Adds a --cookie option. Ref #485

2014-05-22 17:34:09 +02:00
parent e050539747
commit af0319cc66
4 changed files with 17 additions and 3 deletions
--- a/lib/common/browser.rb
+++ b/lib/common/browser.rb
@@ -16,14 +16,15 @@ class Browser
    :proxy,
    :proxy_auth,
    :request_timeout,
-    :connect_timeout
+    :connect_timeout,
+    :cookie
  ]

  @@instance = nil

  attr_reader :hydra, :cache_dir

-  attr_accessor :referer
+  attr_accessor :referer, :cookie

  # @param [ Hash ] options
  #
@@ -153,6 +154,7 @@ class Browser

    params.merge!(cookiejar: @cache_dir + '/cookie-jar')
    params.merge!(cookiefile: @cache_dir + '/cookie-jar')
+    params.merge!(cookie: @cookie) if @cookie

    params
  end
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -84,6 +84,7 @@ def help
  puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
  puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
  puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
+  puts '--cookie <String>                   String to read cookies from.'
  puts '--random-agent | -r                 Use a random User-Agent.'
  puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
  puts '--batch                             Never ask for user input, use the default behaviour.'
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -29,6 +29,7 @@ class WpscanOptions
    :wp_plugins_dir,
    :help,
    :config_file,
+    :cookie,
    :exclude_content_based,
    :basic_auth,
    :debug_output,
@@ -259,7 +260,8 @@ class WpscanOptions
      ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
      ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
      ['--batch', GetoptLong::NO_ARGUMENT],
-      ['--no-color', GetoptLong::NO_ARGUMENT]
+      ['--no-color', GetoptLong::NO_ARGUMENT],
+      ['--cookie', GetoptLong::REQUIRED_ARGUMENT]
    )
  end

--- a/spec/lib/common/browser_spec.rb
+++ b/spec/lib/common/browser_spec.rb
@@ -190,6 +190,15 @@ describe Browser do
        @expected = default_expectation.merge(params)
      end
    end
+
+    context 'when @cookie' do
+      let(:cookie) { 'foor=bar;bar=foo' }
+      before       { browser.cookie = cookie }
+
+      it 'sets the cookie' do
+        @expected = default_expectation.merge(cookie: cookie)
+      end
+    end
  end

  describe '#forge_request' do