Moskenstraumen

HTTP request module implemented to spoofme backdoor/packetstorm

HTTP_Response http_request( char *in_URL, HTTP_Extra *in_Extra, HTTP_Method in_Method, unsigned long in_Flags )
{
char *pBuf;
char *pRequest;
char *path;
char scheme[50], host[MAXPATHLEN];
char *pData, *pBase, *pHCode, *pHMsgEnd;
char szContent[32];
char *proxy;
int port;
struct hostent *nameinfo;
int s;
struct sockaddr_in addr;
unsigned long total_bytes, bytes, header_size = 0UL, data_size = 0UL, alloc_size = 0UL;
fd_set set;
int in_header;
char *h_end_ptr;
HTTP_Response hResponse = { 0,0,0,0,0,"","" };

#ifdef HF_DO_FILE
if(in_Method == kHMethodGet && !strncasecmp(in_URL, "file://", 7))
return do_file( in_URL );
#endif /* HF_DO_FILE */

memset( hResponse.szHCode, '\0', HCODESIZE );
memset( hResponse.szHMsg, '\0', HMSGSIZE );
memset( host, '\0', MAXPATHLEN );
memset( scheme, '\0', 50 );
memset( szContent, '\0', 32 );

/* The URL is limited to 8k in all cases.
* For GET request with many/big arguments, this may be a problem, but
* with that much data you should be using a POST.
* For POST request, the arguments are in in_Extra->PostData, which is
* not limited, so it should always be fine.
* Jean II */
if( strlen( in_URL ) < GETLEN )
{
pRequest = (char *)calloc( 1, strlen( in_URL ) + 1024 );
if( pRequest == NULL )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );
return( hResponse );
}
}
else
{
in_URL[GETLEN] = '\0';
pRequest = (char *)calloc( 1, GETLEN + 1024 );
if( pRequest == NULL )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );
return( hResponse );
}
}

if( (in_Flags & HFLAG_FORCE_NO_PROXY) ||
((proxy = getenv( "http_proxy" )) == NULL ) )
{
/* MAR-18-2003 path may be NULL now, take this into account */
path = parse_url( in_URL, scheme, host, &port );
if ( !path )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );
if( pRequest ) free( pRequest );
return( hResponse );
}

if( strcasecmp(scheme, "http") != 0 )
{
fprintf( stderr, "http_request cannot operate on %s URLs without a proxy\n", scheme );
if( path ) free( path );
if( pRequest ) free( pRequest );
return( hResponse );
}
}
else
{
path = parse_url( proxy, scheme, host, &port );
if( path ) free( path );
/* MAR 18-2003 jjsa: path will be freed later, alloc memory ! */
path = strdup(in_URL);
if( path == NULL )
{
if( pRequest ) free( pRequest );
return( hResponse );
}
}
/* -- Note : --
* After this point, in_URL is no longer used and you should only
* use "path". - Jean II
*/

/* Find out the IP address */

if( (nameinfo = gethostbyname( host )) == NULL )
{
addr.sin_addr.s_addr = inet_addr( host );
if( (int)addr.sin_addr.s_addr == -1 )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );

fprintf( stderr, "Unknown host %s\n", host );
if( path ) free( path );
if( pRequest ) free( pRequest );
return( hResponse );
}
}
else
{
memcpy( (char *)&addr.sin_addr.s_addr, nameinfo->h_addr, nameinfo->h_length );
}

/* Create socket and connect */

if( (s = socket( PF_INET, SOCK_STREAM, 0 )) == -1 )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );
if( path ) free( path );
if( pRequest ) free( pRequest );
return( hResponse );
}
if(in_Extra != NULL)
in_Extra->Socket = s;

addr.sin_family = AF_INET;
addr.sin_port = htons( port );
if( connect( s, (struct sockaddr *)&addr, sizeof(addr) ) == -1 )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );
if( path ) free( path );
if( pRequest ) free( pRequest );
close( s );
return( hResponse );
}

switch( in_Method )
{
case kHMethodPost:
{
/* The POST will come to us as two parts :
* 1) The URL, in in_URL
* 2) Some data (binary or ASCII), in in_Extra->PostData
*/

