C:/fscan/HTTPCore/HTTP.cpp File Reference

#include "HTTPCore.h"
#include "CallBack.h"
#include "Threading.h"

Include dependency graph for HTTP.cpp:

Go to the source code of this file.

Defines

#define HEADER_ID_NOT_FOUND   NULL

Functions

static char * GetServerVersion (HTTP_DATA *response)
 This function search for the "Server:" Header at a server response.
static unsigned int IschallengeSupported (char *headers)
 This function enumerates all valid authentication schemes supported by the remote http resource.
static PREQUEST ParseReturnedBuffer (HTTPHANDLE HTTPHandle, PHTTP_DATA request, PHTTP_DATA response, char *url)
 This function generates and fills a REQUEST struct with the HTTP request and response information.
int InitHTTPApi (void)
 Initializes the HTTP Core. You must call InitHTTPApi before interacting with HTTP functions.
void CloseHTTPApi (void)
 This function is used to stop working with HTTP Core. Previous call to InitHTTPApi() is required.
int SetHTTPAPIConfig (int opt, char *parameter)
 This function is used to set global configuration options for each connection.
char * GetHTTPAPIConfig (int opt)
 This function retrieves the current global configuration.
HTTPHANDLE InitHTTPConnectionHandle (char *hostname, int port, int ssl)
 This function returns a pseudo-Handle needed to stablish an HTTP connection. This information is managed internally by the HTTP Core. Only one call is required for handling each remote host.
char * GetHTTPConfig (HTTPHANDLE HTTPHandle, int opt)
 This function allows users to retrieve HTTP Configuration parameters.
int SetHTTPConfig (HTTPHANDLE HTTPHandle, int opt, char *parameter)
 This function Allows users to change some HTTP request parameters.
void CloseHTTPConnectionHandle (HTTPHANDLE HTTPHandle)
 This function destroys an HTTP Handle.
static __inline void AddLine (char *lpBuffer, char *source, unsigned int *Buffersize)
 This function is used to securely append data to a buffer.
char * GetHeaderValue (char *headers, char *value, int n)
 This function is used to get a header returned by the HTTP server by using the header name.
char * GetHeaderValueByID (char *headers, unsigned int id)
 This function is used to get a header returned by the HTTP server.
PHTTP_DATA AddHeader (PHTTP_DATA request, char *Header)
 This function adds a header to the request.
PHTTP_DATA RemoveHeader (PHTTP_DATA request, char *Header)
 This function Searches a PHTTP_DATA structure for specific headers and if found , the header is removed.
void * FreeRequest (PREQUEST data)
 This function destroys a _request struct returned by SendHttpRequest() and free reserved memory.
PREQUEST SendRawHttpRequest (HTTPHANDLE HTTPHandle, char *headers, char *postdata)
 This function is used by the user to send an special crafted HTTP Request against a webserver.
PREQUEST SendHttpRequest (HTTPHANDLE HTTPHandle, char *VHost, char *HTTPMethod, char *url, char *Postdata, char *lpUsername, char *lpPassword, int AuthMethod)
 This function is used by the user to send a request against a webserver.
int CancelHttpRequest (HTTPHANDLE HTTPHandle, int what)
 This function is used to disconnect a currently stablished connection.

Variables

unsigned int AutoRedirect303 = 1
const char UserAgent [] = "User-Agent: Mozilla/5.0 (FHScan Core 1.1)\r\n"
PHHANDLE GlobalHTTPCoreApiOptions = NULL

Detailed Description

Fast HTTP Auth Scanner - HTTP Public / Exported API functions

Fast HTTP Auth Scanner - Threading functions for the HTTP Core

Definition in file HTTP.cpp.

Define Documentation

#define HEADER_ID_NOT_FOUND   NULL

Referenced by GetHeaderValueByID().

Function Documentation

PHTTP_DATA AddHeader ( PHTTP_DATA  request,
char *  Header 
)

This function adds a header to the request.

