HTTP Handler Bind to 0.0.0.0 or ReverseListenerBindAddress

This commit returns the HTTP/S handler to its former semantic glory. By default the HTTP/S handler will bind to :: or 0.0.0.0. If the user specifies a ReverseListenerBindAddress then, instead, the server will bind to that address. The previous commit to change the URL to always reference LHOST should go with this too. LHOST is always my intent of where the stage should call home too. ReverseListenerBindAddress would make sense as my intent as to where I want to bind to. The two options shouldn't take on each other's meanings.
2014-01-04 15:50:06 -05:00 · 2014-01-04 15:50:06 -05:00 · 6f55579acd
parent f93210ca74
commit 6f55579acd
1 changed files with 8 additions and 3 deletions
--- a/lib/msf/core/handler/reverse_http.rb
+++ b/lib/msf/core/handler/reverse_http.rb
@ -83,7 +83,6 @@ module ReverseHttp
  # addresses.
  #
  def full_uri
-    addrs = bind_address
    local_port = bind_port
    scheme = (ssl?) ? "https" : "http"
    "#{scheme}://#{datastore['LHOST']}:#{local_port}/"
@ -175,12 +174,18 @@ module ReverseHttp
    end

    local_port = bind_port
-    addrs = bind_address
+
+    # Determine where to bind the HTTP(S) server to
+    bindaddrs = ipv6 ? '::' : '0.0.0.0'
+
+    if not datastore['ReverseListenerBindAddress'].to_s.empty?
+      bindaddrs = datastore['ReverseListenerBindAddress']
+    end

    # Start the HTTPS server service on this host/port
    self.service = Rex::ServiceManager.start(Rex::Proto::Http::Server,
      local_port,
-      addrs[0],
+      bindaddrs,
      ssl?,
      {
        'Msf'        => framework,