def do_set(argv):
"""view and edit configuration settings
SYNOPSIS:
set [<VAR> [+] ["<VALUE>"]]
DESCRIPTION:
Settings are a collection of editable variables that affect
phpsploit's core behavior.
- Their value is bound to current session.
- To permanently change a setting's value at start, it
must be defined by hand on phpsploit config file.
> set
- Display current settings
> set <STRING>
- Display settings whose name starts with STRING
> set <VAR> <VALUE>
- Assign VALUE to VAR setting (only if it's a valid value)
> set <VAR> %%DEFAULT%%
- Reset VAR's default value with '%%DEFAULT%%' magic string
> set <VAR> "file:///path/to/file"
- Bind VAR's value to a local file content
> set <VAR> +
- Open VAR's value in text editor. This is useful to edit
values with multiple lines
> set <VAR> + <LINE>
- Add LINE to the end of VAR's value
> set <VAR> + "file:///path/to/file"
- Re-bind VAR to a local file path.
Even if path doesn't exist, the setting will take the value of
the file if it founds it. Otherwise, previous buffer value is
kept as long as the file path is unreachable
Defining HTTP Headers:
You can define custom http request header fields by hand.
Settings starting with 'HTTP_' are automagically treated as
HTTP Request Headers values.
By default, only the "User-Agent" Header is defined. It is bound
by default to a local file containing common HTTP User Agents.
(`help set HTTP_USER_AGENT`)
* Examples:
> set HTTP_ACCEPT_LANGUAGE "en-CA"
- Define "Accept-Language" http request header field.
> set HTTP_ACCEPT_LANGUAGE None
- Remove HTTP_ACCEPT_LANGUAGE header with magic value 'None'.
"""
# `set [<PATTERN>]` display concerned settings list
if len(argv) < 3:
print(session.Conf((argv+[""])[1]))
# buffer edit mode
elif argv[2] == "+":
# `set <VAR> +`: use $EDITOR as buffer viewer in file mode
if len(argv) == 3:
# get a buffer obj from setting's raw buffer value
file_name = argv[1].upper()
file_ext = "txt"
setting_obj = session.Conf[argv[1]](call=False)
if isinstance(setting_obj, datatypes.PhpCode):
file_ext = "php"
elif isinstance(setting_obj, datatypes.ShellCmd):
file_ext = "sh"
buffer = Path(filename="%s.%s" % (file_name, file_ext))
buffer.write(session.Conf[argv[1]].buffer)
# try to edit it through $EDITOR, and update it
# if it has been modified.
if buffer.edit():
session.Conf[argv[1]] = buffer.read()
# `set <VAR> + "value"`: add value on setting possible choices
else:
session.Conf[argv[1]] += " ".join(argv[3:])
# `set <VAR> "value"`: just change VAR's "value"
else:
session.Conf[argv[1]] = " ".join(argv[2:])
def do_set(self, argv):
"""View and edit settings
SYNOPSIS:
set [<NAME> [+] ["<VALUE>"]]
DESCRIPTION:
phpsploit configuration settings manager.
The settings are a collection of core variables that affect
the framework's core behavior. Any setting takes a default
value, that can be manually modified.
> set
- Display all current settings
> set <STRING>
- Display all settings whose name starts with STRING.
> set <NAME> "value"
- Change the NAME setting to "value". If the value is not valid,
no changes are made.
> set <NAME> "file:///path/to/file"
- Set NAME setting's value into a RandLine buffer whose value
binds to the external file "/path/to/file". It means that the
setting's effective value is dynamic, and on each call to it,
the file's content will be loaded if available, and the
value is a random line from the file/buffer.
> set <NAME> +
- Open the setting value for edition as a multiline buffer
with EDITOR. The buffer can then be edited, and once saved,
the setting will take the buffer's value, except if there are
no valid lines.
> set <NAME> + "value"
- Add "value" as a setting possible choice. It converts the
current setting into a RandLine buffer if it was not already.
> set <NAME> + "file:///path/to/file"
- Rebind NAME setting to the given file path, even if it does
not exist at the moment it had been set. It means that each
time the setting's value is called, a try is made to load the
file's content as new buffer if it exists/is valid, and
keeps the old one otherwise.
BEHAVIOR
- Settings are pre declared at start. It means that new ones
cannot be declared.
- The convention above does not apply for settings whose name
starts with "HTTP_", because this kind of variable are
automatically used as custom headers on http requests. For
example, `set HTTP_ACCEPT_LANGUAGE "en-CA"` will set the
"Accept-Language" http header to the specified value.
Of course, this applies to any future HTTP request.
- The default value of a setting can be restored by setting
its value to the magic string "%%DEFAULT%%", e.g:
> set REQ_MAX_HEADERS %%DEFAULT%%
NOTE: The 'set' operating scope is limited to the current
phpsploit session. It means that persistant settings value
changes must be defined by hand in the user
configuration file.
"""
# `set [<PATTERN>]` display concerned settings list
if len(argv) < 3:
print(session.Conf((argv + [""])[1]))
# buffer edit mode
elif argv[2] == "+":
# `set <VAR> +`: use $EDITOR as buffer viewer in file mode
if len(argv) == 3:
# get a buffer obj from setting's raw buffer value
file_name = argv[1].upper()
file_ext = "txt"
setting_obj = session.Conf[argv[1]](call=False)
if isinstance(setting_obj, datatypes.PhpCode):
file_ext = "php"
elif isinstance(setting_obj, datatypes.ShellCmd):
file_ext = "sh"
buffer = Path(filename="%s.%s" % (file_name, file_ext))
buffer.write(session.Conf[argv[1]].buffer)
# try to edit it through $EDITOR, and update it
# if it has been modified.
if buffer.edit():
session.Conf[argv[1]] = buffer.read()
# `set <VAR> + "value"`: add value on setting possible choices
else:
session.Conf[argv[1]] += " ".join(argv[3:])
# `set <VAR> "value"`: just change VAR's "value"
else:
session.Conf[argv[1]] = argv[2]
def do_info(argv):
"""Show configuration settings."""
string = (argv + [""])[1]
print(session.Conf(string))
