Fix #404 - Brute forcing issue over https

2014-02-05 21:52:55 +01:00
parent f33cbcaa53
commit 9c3947a7b1
3 changed files with 48 additions and 8 deletions
--- a/lib/common/models/wp_user.rb
+++ b/lib/common/models/wp_user.rb
@@ -23,7 +23,32 @@ class WpUser < WpItem

  # @return [ String ]
  def login_url
-    @uri.merge('wp-login.php').to_s
+    unless @login_url
+      @login_url = @uri.merge('wp-login.php').to_s
+
+      # Let's check if the login url is redirected (to https url for example)
+      if redirection = redirection(@login_url)
+        @login_url = redirection
+      end
+    end
+
+    @login_url
+  end
+
+  def redirection(url)
+    redirection = nil
+    response = Browser.get(url)
+
+    if response.code == 301 || response.code == 302
+      redirection = response.headers_hash['location']
+
+      # Let's check if there is a redirection in the redirection
+      if other_redirection = redirection(redirection)
+        redirection = other_redirection
+      end
+    end
+
+    redirection
  end

  # @return [ String ]
--- a/spec/lib/common/models/wp_user_spec.rb
+++ b/spec/lib/common/models/wp_user_spec.rb
@@ -34,10 +34,6 @@ describe WpUser do
    end
  end

-  describe '#login_url' do
-    its(:login_url) { should == 'http://example.com/wp-login.php' }
-  end
-
  describe '#to_s' do
    after do
      subject.id = 1
--- a/spec/shared_examples/wp_user/brute_forcable.rb
+++ b/spec/shared_examples/wp_user/brute_forcable.rb
@@ -66,7 +66,8 @@ shared_examples 'WpUser::BruteForcable' do
  end

  describe '#brute_force' do
-    let(:login) { 'someuser' }
+    let(:login)     { 'someuser' }
+    let(:login_url) { uri.merge('wp-login.php').to_s }

    after do
      [wordlist_utf8, wordlist_iso].each do |wordlist|
@@ -78,6 +79,7 @@ shared_examples 'WpUser::BruteForcable' do

    context 'when no password is valid' do
      before do
+        stub_request(:get, login_url).to_return(status: 200)
        stub_request(:post, wp_user.login_url).
          # with(body: { log: login }). # produces an error : undefined method `split' for {:log=>"someuser", :pwd=>"password1"}:Hash
          # Fixed in WebMock 1.17.2, TODO: Modify the specs
@@ -93,7 +95,8 @@ shared_examples 'WpUser::BruteForcable' do
      let(:redirect_url) { nil }

      before do
-        stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => 'wrong-location' } )
+        stub_request(:get, login_url).to_return(status: 200)
+        stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => 'wrong-location' })
      end

      it 'does not set the @password' do
@@ -108,13 +111,29 @@ shared_examples 'WpUser::BruteForcable' do
      # Fixed in WebMock 1.17.2, TODO: Modify the specs

      before do
-        stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => redirect_url } )
+        stub_request(:get, login_url).to_return(status: 200)
+        stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => redirect_url })
      end

      it 'sets the @password' do
        @expected = 'password1'
      end
    end
+
+    context 'when the login url is redirected to https' do
+      let(:https_login_url) { 'https://example.com/wp-login.php' }
+
+      before do
+        stub_request(:any, uri.merge('wp-login.php').to_s).to_return(status: 302, headers: { 'Location' => https_login_url})
+        stub_request(:get, https_login_url).to_return(status: 200)
+        stub_request(:post, https_login_url).with(body: hash_including({ log: 'someuser', pwd: 'root'})).to_return(status: 302, headers: { 'Location' => redirect_url })
+        stub_request(:post, https_login_url).with(body: /pwd=(?!root)/).to_return(body: 'login_error')
+      end
+
+      it 'does not raise any error' do
+        @expected = 'root'
+      end
+    end
  end

 end