Parameters:
request PHTTP_DATA pointer to the headers
Header Null terminated pointer to the string that is going to be added.
Note:
Headers MUST contain \r\n at the end

Definition at line 658 of file HTTP.cpp.

References _data::Header, and _data::HeaderSize.

static __inline void AddLine ( char *  lpBuffer,
char *  source,
unsigned int *  Buffersize 
) [static]

This function is used to securely append data to a buffer.

Definition at line 524 of file HTTP.cpp.

Referenced by SendHttpRequest().

int CancelHttpRequest ( HTTPHANDLE  HTTPHandle,
int  what 
)

This function is used to disconnect a currently stablished connection.

Parameters:
HTTPHandle Handle of the remote connection.
what Cancel only the current request HTTP_REQUEST_CURRENT or blocks all connections against the remote HTTP host with HTTP_REQUEST_ALL.
Note:
This function is needed to cancel requests like example a CONNECT call sent against a remote HTTP proxy server by SendRawHttpRequest()

Definition at line 1136 of file HTTP.cpp.

References HTTPCoreCancelHTTPRequest().

Here is the call graph for this function:

void CloseHTTPApi ( void   ) 

This function is used to stop working with HTTP Core. Previous call to InitHTTPApi() is required.

Definition at line 55 of file HTTP.cpp.

References CloseHTTPApiCore(), and CloseHTTPConnectionHandle().

Here is the call graph for this function:

void CloseHTTPConnectionHandle ( HTTPHANDLE  HTTPHandle  ) 

This function destroys an HTTP Handle.

Parameters:
HTTPHandle Pointer to the Handle returned by InitHTTPConnectionHandle(). This value cant be NULL
Note:
Be sure to close the connection handle to avoid memory leaks

Definition at line 382 of file HTTP.cpp.

References UserAgent.

Referenced by CloseHTTPApi().

void* FreeRequest ( PREQUEST  data  ) 

This function destroys a _request struct returned by SendHttpRequest() and free reserved memory.

Parameters:
data Pointer to a _request struct
Returns:
FreeRequest() This function always returns a NULL pointer
Note:
Be sure to close the _request struct to avoid memory leaks

Definition at line 714 of file HTTP.cpp.

References FreeHTTPData(), _request::request, _request::response, and _request::server.

Referenced by SendHttpRequest().

Here is the call graph for this function:

char* GetHeaderValue ( char *  headers,
char *  value,
int  n 
)

This function is used to get a header returned by the HTTP server by using the header name.

Parameters:
headers Pointer to an string containing the headers returned by The server. You should use request->header here
value pointer to an string containing the search header. Example char *value = "Location:"
n Number of matching headers to be searched.
Returns:
GetHeaderValue() returns a Pointer to a string ended by '\0' that contains the header provided by the remote HTTP server. This function returns NULL if the header is not found.
Note:
spaces at the beginning of the return value are removed.

The returned buffer does not contain the ending "\r\n". Is user task to free the memory allocated by this function. Example: 

        struct _request *data;
        ...
        char *buffer=GetHeaderValue(data->response->header,"Location:",0);
        if (buffer)
        {
                printf("[+] Found redirect to: %s\n",buffer);
                free(buffer);
        }

Definition at line 551 of file HTTP.cpp.

References strnicmp.

Referenced by GetServerVersion(), IschallengeSupported(), ParseReturnedBuffer(), ReadHTTPResponseData(), and SendHttpRequest().

char* GetHeaderValueByID ( char *  headers,
unsigned int  id 
)

This function is used to get a header returned by the HTTP server.

Parameters:
headers Pointer to an string containing the headers returned by The server. You should use request->header here
id Header id referecence for matching the header. For example id 0 is the first header (usually like "GET /resource HTTP/1.0\r\n")
Returns:
GetHeaderValueByID() returns a Pointer to a string ended by '\0' that contains the header provided by the remote HTTP server. This function returns NULL if there are less headers than the value specified by the id parameter.
Note:
The returned buffer does not contain the ending "\r\n". Is user task to free the memory allocated by this function. Example: 
        struct _request *data;
        char *buffer=NULL;
        int id=0;
        ...
        while (1)
        {
                buffer=GetHeaderValue(data->response->header,"Location:",id);
                if (buffer != NULL)
                {
                        printf("Header[%3.3i]: %s\n",id,buffer);
                        free(buffer);
                        id++;
                } else {
                        break;
                }
        }

Definition at line 617 of file HTTP.cpp.

