Skip to content

Assists Modules

Jump to bottom Edit New page
cktricky edited this page Feb 4, 2011 · 20 revisions

Assits Overiew

Assists are nothing more than an API which simplifies calls to wXf application extensions (wAx) libraries. When creating a module, a developer will include the assists as required and call the methods exposed within the assist.

Besides simplifying some tasks or providing a connection between the module and wAx libraries, the assists modules provide default options which can be called from the exploit, payload, auxiliary modules.

MechReq Assists

To include this assists module in your module use the following line of code:

include WXf::WXfcore::MechReq

Default Options

RURL   (Remote URL)
PROXYA (Proxy Address)
PROXYP (Proxy Port)

These options can be used in the module by calling them directly (lowercase). For instance,

res = mech_req({
  'method' => 'GET',
  'RURL'   => rurl
})

You will notice in the above example, we've passed RURL's value to the mech_req method by calling it directly (rurl). This is to make the process of setting options more efficient and cut down on duplicate efforts of module developers.

METHODS

Currently, the only method exposed to developers thru the MechReq assists module is mech_req. mech_req is called by passing options in a hash pattern. It is important to note that for portability purposes send_request_cgi is the same as mech_req and the two methods are interchangeable. The following is an example of using mech_req:

mech_req({
'method' => 'GET',    
'RURL'   => rurl,
'PROXYA' => proxya,
'PROXYP' => proxyp
})

The following is a list of options that can be passed to mech_req:

Name                     Description
----                     -----------
RURL                     REMOTE URL (TARGET)
PROXYA                   PROXY ADDRESS
PROXYP                   PROXY PORT
DEBUG                    true/false, prevents mechanize from following redirection responses (302) 
UA                       User-Agent                       
BASIC_AUTH_USER          Basic Authorization Username
BASIC_AUTH_PASS          Basic Authorization Password
method                   HTTP Methods, (GET, POST, PUT, HEAD, DELETE)
RFILE                    When using the PUT method, this will specify the name of the file to 'put'
RFILECONTENT             When using the PUT method, specifies the content within the RFILE to 'put'
CAFILE                   If a local, client certificate is required, this option can be passed
KEEP-ALIVE               When it becomes necessary to adjust the HTTP keep-alive timeout value, use this
RPARAMS                  RPARAMS can be used with the methods head, delete, get and post. This would represent, for   
                         example: foo1=bar1&foo2=bar2
HEADERS                  These are HTTP headers
REDIRECT                 When NOT specified, the mech_req will follow any 302 redirects. When set to FALSE, it won't.

It is important to note that mech_req returns a Mechanize.get, put, post, delete or head object. If a developer was writing a script that called mechanize it might look something like this

require 'mechanize'

agent = Mechanize.new
agent.get('http://www.example.com')

then the mech_req or send_request_cgi is returning the agent.get object.

Add a custom footer
Add a custom sidebar
Clone this wiki locally