Update form_post vars, add Expires to cookie.

data/js/network/form_post.js

@@ -1,23 +1,25 @@
 function postForm(path, data) {
+  window.form_id = window.form_id || 0;
+
   var _set = function(obj, attr, val) {
     if (obj.setAttribute) { obj.setAttribute(attr, val); }
     else { obj[attr] = val; }
   }
 
-  var form = document.createElement('form');
-  _set(form, 'method', 'POST');
-  _set(form, 'action', path);
+  var formEl = document.createElement('form');
+  _set(formEl, 'method', 'POST');
+  _set(formEl, 'action', path);
 
-  var input;
+  var elem;
   for (var idx in data) {
-    input = document.createElement('input')
-    _set(input, 'type', 'hidden');
-    _set(input, 'name', idx);
-    _set(input, 'value', data[idx]);
-    form.appendChild(input);
+    elem = document.createElement('input')
+    _set(elem, 'type', 'hidden');
+    _set(elem, 'name', idx);
+    _set(elem, 'value', data[idx]);
+    formEl.appendChild(elem);
   }
 
-  form.style.display = 'none';
-  document.body.appendChild(form);
-  form.submit();
+  formEl.style.display = 'none';
+  document.body.appendChild(formEl);
+  formEl.submit();
 }

lib/msf/core/exploit/remote/browser_exploit_server.rb

@@ -2,6 +2,7 @@
 
 require 'erb'
 require 'cgi'
+require 'date'
 require 'rex/exploitation/js'
 
 ###
@@ -403,6 +404,11 @@ module Msf
       datastore['CookieName'] || DEFAULT_COOKIE_NAME
     end
 
+    def cookie_header(tag)
+      expires = (DateTime.now + 365*20).to_time.strftime("%a, %d %b %Y 12:00:00 GMT;")
+      "#{cookie_name}=#{tag}; Expires=#{expires};"
+    end
+
     #
     # Handles exploit stages.
     #
@@ -422,11 +428,12 @@ module Msf
 
         print_status("Gathering target information.")
         tag = Rex::Text.rand_text_alpha(rand(20) + 5)
-        ua = request.headers['User-Agent']
+        ua = request.headers['User-Agent'] || ''
         init_profile(tag)
-        html = get_detection_html(ua) || ''
-        send_response(cli, html, {'Set-Cookie' => "#{cookie_name}=#{tag}"})
+        print_status("Sending response HTML.")
+        html = get_detection_html(ua)
 
+        send_response(cli, html, {'Set-Cookie' => cookie_header(tag)})
       when /#{@info_receiver_page}/
         #
         # The detection code will hit this if Javascript is enabled
@@ -447,13 +454,14 @@ module Msf
         # This sends the actual exploit. A module should define its own
         # on_request_exploit() to get the target information
         #
-        tag = retrieve_tag(request)
+        tag = retrieve_tag(cli, request)
         profile = get_profile(tag)
         if profile[:tried] and datastore['Retries'] == false
           print_status("Target with tag \"#{tag}\" wants to retry the module, not allowed.")
           send_not_found(cli)
         else
           update_profile(profile, :tried, true)
+          print_status("Setting target \"#{tag}\" to :tried.")
           try_set_target(profile)
           bad_reqs = get_bad_requirements(profile)
           if bad_reqs.empty?

lib/rex/exploitation/js/network.rb

@@ -66,7 +66,7 @@ class Network
       js = ::Rex::Exploitation::ObfuscateJS.new(js,
         {
           'Symbols' => {
-            'Variables' => %w{ _set input form path data obj attr val idx }
+            'Variables' => %w{ elem path data obj attr val idx formEl form_id }
           }
         }).obfuscate
     end