References HEADER_ID_NOT_FOUND.

char* GetHTTPAPIConfig ( int  opt  ) 

This function retrieves the current global configuration.

/param opt This value indicates the kind of data that is going to be retrieved. Valid options are OPT_HTTP_PROXY_HOST, OPT_HTTP_PROXY_PORT, OPT_HTTP_PROXY_USER,OPT_HTTP_PROXY_PASS, OPT_HTTP_PROXY_HEADER, OPT_HTTP_COOKIE, OPT_HTTP_USERAGENT, OPT_HTTP_PROXY_PROTOCOL /return Pointer to the option data.

Definition at line 86 of file HTTP.cpp.

References GetHTTPConfig().

Here is the call graph for this function:

char* GetHTTPConfig ( HTTPHANDLE  HTTPHandle,
int  opt 
)

This function allows users to retrieve HTTP Configuration parameters.

Parameters:
HTTPHandle pointer to a handle returned by a previous call to InitHTTPConnectionHandle()
opt this value indicates the kind of data that is going to be modified. Valid options are OPT_HTTP_PROXY_HOST, OPT_HTTP_PROXY_PORT, OPT_HTTP_PROXY_USER,OPT_HTTP_PROXY_PASS, OPT_HTTP_PROXY_HEADER, OPT_HTTP_COOKIE, OPT_HTTP_USERAGENT, OPT_HTTP_PROXY_PROTOCOL
Returns:
NULL terminated pointer to specific parameter string.

Definition at line 164 of file HTTP.cpp.

References _hhandle::AdditionalHeader, _hhandle::Cookie, _hhandle::lpProxyPassword, _hhandle::lpProxyUserName, OPT_HTTP_COOKIE, OPT_HTTP_HEADER, OPT_HTTP_MAXSPEED_DOWNLOAD, OPT_HTTP_PROTOCOL, OPT_HTTP_PROXY_HOST, OPT_HTTP_PROXY_PASS, OPT_HTTP_PROXY_PORT, OPT_HTTP_PROXY_USER, OPT_HTTP_USERAGENT, _hhandle::ProxyHost, _hhandle::ProxyPort, and _hhandle::UserAgent.

Referenced by GetHTTPAPIConfig().

static char * GetServerVersion ( HTTP_DATA response  )  [static]

This function search for the "Server:" Header at a server response.

Parameters:
response pointer to an HTTP_DATA struct that stores the data returned by the http server.
Returns:
GetServerVersion() allocates memory and returns the remote server version. If the remote server header is not found "HTTP/1.0" is returned instead.

Definition at line 403 of file HTTP.cpp.

References GetHeaderValue(), _data::Header, and _data::HeaderSize.

Referenced by ParseReturnedBuffer().

Here is the call graph for this function:

int InitHTTPApi ( void   ) 

Initializes the HTTP Core. You must call InitHTTPApi before interacting with HTTP functions.

Returns:
This functions returns 1 Initialization succes. Value 2 means that the API is already initialized and 0 that there is a critical error.

Definition at line 42 of file HTTP.cpp.

References InitHTTPApiCore().

Here is the call graph for this function:

HTTPHANDLE InitHTTPConnectionHandle ( char *  hostname,
int  port,
int  ssl 
)

This function returns a pseudo-Handle needed to stablish an HTTP connection. This information is managed internally by the HTTP Core. Only one call is required for handling each remote host.

Parameters:
hostname Pointer to the remote hostname. This value can be either an ip address or a hostname
port TCP port for the remote HTTP Server.
ssl Boolean parameter (values 1 or 0 ) to identify if the remote http server port requires an HTTPS connection
Note:
This function does not stablish HTTP Connections, only internal data is initialized. Call SetHTTPConfig() for more features.

