/*
 * webi.c - HTTP Request Packet Injection
 * (c) 2002 Condor <condor@stz-bg.com>
 * version 4.0 (24.01.2002)
 * This is the last stable version of webi, may be no more update.
 * For any other idas and question email me.
 *
 * Licensed by GNU
 * 
 * Idas has getting from silk.c written by obecian <obecian@packetninja.net>
 * If you use -d (data) method POST and other method use -d 'test=hop&bla=ddd' 
 * if method is different you can use uri to put data with out -d
 * like this -u /cgi-bin/script.cgi?test=blabla
 * !WARNING! If in you data contains symbol -> &, you must use ''
 * eg. -d 'test=blabla&count=0'
 * Sorry of my BAD english :(
 *
 * Support only for BASIC http authorization.
 *
 * This is a little programme written in C, with which you can generate small
 * http header and use all the apache methods.
 * It was tested on OpenBSD 3.0 only
 */

#define TITLE "webi.c - HTTP Request Packet Injection"
#define CODER "(c) 2002 Condor (condor@stz-bg.com)"
#define MAXA	129

#include <stdio.h>
#include <strings.h>
#include <stdlib.h>
#include <ctype.h>
#include <netdb.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <limits.h>

#if INT_MAX > 2147483647
#error need to increase size of buffer
#endif

void
usage(char *arg)
{
    printf("%s usage:\n"
           "  -s <target web server> (eg. 127.0.0.1, localhost)\n"
           "  -u <URI> (eg. /cgi-bin/script.cgi)\n"
           " [-p port (default: 80)]\n"
           " [-m method {GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE}]\n"
           " [-h virtual host]\n"
           " [-r referer]\n"
           " [-v version]\n"
           " [-a user agent]\n"
	   " Support only for BASIC HTTP Auhorization\n"
	   " [-z username and password (eg. username:password)]\n"
	   " [-o add content type x-www-form-urlencoded]\n"
	   " [-t use proxy (eg. proxy:port)]\n"
	   " [-d data]\n\n", arg);
    exit(-1);
}

/* Here are function itoa to convert int to char strings
 * this function are missing in some UNIX like OS (OpenBSD 3.0) */ 
static char buf[12];

char *itoa(int i)
{
        char *pos = buf + sizeof(buf) - 1;
        unsigned int u;
        int negative = 0;

        if (i < 0) {
                negative = 1;
                u = ((unsigned int)(-(1+i))) + 1;
        } else {
                u = i;
        }

        *pos = 0;

        do {
                *--pos = '0' + (u % 10);
                u /= 10;
        } while (u);

        if (negative) {
                *--pos = '-';
        }

        return pos;
}
static char table64[]=
  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

void base64Encode(char *intext, char *output)
{
  unsigned char ibuf[3];
  unsigned char obuf[4];
  int i;
  int inputparts;

  while(*intext) {
    for (i = inputparts = 0; i < 3; i++) { 
      if(*intext) {
        inputparts++;
        ibuf[i] = *intext;
        intext++;
      }
      else
        ibuf[i] = 0;
    }
                       
    obuf [0] = (ibuf [0] & 0xFC) >> 2;
    obuf [1] = ((ibuf [0] & 0x03) << 4) | ((ibuf [1] & 0xF0) >> 4);
    obuf [2] = ((ibuf [1] & 0x0F) << 2) | ((ibuf [2] & 0xC0) >> 6);
    obuf [3] = ibuf [2] & 0x3F;

    switch(inputparts) {
    case 1: /* only one byte read */
      sprintf(output, "%c%c==", 
              table64[obuf[0]],
              table64[obuf[1]]);
      break;
    case 2: /* two bytes read */
      sprintf(output, "%c%c%c=", 
              table64[obuf[0]],
              table64[obuf[1]],
              table64[obuf[2]]);
      break;
    default:
      sprintf(output, "%c%c%c%c", 
              table64[obuf[0]],
              table64[obuf[1]],
              table64[obuf[2]],
              table64[obuf[3]] );
      break;
    }
    output += 4;
  }
  *output=0;
}
/* ---- End of Base64 Encoding ---- */

int
main(int argc, char **argv)
{
	int opt, i, sock;
	extern char *optarg;
	extern int opterr;
	struct sockaddr_in sin;
	struct hostent *he;
	char buffer[1024];
	int port = 80; 
	size_t len, dlen = 0;
	char *number = "ico";
	char *method = "GET"; /* Default method */
	char header[2048];
	char *server = "www.stz-bg.com";
	char *vhost = "www.stz-bg.com";
	char *referer = "http://402586256/";
	char *agent = "Mozilla/4.79 [en] (X11; U; OpenBSD 3.0 i386)";
	char *version = "HTTP/1.0";
	char *proxy = NULL;
	char encpa[256];
	char tproxy[128];
	int prport = 3128;
	char *uri = "/";
	char *dob, *user;
	char *dod[MAXA];
	char *all = "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en, bg\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n";
	char *data = "test";
	char *enca = "rr";
	char *enc = "Content-type: application/x-www-form-urlencoded\r\nContent-length: ";

