Land #4655, @wchen-r7's custom 404 for BrowserExploitServer
commit
5475cf50aa
|
@ -11,6 +11,9 @@ require 'msf/core/exploit/jsobfu'
|
||||||
#
|
#
|
||||||
# The BrowserExploitServer mixin provides methods to do common tasks seen in modern browser
|
# The BrowserExploitServer mixin provides methods to do common tasks seen in modern browser
|
||||||
# exploitation, and is designed to work against common setups such as on Windows, OSX, and Linux.
|
# exploitation, and is designed to work against common setups such as on Windows, OSX, and Linux.
|
||||||
|
# Wiki documentations about this mixin can be found here:
|
||||||
|
# https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer
|
||||||
|
# https://github.com/rapid7/metasploit-framework/wiki/Information-About-Unmet-Browser-Exploit-Requirements
|
||||||
#
|
#
|
||||||
###
|
###
|
||||||
|
|
||||||
|
@ -87,10 +90,28 @@ module Msf
|
||||||
|
|
||||||
register_advanced_options([
|
register_advanced_options([
|
||||||
OptString.new('CookieName', [false, "The name of the tracking cookie", DEFAULT_COOKIE_NAME]),
|
OptString.new('CookieName', [false, "The name of the tracking cookie", DEFAULT_COOKIE_NAME]),
|
||||||
OptString.new('CookieExpiration', [false, "Cookie expiration in years (blank=expire on exit)"])
|
OptString.new('CookieExpiration', [false, "Cookie expiration in years (blank=expire on exit)"]),
|
||||||
|
OptString.new('Custom404', [false, "An external custom 404 URL (Example: http://example.com/404.html)"])
|
||||||
], Exploit::Remote::BrowserExploitServer)
|
], Exploit::Remote::BrowserExploitServer)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def setup
|
||||||
|
custom_404 = get_custom_404_url
|
||||||
|
if !custom_404.blank? && custom_404 !~ /^http/i
|
||||||
|
raise Msf::OptionValidateError.new(['Custom404 (must begin with http or https)'])
|
||||||
|
end
|
||||||
|
super
|
||||||
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Returns the custom 404 URL set by the user
|
||||||
|
#
|
||||||
|
# @return [String]
|
||||||
|
#
|
||||||
|
def get_custom_404_url
|
||||||
|
datastore['Custom404'].to_s
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Allows a block of code to access BES resources in a thread-safe fashion
|
# Allows a block of code to access BES resources in a thread-safe fashion
|
||||||
#
|
#
|
||||||
|
@ -514,6 +535,7 @@ module Msf
|
||||||
end
|
end
|
||||||
|
|
||||||
else
|
else
|
||||||
|
print_error("Target has requested an unknown path: #{request.uri}")
|
||||||
send_not_found(cli)
|
send_not_found(cli)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -578,5 +600,19 @@ module Msf
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
#
|
||||||
|
# Sends a 404 respons. If a custom 404 is configured, then it will redirect to that instead.
|
||||||
|
#
|
||||||
|
def send_not_found(cli)
|
||||||
|
custom_404_url = get_custom_404_url
|
||||||
|
if custom_404_url.blank?
|
||||||
|
super(cli)
|
||||||
|
else
|
||||||
|
send_redirect(cli, custom_404_url)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue