this cookie if it is sent from the passed uri.

Parameters:

• uri (String) —

  The uri that will be checked

Returns:

• (Boolean) —

  True if the URI is an acceptable URI, false if the URI is nil or resolves to a blank string

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 259

def acceptable_from_uri?(uri)
  return false if uri.nil?
  return false if URI(uri.strip).host == ''

  @cookie.acceptable_from_uri?(uri)
end

#accessed_at ⇒ Object

Returns the cookie accessed_at value of type Time. accessed_at indicates when a cookie was last interacted with.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 190

def accessed_at
  @cookie.accessed_at
end

#accessed_at=(time) ⇒ Object

Sets the cookie accessed_at time.

Passed time must be nil, an instance of Time, or an object that can be converted successfully to an Time with Time.parse.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 198

def accessed_at=(time)
  if time.nil? || time.is_a?(Time)
    @cookie.accessed_at = time
  else
    @cookie.accessed_at = Time.parse(time)
  end
end

#cookie_value ⇒ Object Also known as: to_s

Returns a string representation of the cookie for use in a cookie header. Comes in format “##name=##value”.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 225

def cookie_value
  @cookie.cookie_value
end

#created_at ⇒ Object

Returns the cookie created_at value of type Time. created_at indicates when a cookie was created.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 207

def created_at
  @cookie.created_at
end

#created_at=(time) ⇒ Object

Sets the cookie accessed_at time.

Passed time must be nil, an instance of Time, or an object that can be converted successfully to an Time with Time.parse.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 215

def created_at=(time)
  if time.nil? || time.is_a?(Time)
    @cookie.created_at = time
  else
    @cookie.created_at = Time.parse(time)
  end
end

#domain ⇒ Object

Returns the cookie domain of type String.

If omitted, defaults to the host of the current document URL, not including subdomains. Leading dots in domain names (.example.com) are ignored. Multiple host/domain values are not allowed, but if a domain is specified, then subdomains are always included.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 160

def domain
  if @cookie.domain.nil?
    nil
  else
    @cookie.domain.to_s
  end
end

#domain=(domain) ⇒ Object

Sets the cookie domain.

Passed domain must be nil, an instance of String, or an object that can be converted successfully to an String with to_s.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 172

def domain=(domain)
  if domain.nil?
    @cookie.domain = domain
  else
    @cookie.domain = domain.to_s
  end
end

#expired?(time = Time.now) ⇒ Boolean

Returns a boolean indicating if the cookie will have expired by the date and time represented by time. time defaults to Time.now, so the method can return a different value after enough calls.

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 232

def expired?(time = Time.now)
  @cookie.expired?(time)
end

#expires ⇒ Object

Returns the value of cookie expires of type Time.

expires is the date and time at which a cookie expires.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 90

def expires
  @cookie.expires
end

#expires=(expires) ⇒ Object

Sets the cookie expires value.

Passed expires must be nil, an instance of Time, or an object that can be converted successfully to an Time with Time.parse(expires).

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 98

def expires=(expires)
  if expires.nil? || expires.is_a?(Time)
    @cookie.expires = expires
  else
    t = Time.parse(expires)
    @cookie.expires = t
  end
end

#httponly ⇒ Object

Returns the cookie httponly value of type Boolean.

httponly is a Boolean that indicates if client-side scripts should be prevented from accessing data.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 144

def httponly
  @cookie.httponly
end

#httponly=(httponly) ⇒ Object

Sets the cookie httponly value.

Passed httponly is converted to a Boolean with !!httponly and set.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 151

def httponly=(httponly)
  @cookie.httponly = !!httponly
end

#max_age ⇒ Object

Returns the value of max_age.

max_age is the number of seconds until a cookie expires.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 71

def max_age
  @cookie.max_age
end

#max_age=(max_age) ⇒ Object

Sets the cookie max_age of type Integer.

Passed max_age must be nil, an Integer, or an object that can be converted successfully to an Integer with Integer(max_age).

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 79

def max_age=(max_age)
  if max_age.nil? || max_age.is_a?(Integer)
    @cookie.max_age = max_age
  else
    @cookie.max_age = Integer(max_age)
  end
end

#name ⇒ Object

Returns the name of cookie of type String.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 42

def name
  @cookie.name
end

#name=(name) ⇒ Object

Sets the cookie name.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 47

def name=(name)
  @cookie.name = name.to_s
end

#origin ⇒ Object

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 184

def origin
  @cookie.origin
end

#origin=(origin) ⇒ Object

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 180

def origin=(origin)
  @cookie.origin = origin
end

#path ⇒ Object

Returns the cookie path of type String.

path is the URL for which the cookie is valid.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 110

def path
  @cookie.path
end

#path=(path) ⇒ Object

Sets the cookie path.

Passed path must be nil, an instance of String, or an object that can be converted successfully to a String with to_s.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 118

def path=(path)
  if path.nil? || path.is_a?(String)
    @cookie.path = path
  else
    @cookie.path = path.to_s
  end
end

#secure ⇒ Object

Returns the cookie secure value of type Boolean.

secure is a boolean that indicates if the cookie should be limited to the scope of secure channels as defined by the user agent.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 130

def secure
  @cookie.secure
end

#secure=(secure) ⇒ Object

Sets the cookie secure value.

Passed secure is converted to a Boolean with !!secure and set.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 137

def secure=(secure)
  @cookie.secure = !!secure
end

#session? ⇒ Boolean

Returns a boolean indicating if the cookie is a Session Cookie.

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 237

def session?
  @cookie.session?
end

#valid_for_uri?(uri) ⇒ Boolean

Returns a boolean indicating if the cookie can be sent to the passed uri. Raises an ArgumentError if domain is nil (unset).

Returns:

• (Boolean)

Raises:

• (ArgumentError)

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 248

def valid_for_uri?(uri)
  return false if uri.nil?
  raise ArgumentError, 'cannot tell if this cookie is valid as domain is nil' if domain.nil?

  @cookie.valid_for_uri?(uri)
end

#value ⇒ Object

Returns the value of cookie of type String.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 52

def value
  @cookie.value
end

#value=(value) ⇒ Object

Sets the cookie value.

Passed value must be nil, an instance of String, or an object that can be converted successfully to a String with to_s.

# File 'lib/msf/core/exploit/remote/http/http_cookie.rb', line 60

def value=(value)
  if value.nil? || value.is_a?(String)
    @cookie.value = value
  else
    @cookie.value = value.to_s
  end
end