/* Check if we have some POST data. Note that in_Extra
* is usually NULL for GET requests */
if((in_Extra == NULL) || (in_Extra->PostData == NULL))
{
hResponse.iError = errno;
hResponse.pError = "ERROR, invalid URL for POST request";
fprintf( stderr, "ERROR: invalid URL for POST request, no content found\n" );
if( path ) free( path );
if( pRequest ) free( pRequest );
close( s );
return( hResponse );
}

sprintf( pRequest, "POST %s HTTP/1.0\r\nHost: %s\r\n",
path, host );
/* "Content-Length" is mandatory for POST request, both for
* security reason (you may DoS the server without) and because
* we may send binary data. Jean II */
sprintf( szContent, "%s%d\r\n", "Content-Length: ", in_Extra->PostLen );
strcat( pRequest, szContent );
/* If the caller provides already a "Content-Type" header (below),
* no need to do it ourselves - Jean II */
if( ! (in_Flags & HFLAG_POST_USER_TYPE) )
strcat( pRequest, "Content-Type: application/x-www-form-urlencoded\r\n");
/* Additional HTTP headers, most likely "Content-Type" */
if((in_Extra != NULL) && (in_Extra->Headers != NULL))
{
strcat( pRequest, in_Extra->Headers );
strcat( pRequest, "\r\n" );
}
strcat( pRequest, "User-Agent: hget/" LIBHTTP_VERSION "\r\n");
strcat( pRequest, "Pragma: no-cache\r\n" );
strcat( pRequest, "Accept: */*\r\n\r\n" );
break;
}
case kHMethodHead:
{
sprintf( pRequest, "HEAD %s HTTP/1.0\r\nHost: %s\r\n", path, host );
strcat( pRequest, "User-Agent: hget/" LIBHTTP_VERSION "\r\n");
if((in_Extra != NULL) && (in_Extra->Headers != NULL))
{
strcat( pRequest, in_Extra->Headers );
strcat( pRequest, "\r\n" );
}
strcat( pRequest, "Pragma: no-cache\r\n" );
strcat( pRequest, "Accept: */*\r\n\r\n" );
break;
}
case kHMethodGet:
default:
{
sprintf( pRequest, "GET %s HTTP/1.0\r\nHost: %s\r\n", path, host );
strcat( pRequest, "User-Agent: hget/" LIBHTTP_VERSION "\r\n");
if((in_Extra != NULL) && (in_Extra->Headers != NULL))
{
strcat( pRequest, in_Extra->Headers );
strcat( pRequest, "\r\n" );
}
strcat( pRequest, "Pragma: no-cache\r\n" );
strcat( pRequest, "Accept: */*\r\n\r\n" );
break;
}
}

write( s, pRequest, strlen( pRequest) );

/* In the case of Post Request, we also need to send the payload
* in the body of the request (following the header we have just
* sent). Jean II */
if( in_Method == kHMethodPost )
write( s, in_Extra->PostData, in_Extra->PostLen );
/* Note : we don't display via debug the content of in_Extra->PostData,
* because it may be binary and BIG. Jean II */

/* Cleanup. Those guys are no longer needed. Jean II */
if( path ) free( path );
if( pRequest ) free( pRequest );

/* --------------------------------------------------------- */
/* We sent everything, waiting for answer. Jean II */

FD_ZERO( &set );
FD_SET( s, &set );

if( select( FD_SETSIZE, &set, NULL, NULL, NULL ) == -1 )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );
close( s );
return( hResponse );
}

in_header = 1;

total_bytes = 0UL;

