Now can correctly handle complex token-based CSRF protections by grabbing all
fields from the login form and using session cookies from the form request.
These cookies are sent with subsequent redirect-following requests for better
failure detection. On success, cookies are cleared and re-acquired.
A database of known web apps' login forms is used for form detection, helpful
for those whose username and password fields do not begin with "user" and
"pass". Form mangling (to remove cookie checks in one instance) and custom
onsuccess functions are also supported. Tested: django, wordpress, mediawiki.
This *may* be a replacement (upon suitable testing) for http-wordpress-brute and
http-joomla-brute.
1. getattr now decodes html entities in attributes (useful for & in href
attributes, for instance)
2. Cookie validation allows max-age, httponly, and secure attributes
3. Use table concatenation instead of repeated string concatenation to build
cookie string.
1. When the hostname script-arg was used, the script would try to
*connect* to that host instead of the target. Now the argument is used
*only* for the Host: header.
2. The http options table is reused for each request, significantly
reducing the load on the garbage collector over many requests.
3. Do not use both creds.Credentials:new() and creds.Account:new(),
since this results in double-reporting found credentials.
When this case was added in r29097, the #ifndef was mistaken for #ifdef.
The error, which was only discovered on Windows, was therefore not
handled only on Windows systems. This commit makes the check
unconditional. http://seclists.org/nmap-dev/2015/q4/217
The value for the mode parameter passed to Helper.new was always
overridden by either the stun.mode script-arg or "modern". Now, the
script-supplied option is used, falling back to the script-arg or
modern if neither is present. Also documented the script-arg.
See http://seclists.org/nmap-dev/2012/q4/334 for why this wasn't really
a big problem. This solution is essentially how netcat-openbsd does it:
mkstemp creates the file and opens it, but then we just unlink it and
only use the returned name. Functionality is pretty much the same as the
tempnam version.
