Class: Msf::Exploit::Remote::HTTP::HttpCookieJar

Inherits:

Object

• Object
• Msf::Exploit::Remote::HTTP::HttpCookieJar

Defined in:

lib/msf/core/exploit/remote/http/http_cookie_jar.rb

Overview

Acts as a wrapper for the 3rd party CookieJar (http-cookie)

Instance Method Summary

• #add(cookie) ⇒ Object

  Adds cookie to the jar.

• #cleanup(expire_all = false) ⇒ Object

  Will remove all expired cookies.

• #clear ⇒ Object

  Will remove all cookies from the jar.

• #cookies ⇒ Object

  Returns an unordered array of all cookies stored in the jar.

• #delete(cookie) ⇒ Object

  Will remove any cookie from the jar that has the same name, domain and path as the passed cookie.

• #empty? ⇒ Boolean

  Returns true if the jar contains no cookies, else false.

• #initialize ⇒ HttpCookieJar constructor

  Returns a new instance of HttpCookieJar.

• #initialize_copy(other) ⇒ Object

  Modules are replicated before running.

• #parse(set_cookie_header, origin_url) ⇒ Object

  Parses a Set-Cookie header value set_cookie_header and returns an array of ::Msf::Exploit::Remote::HTTP::HttpCookie objects.

• #parse_and_merge(set_cookie_header, origin_url) ⇒ Object

  Same as parse, but each ::Msf::Exploit::Remote::HTTP::HttpCookie is also added to the jar.

Constructor Details

#initialize ⇒ HttpCookieJar

Returns a new instance of HttpCookieJar.

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 17

def initialize
  @cookie_jar = ::HTTP::CookieJar.new({
    store: HashStoreWithoutAutomaticExpiration
  })
end

Instance Method Details

#add(cookie) ⇒ Object

Adds cookie to the jar.

cookie must be an instance or subclass of Msf::Exploit::Remote::HTTP::HttpCookie, or a ‘TypeError` will be raised.

Returns self.

Raises:

• (TypeError)

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 29

def add(cookie)
  raise TypeError, "Passed cookie is of class '#{cookie.class}' and not a subclass of '#{Msf::Exploit::Remote::HTTP::HttpCookie}" unless cookie.is_a?(Msf::Exploit::Remote::HTTP::HttpCookie)

  @cookie_jar.add(cookie)
  self
end

#cleanup(expire_all = false) ⇒ Object

Will remove all expired cookies. If expire_all is set as true, all session cookies are removed as well.

Returns self.

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 63

def cleanup(expire_all = false)
  @cookie_jar.cleanup(expire_all)
  self
end

#clear ⇒ Object

Will remove all cookies from the jar.

Returns nil.

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 55

def clear
  @cookie_jar.clear
  self
end

#cookies ⇒ Object

Returns an unordered array of all cookies stored in the jar.

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 48

def cookies
  @cookie_jar.cookies
end

#delete(cookie) ⇒ Object

Will remove any cookie from the jar that has the same name, domain and path as the passed cookie.

Returns self.

Raises:

• (TypeError)

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 39

def delete(cookie)
  return if @cookie_jar.cookies.empty?
  raise TypeError, "Passed cookie is of class '#{cookie.class}' and not a subclass of '#{Msf::Exploit::Remote::HTTP::HttpCookie}" unless cookie.is_a?(Msf::Exploit::Remote::HTTP::HttpCookie)

  @cookie_jar.delete(cookie)
  self
end

#empty? ⇒ Boolean

Returns true if the jar contains no cookies, else false.

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 69

def empty?
  @cookie_jar.empty?
end

#initialize_copy(other) ⇒ Object

Modules are replicated before running. This method ensures that the cookie jar from one run, will not impact subsequent runs.

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 104

def initialize_copy(other)
  super
  @cookie_jar = other.instance_variable_get(:@cookie_jar).clone
end

#parse(set_cookie_header, origin_url) ⇒ Object

Parses a Set-Cookie header value set_cookie_header and returns an array of ::Msf::Exploit::Remote::HTTP::HttpCookie objects. Parts (separated by commas) that are malformed or considered unacceptable are silently ignored.

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 76

def parse(set_cookie_header, origin_url)
  cookies = []
  ::HTTP::Cookie::Scanner.new(set_cookie_header).scan_set_cookie do |name, value, attrs|
    if name.nil? || name.empty?
      next
    end

    if attrs && attrs.is_a?(Hash)
      attrs = attrs.transform_keys(&:to_sym)
      attrs[:origin] = origin_url
      cookies << HttpCookie.new(name, value, **attrs)
    else
      raise ArgumentError, "Cookie header could not be parsed by 'scan_set_cookie' successfully."
    end
  end

  cookies
end

#parse_and_merge(set_cookie_header, origin_url) ⇒ Object

Same as parse, but each ::Msf::Exploit::Remote::HTTP::HttpCookie is also added to the jar.

# File 'lib/msf/core/exploit/remote/http/http_cookie_jar.rb', line 96

def parse_and_merge(set_cookie_header, origin_url)
  cookies = parse(set_cookie_header, origin_url)
  cookies.each { |c| add(c) }
  cookies
end