The configuration for this handle is inherit from global options defined at SetHTTPAPIConfig().

 HTTPHANDLE connection=InitHTTPConnectionHandle("mail.google.com",443,1);
 if (connection)
 {
        ...
 }

Definition at line 108 of file HTTP.cpp.

References _hhandle::AdditionalHeader, _hhandle::conexion, _hhandle::Cookie, _hhandle::DownloadBwLimit, _hhandle::LastAuthenticationString, _hhandle::LastRequestedUri, _hhandle::lpProxyPassword, _hhandle::lpProxyUserName, _hhandle::NeedSSL, _hhandle::port, _hhandle::ProxyHost, _hhandle::ProxyPort, _hhandle::target, _hhandle::targetDNS, _hhandle::ThreadID, _hhandle::UserAgent, and _hhandle::version.

static unsigned int IschallengeSupported ( char *  headers  )  [static]

This function enumerates all valid authentication schemes supported by the remote http resource.

Parameters:
headers pointer to an string that contains the remote server verbs. Normally HTTPDATARESPONSE->Header
Returns:
supported authentication schemes, valid values are: BASIC_AUTH, DIGEST_AUTH , NTLM_AUTH , UNKNOWN_AUTH , NO_AUTH
Note:
If several Authentication schemes are supported BASIC_AUTH and NTLM_AUTH are prefered instead of DIGEST_AUTH or NEGOTIATE_AUTH.

Definition at line 432 of file HTTP.cpp.

References BASIC_AUTH, DIGEST_AUTH, GetHeaderValue(), NEGOTIATE_AUTH, NTLM_AUTH, strnicmp, and UNKNOWN_AUTH.

Referenced by ParseReturnedBuffer().

Here is the call graph for this function:

static PREQUEST ParseReturnedBuffer ( HTTPHANDLE  HTTPHandle,
PHTTP_DATA  request,
PHTTP_DATA  response,
char *  url 
) [static]

This function generates and fills a REQUEST struct with the HTTP request and response information.

Parameters:
HTTPHandle HANDLE to the remote HTTP Server.
request pointer to an HTTP_DATA struct that contains the request information sent to a remote HTTP Server
response pointer to an HTTP_DATA struct that contains the response information received from a remote HTTP Server.
url pointer to the string that contains the url path requested by the client.
Returns:
pointer to an allocated REQUEST struct. If the HTTP Response is not present NULL will be returned instead.
Note:
The struct generated by this function will be returned to the user.

Definition at line 480 of file HTTP.cpp.

References DIGEST_AUTH, FreeHTTPData(), GetHeaderValue(), GetServerVersion(), _data::Header, _data::HeaderSize, IschallengeSupported(), _hhandle::LastAuthenticationString, _hhandle::NeedSSL, _hhandle::port, _hhandle::target, and _hhandle::targetDNS.

Referenced by SendHttpRequest().

Here is the call graph for this function:

PHTTP_DATA RemoveHeader ( PHTTP_DATA  request,
char *  Header 
)

This function Searches a PHTTP_DATA structure for specific headers and if found , the header is removed.

Parameters:
request PHTTP_DATA pointer to the headers
Header Null Terminated pointer to the string that is going to be removed.

Definition at line 679 of file HTTP.cpp.

References _data::Header, _data::HeaderSize, and strnicmp.

PREQUEST SendHttpRequest ( HTTPHANDLE  HTTPHandle,
char *  VHost,
char *  HTTPMethod,
char *  url,
char *  Postdata,
char *  lpUsername,
char *  lpPassword,
int  AuthMethod 
)

This function is used by the user to send a request against a webserver.

