metasploit-framework/modules/auxiliary/scanner/http/trace.rb

59 lines
1.6 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
2013-08-30 21:28:54 +00:00
# Exploit mixins should be called first
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WmapScanServer
# Scanner mixin should be near last
include Msf::Auxiliary::Scanner
2013-08-30 21:28:54 +00:00
def initialize
super(
2015-09-02 17:26:45 +00:00
'Name' => 'HTTP Cross-Site Tracing Detection',
'Description' => 'Checks if the host is vulnerable to Cross-Site Tracing (XST)',
'Author' =>
[
'Jay Turla <@shipcod3>' , #Cross-Site Tracing (XST) Checker
'CG' #HTTP TRACE Detection
],
2013-08-30 21:28:54 +00:00
'License' => MSF_LICENSE
)
end
2013-08-30 21:28:54 +00:00
def run_host(target_host)
2013-08-30 21:28:54 +00:00
begin
res = send_request_raw({
'uri' => '/<script>alert(1337)</script>', #XST Payload
2013-08-30 21:28:54 +00:00
'method' => 'TRACE',
})
2015-09-02 17:48:53 +00:00
unless res
vprint_error("#{rhost}:#{rport} did not reply to our request")
return
end
if res.body.to_s.index('/<script>alert(1337)</script>')
print_good("#{rhost}:#{rport} is vulnerable to Cross-Site Tracing")
report_vuln(
2015-09-02 17:48:53 +00:00
:host => rhost,
2013-08-30 21:28:54 +00:00
:port => rport,
2015-09-02 17:48:53 +00:00
:proto => 'tcp',
2013-08-30 21:28:54 +00:00
:sname => (ssl ? 'https' : 'http'),
2015-09-02 17:48:53 +00:00
:info => "Vulnerable to Cross-Site Tracing",
2013-08-30 21:28:54 +00:00
)
else
2015-09-02 17:48:53 +00:00
vprint_error("#{rhost}:#{rport} returned #{res.code} #{res.message}")
2013-08-30 21:28:54 +00:00
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end