Nmap/Cookies library

From SecWiki
Jump to: navigation, search

Cookies Library

The httpcookies library will provide a complete implementation of cookies. The library will prove useful to new scripts as we have an easy option to manage cookies. Existing scripts will be benefitted by the library too as the arguments to the library can be easily passed by scripts using http/httpspider library. The library will also be helpful in setting up arbitrary cookie values and sending it in the http requests which can prove to be quite useful in running scripts on sites which authenticates through cookies.

Features

  • Parses the cookie attributes correctly.
  • Support cookie passing in subsequent http calls.
  • Implements cookie properly in http spider library.
  • Adds new cookies received in http calls to the already existing cookie jar.
  • Allows us to set arbitrary cookie values.
  • Help us set session cookies in existing web crawling scripts.

Options/Settings

Supported options

  • httpcookies.cookiejar : An argumnent to pass cookies in the cookie jar
  • httpcookies.override_cookie : Ignore the existing cookies stored.

Design

Algorithm

All the cookie handling in the library is being done according to RFC 6265 (HTTP State Management Mechanism)


Function list

  • function get(host, port, path, options)
--This function calls the http.get. It then parses the 
--cookies and merges them with the previously stored cookies.
--Several options can alter the behavior of the cookies library.
--@param host Host table
--@param port Port table
--@param path Path
--@param options Options table containing various options.
  • function post(host, port, path, options)
--This function calls the http.post. It then parses the 
--cookies and merges them with the previously stored cookies.
--Several options can alter the behavior of the cookies library.
--@param host Host table
--@param port Port table
--@param path Path
--@param options Options table containing various options.
  • function validate_attributes(cookies)
--This function will validate all the attributes that were initially passed 
--in the cookie jar
--@param cookie Cookie jar passed initially to the library.
  • function loadAttributes()
--This function will load all the arguments in the library first from the arguments provided in the 
--script, then from the library and then the default library arguments
  • function merge_cookie_table(host, path, options_cookies, response_cookies)
--This function takes the cookies we have earlier stored and then 
--appends it with the new cookies received according to cookie RFC.
--@param host Host Table
--@param path Path
--@param options_cookies The cookies previously stored.
--@param response_cookies Cookies received in the http get request
  • function add_cookie(cookie_table)
--This function servers as an easy method to add cookies to the existing cookie jar.
--We can use this function to add arbitary cookie attributes with ease from our scripts
--@param cookie_table A cookie table to be added to existing cookies. 
  • function update_cookie(cookie_table)
--This function can be used to update a cookie with a different value.
--@param cookie_table A cookie table where cookie_table.name matches the name of the cookie the 
--value of which has to be updated. 
  • function delete_cookie(cookie_name)
--This function can be used to delete a particular cookie from the cookie jar.
--@param cookie_name A cookie name which has to be deleted from the cookie jar. 
  • function get_cookie(cookie_name)
--This function can be used to get the value of the cookie 
--@param cookie_name A cookie table for which the value will be returned. 

Usage

httpspider.lua: The library will serve most useful to spider web pages which checks for cookies for authentication.

http.lua: We also would like to add cookie support in redirect requests in the http library. We can have an opt in option in http library to support this.

Existing Scripts: We can also use the library in existing scripts for setting up arbitrary cookie values.

$nmap --script http-xss-scanner --script-args httpcookies.cookiejar={<table of cookies>}

Scripts

http_cookie_alert:

The objective of the script is to allow users to quickly check if web applications return any interesting cookie names/values.For example, if the pattern admin=%d is found, we can notify the user as the website is likely depending on that value to display content.
(The script will be worked upon once I finish implementing the library)