Parameters:
HTTPHandle HANDLE that identifies the remote HTTP Host. This handle is returned by InitHTTPConnectionHandle()
VHost Alternate VHost for the http request. This value will be send in the "Host:" header instead of the ip address. This value can be NULL
HTTPMethod Pointer to the HTTP verb that will be send in the request. Examples "GET", "POST", "HEAD","OPTIONS",
url Pointer to the url. Example "/index.html"
Postdata Optional data to be send in the request. For example "login=user&pass=mypassword"
lpUsername Pointer to an optional username. This value is used if the remote host needs an username for authentication. (error 401)
lpPassword Pointer to an optional password. This value is used if the remote host needs password for authentication. (error 401)
AuthMethod This value specifies the authentication scheme. If the value is NO_AUTH (0) lpUsername and lpPassword are ignored.
Returns:
a Pointer to a _request struct is returned with information of the http response.
Note:
SendHttpRequest() is only able to handle NTLM and digest authentication when running under win32. This function returns NULL if the remote connection cant be stablished
#include "http.h"


int test(char *hostname, int port, int sslNeeded)
{
 struct _request *data,*newdata;
 HTTPHANDLE HTTPHandle=InitHTTPConnectionHandle(hostname,port,sslNeeded);
 if (!HTTPHandle)
 {
         printf("[-] InitHTTPConnectionHandle() Error. Unable to resolve %s\n",hostname);
         return(0);
 }

  data=SendHttpRequest(HTTPHandle,hostname,"GET","/admin/",NULL,NULL,NULL,NO_AUTH);
  if (!data)
  {
          printf("[-] SendHttpRequest() Error. Unable to connect to %s:%i\n",hostname,port);
          CloseHTTPConnectionHandle(HTTPHandle);
          return(0);
  }
  if (data->status==401)
  {
                newdata=SendHttpRequest(HTTPHandle,hostname,"GET","/admin/",NULL,"user","password",data->challenge);
                if (newdata)
                {
                        printf("[+] Status: %i\n",newdata->status);
                        for(int i=0;i<newdata->nheaders,i++)
                        {
                                printf("[+] Header(%i): %s\n",i,newdata->header[i]);

                        }
                        printf("[+] Data: %s\n",newdata->lpBuffer);
                        FreeRequest(newdata);
                }
  }
  CloseHTTPConnectionHandle(HTTPHandle);
  FreeRequest(data);
  return(1);
}


void main(int argc, char *argv[])
{

        InitHTTPApi();
        test("www.tarasco.org",80,0);
        CloseHTTPApi();
}

Definition at line 812 of file HTTP.cpp.

References _hhandle::AdditionalHeader, AddLine(), Base64Encode(), BASIC_AUTH, BuildAuthRequest(), buildAuthResponse(), _request::challenge, _hhandle::Cookie, CreateDigestAuth(), _data::Data, _data::DataSize, DIGEST_AUTH, DispatchHTTPRequest(), dumpAuthChallenge(), FreeRequest(), from64tobits(), GetHeaderValue(), _data::Header, InitHTTPData(), _hhandle::LastAuthenticationString, _hhandle::LastRequestedUri, MAX_POST_LENGHT, _hhandle::NeedSSL, NEGOTIATE_AUTH, NTLM_AUTH, ParseReturnedBuffer(), _hhandle::port, _hhandle::ProxyHost, _request::response, SendHttpRequest(), SmbLength, snprintf, _request::status, _hhandle::targetDNS, to64frombits(), _request::url, UserAgent, and _hhandle::UserAgent.

Referenced by SendHttpRequest().

Here is the call graph for this function:

PREQUEST SendRawHttpRequest ( HTTPHANDLE  HTTPHandle,
char *  headers,
char *  postdata 
)

This function is used by the user to send an special crafted HTTP Request against a webserver.

Parameters:
HTTPHandle HANDLE that identifies the remote HTTP Host. This handle is returned by InitHTTPConnectionHandle()
headers pointer to a null terminated string that contains the headers sent to the HTTP Server. This string must end with "\r\n\r\n" to avoid HTTP errors.
postdata pointer to an optional string containing additional data (like POST data)
Returns:
a Pointer to a _request struct is returned with information of the http response.
Note:
This function returns NULL if the remote connection cant be stablished
/*

Definition at line 734 of file HTTP.cpp.

int SetHTTPAPIConfig ( int  opt,
char *  parameter 
)

This function is used to set global configuration options for each connection.

