Start with a random username to test 401 codes

SeeRM #7991

While this fixes the specific case of tomcat_mgr_login, it doesn't
address the general case where modules are attempting to test code 401
responses in order to determine if bruteforcing should continue.
unstable
Tod Beardsley 2013-05-29 12:35:57 -05:00
parent f0e3b0c124
commit 10d8bebe73
1 changed files with 2 additions and 1 deletions

View File

@ -75,7 +75,8 @@ class Metasploit3 < Msf::Auxiliary
uri = normalize_uri(datastore['URI'])
res = send_request_cgi({
'uri' => uri,
'method' => 'GET'
'method' => 'GET',
'username' => Rex::Text.rand_text_alpha(8)
}, 25)
http_fingerprint({ :response => res })
rescue ::Rex::ConnectionError => e