	putchar('\n'); 
	puts(TITLE); 
	puts(CODER); 
	putchar('\n');
	user = "test";
	if (argc < 2)
		usage(argv[0]);
	opterr = 0;
	while ((opt = getopt(argc, argv, "h:u:v:r:s:p:a:m:z:ot:d:")) != EOF) {
		switch (opt) {
			case 's': server = optarg; break;
			case 'p': port = atoi(optarg); break;
			case 'm': method = optarg; break;
			case 'h': vhost = optarg; break;
			case 'r': referer = optarg; break;
			case 'a': agent = optarg; break;
			case 'v': version = optarg; break;
			case 'u': uri = optarg; break;
			case 'z': user = optarg; break; 
			case 'o': enca = "test"; break;
			case 't': proxy = optarg; break;
			case 'd': data = optarg; break;
			case '?': usage(argv[0]); break;
			defaults : usage(argv[0]);
		}
	}
/* Generating header data */
	len = strlen(method);
	strncpy(header, method, len);
	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
		perror("socket"); 
		exit(-1);
	}
	if (proxy != NULL) {
		snprintf(tproxy, sizeof(tproxy), proxy);
		for ((dob = strtok(tproxy, ":")); dob;
			(dob = strtok(NULL, " ")), dlen++) {
				if (dlen < MAXA - 1) 
					dod[dlen] = dob;
				}
			dod[dlen] = NULL;
		proxy = dod[0];
		dob = dod[1];
		port = atoi(dob);
		if ((he = gethostbyname(proxy)) == NULL) {
			herror("gethostbyname");
			exit(-1);
		}
		strncat(header, " http://", 8);
		len = strlen(server);
		strncat(header, server, len);
		len = strlen(uri);
		strncat(header, uri, len);
	} else {
		he = gethostbyname(server);
		if (he == NULL) {
			herror("gethostbyname");
			exit(-1);
		}
		len = strlen(uri);
		strncat(header, " ", 1);
		strncat(header, uri, len);
	}
	len = strlen(version);
	strncat(header, " ", 1);
	strncat(header, version, len);
	strncat(header, "\r\nReferer: ", 13);
	len = strlen(referer);
	strncat(header, referer, len);
	strncat(header, "\r\nUser-Agent: ", 16);
	len = strlen(agent);
	strncat(header, agent, len);
	if (user != "test") {
		base64Encode(user,encpa);
		strncat(header,"\r\nAuthorization: Basic ", 25);
		strncat(header,encpa,strlen(encpa));
	} 
	len = strlen(vhost);
	strncat(header, "\r\nHost: ", 10);
	strncat(header, vhost, len);
	strncat(header, "\r\n", 4);
	len = strlen(all);
	strncat(header, all, len);
	if (!strcmp (enca, "test")) {
		len = strlen(enc);
		strncat(header, enc, len);
		len = strlen(data);
		number = itoa(len);
		dlen = strlen(number);
		strncat(header, number, dlen);
		dlen = 0;
		for (dlen = 0; dlen < strlen(data); dlen++) {
			if ((data[dlen]) == ' ') {
				(data[dlen]) = '+';
			 }
		} 
	}
	strncat(header, "\r\n\r\n", 8);
/* End header data */
	sin.sin_family = AF_INET;
	sin.sin_port = htons(port);
	sin.sin_addr = *((struct in_addr *)he->h_addr);
	bzero(&(sin.sin_zero), 8);
	if (connect(sock, (struct sockaddr *)&sin, sizeof(struct sockaddr)) == -1) {
		perror("connect"); 
		exit(-1);
	}
	if (!strcmp (data, "test")) {
		snprintf(buffer, sizeof(buffer), "%s\n", header);
	} else {
		snprintf(buffer, sizeof(buffer), "%s%s\n", header, data);
	}

	if ((write(sock, buffer, sizeof(buffer))) < 0) { 
		perror("write"); 
		exit(-1); 
	}
	bzero(&buffer, sizeof(buffer));
	while((i=read(sock, buffer, sizeof(buffer))) != 0)
		write(1, buffer, i);
	close(sock); 
	putchar('\n'); 
	exit(0);
}