/param opt This value indicates the kind of data that is going to be modified. Valid options are OPT_HTTP_PROXY_HOST, OPT_HTTP_PROXY_PORT, OPT_HTTP_PROXY_USER,OPT_HTTP_PROXY_PASS, OPT_HTTP_PROXY_HEADER, OPT_HTTP_COOKIE, OPT_HTTP_USERAGENT, OPT_HTTP_PROXY_PROTOCOL /parameter Pointer to the option data.

Definition at line 74 of file HTTP.cpp.

References SetHTTPConfig().

Here is the call graph for this function:

int SetHTTPConfig ( HTTPHANDLE  HTTPHandle,
int  opt,
char *  parameter 
)

This function Allows users to change some HTTP request parameters.

Parameters:
HTTPHandle pointer to a handle returned by a previous call to InitHTTPConnectionHandle()
opt this value indicates the kind of data that is going to be modified. Valid options are OPT_HTTP_PROXY_HOST, OPT_HTTP_PROXY_PORT, OPT_HTTP_PROXY_USER,OPT_HTTP_PROXY_PASS, OPT_HTTP_PROXY_HEADER, OPT_HTTP_COOKIE, OPT_HTTP_USERAGENT, OPT_HTTP_PROXY_PROTOCOL
parameter pointer to the header that will be included in the http request.
Returns:
This function returns 1 if operation succed, otherwhise -1 is returned.
Note:
if parameter is NULL or an empty string, the stored data is erased for that option. 
 HTTPHANDLE connection = InitHTTPConnectionHandle("mail.google.com",443,1);
 if (connection)
 {
        SetHTTPConfig(connection,OPT_HTTP_USERAGENT,"FHScan Core API client");
        PREQUEST DATA = SendHTTPRequest(connection,"GET","/index.html",NULL,NULL,NO_AUTH);
        if (DATA) {
                printf("Returned Headers: %i bytes\n %s\n",DATA->response->HeaderSize,DATA->response->Header);
                printf("Returned Data: %i bytes\n %s\n",DATA->response->DataSize,DATA->response->Data);

                FreeRequest(DATA);
        }
        SetHTTPConfig(connection,OPT_HTTP_USERAGENT,NULL);
        //...
 }

Definition at line 229 of file HTTP.cpp.

References _hhandle::AdditionalHeader, _hhandle::conexion, _hhandle::Cookie, _hhandle::DownloadBwLimit, _hhandle::lpProxyPassword, _hhandle::lpProxyUserName, _hhandle::NeedSSL, OPT_HTTP_COOKIE, OPT_HTTP_HEADER, OPT_HTTP_MAXSPEED_DOWNLOAD, OPT_HTTP_PROTOCOL, OPT_HTTP_PROXY_HOST, OPT_HTTP_PROXY_PASS, OPT_HTTP_PROXY_PORT, OPT_HTTP_PROXY_USER, OPT_HTTP_USERAGENT, _hhandle::ProxyHost, _hhandle::ProxyPort, strnicmp, _hhandle::target, _hhandle::targetDNS, _hhandle::UserAgent, and _hhandle::version.

Referenced by SetHTTPAPIConfig().

Variable Documentation

unsigned int AutoRedirect303 = 1

Definition at line 30 of file HTTP.cpp.

PHHANDLE GlobalHTTPCoreApiOptions = NULL

Definition at line 32 of file HTTP.cpp.

const char UserAgent[] = "User-Agent: Mozilla/5.0 (FHScan Core 1.1)\r\n"

Definition at line 31 of file HTTP.cpp.

Referenced by CloseHTTPConnectionHandle(), and SendHttpRequest().

Generated on Sun Jan 18 00:32:04 2009 for Fast HTTP Vulnerability Scanner by  doxygen 1.5.4