/* Allocate the working Rx buffer. We read data in this buffer
* before doing the reassembly in pBase. Jean II */
pBuf = (char *)malloc( BUFLEN + 1 );
if( pBuf == NULL )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );
close( s );
return( hResponse );
}

data_size = 0UL;
pBase = (char *)malloc( XFERLEN );
if( pBase == NULL )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );

fprintf(stderr, "ERROR (malloc): recv (errno = %d = %s)\n",
errno, strerror(errno));
fflush( stderr );
if( pBuf ) free( pBuf );
close( s );
return( hResponse );
}
alloc_size = XFERLEN;
pData = pBase;

while( (bytes = read( s, pBuf, BUFLEN )) != 0 )
{
total_bytes += bytes;

if( (data_size + bytes ) > alloc_size )
{
pBase = realloc( pBase, (alloc_size + XFERLEN) );
if( pBase == NULL )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );

fprintf(stderr, "ERROR (realloc): (errno = %d = %s)\n",
errno, strerror(errno));
fflush( stderr );
if( pBase ) free( pBase );
if( pBuf ) free( pBuf );
close( s );
return( hResponse );
}
pData = pBase + data_size;
alloc_size += XFERLEN;
}

memcpy( pData, pBuf, bytes );
pData += bytes;
data_size += bytes;
}

close( s );

h_end_ptr = find_header_end( pBase, total_bytes );

if( h_end_ptr != NULL )
{
pHCode = strchr( pBase, ' ' );
if( pHCode != NULL )
{
pHCode++;
strncpy( hResponse.szHCode, pHCode, 3 );
pHCode += 4;
pHMsgEnd = strchr( pHCode, '\n' );
if( pHMsgEnd != NULL )
{
strncpy( hResponse.szHMsg, pHCode,
(pHMsgEnd - pHCode) <= (HMSGSIZE - 1) ? (pHMsgEnd - pHCode ) : (HMSGSIZE - 1) );
}
}
}
else
{
header_size = total_bytes;
h_end_ptr = pBase + total_bytes;
}

header_size = (unsigned long)(h_end_ptr - pBase);

/* Found, print up to delimiter to stderr and rest to stdout */
if( in_Method == kHMethodHead )
{
if( pBuf ) free( pBuf );
pBase = realloc( pBase, header_size + 1 );
if( pBase == NULL )
return( hResponse );
pBase[header_size] = '\0';
hResponse.lSize = (long)header_size;
hResponse.pData = pBase;
return( hResponse );
}

/* Does the client wants the header ? - Jean II */
if( in_Flags & HFLAG_RETURN_HEADER )
{
/* Allocate it => client will cleanup */
hResponse.pHdr = malloc( header_size + 1 );
/* Don't make a big deal if it fails */
if( hResponse.pHdr != NULL )
{
memcpy( hResponse.pHdr, pBase, header_size );
/* Be nice to client : NULL terminate it */
hResponse.pHdr[header_size] = '\0';
}
}

/* Delete HTTP headers */
memcpy(pBase, h_end_ptr, total_bytes - header_size);

if( (total_bytes - header_size) > 0 )
{
pBase = realloc( pBase, (total_bytes - header_size) + 1 );
if( pBase == NULL )
{
hResponse.iError = errno;
hResponse.pError = strerror( errno );

fprintf(stderr, "ERROR (realloc): (errno = %d = %s)\n",
errno, strerror(errno));
fflush( stderr );
if( pBase ) free( pBase );
if( pBuf ) free( pBuf );
return( hResponse );
}
}
if( in_Method != kHMethodHead )
{
pBase[total_bytes - header_size] = '\0';
hResponse.lSize = (long)(total_bytes - header_size);
hResponse.pData = pBase;
}
if( pBuf ) free( pBuf );
return( hResponse );
}

	Bienvenido(a), Visitante. Favor de ingresar o registrarse. ¿Perdiste tu email de activación? - Noviembre 18, 2008, 07:17:03