Add specs for new/returning/previous visitors.
parent
b458b8ad63
commit
894d16af80
|
@ -264,7 +264,7 @@ module Msf
|
|||
#
|
||||
# @param request [Rex::Proto::Http::Request] The HTTP request sent by the browser
|
||||
#
|
||||
def retrieve_tag(request)
|
||||
def retrieve_tag(cli, request)
|
||||
cookie = CGI::Cookie.parse(request.headers['Cookie'].to_s)
|
||||
tag = cookie.has_key?(cookie_name) && cookie[cookie_name].first
|
||||
|
||||
|
@ -289,7 +289,7 @@ module Msf
|
|||
# @param request [Rex::Proto::Http::Request] The HTTP request sent by the browser
|
||||
#
|
||||
def process_browser_info(source, cli, request)
|
||||
tag = retrieve_tag(request)
|
||||
tag = retrieve_tag(cli, request)
|
||||
target_info = get_profile(tag)
|
||||
init_profile(tag)
|
||||
|
||||
|
@ -415,7 +415,7 @@ module Msf
|
|||
#
|
||||
# This is the information gathering stage
|
||||
#
|
||||
if get_profile(retrieve_tag(request))
|
||||
if get_profile(retrieve_tag(cli, request))
|
||||
send_redirect(cli, "#{get_resource.chomp("/")}/#{@exploit_receiver_page}")
|
||||
return
|
||||
end
|
||||
|
@ -424,14 +424,14 @@ module Msf
|
|||
tag = Rex::Text.rand_text_alpha(rand(20) + 5)
|
||||
ua = request.headers['User-Agent']
|
||||
init_profile(tag)
|
||||
html = get_detection_html(ua)
|
||||
html = get_detection_html(ua) || ''
|
||||
send_response(cli, html, {'Set-Cookie' => "#{cookie_name}=#{tag}"})
|
||||
|
||||
when /#{@info_receiver_page}/
|
||||
#
|
||||
# The detection code will hit this if Javascript is enabled
|
||||
#
|
||||
process_browser_info(source=:script, cli, request)
|
||||
process_browser_info(:script, cli, request)
|
||||
send_redirect(cli, "#{get_resource.chomp("/")}/#{@exploit_receiver_page}")
|
||||
|
||||
when /#{@noscript_receiver_page}/
|
||||
|
@ -439,7 +439,7 @@ module Msf
|
|||
# The detection code will hit this instead of Javascript is disabled
|
||||
# Should only be triggered by the img src in <noscript>
|
||||
#
|
||||
process_browser_info(source=:headers, cli, request)
|
||||
process_browser_info(:headers, cli, request)
|
||||
send_not_found(cli)
|
||||
|
||||
when /#{@exploit_receiver_page}/
|
||||
|
|
|
@ -15,7 +15,6 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
service = double("service")
|
||||
service.stub(:server_name=)
|
||||
service.stub(:add_resource)
|
||||
|
||||
service
|
||||
end
|
||||
|
||||
|
@ -31,6 +30,10 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
|
||||
end
|
||||
|
||||
let(:exploit_page) do
|
||||
server.instance_variable_get(:@exploit_receiver_page)
|
||||
end
|
||||
|
||||
let(:expected_profile) do
|
||||
{
|
||||
:source=>"script",
|
||||
|
@ -57,9 +60,8 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
|
||||
describe ".get_module_resource" do
|
||||
it "should give me a URI to access the exploit page" do
|
||||
ivar_exploit_page = server.instance_variable_get(:@exploit_receiver_page)
|
||||
module_resource = server.get_module_resource
|
||||
module_resource.should match(ivar_exploit_page)
|
||||
module_resource.should match(exploit_page)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -221,4 +223,73 @@ describe Msf::Exploit::Remote::BrowserExploitServer do
|
|||
end
|
||||
end
|
||||
|
||||
describe '.on_request_uri' do
|
||||
let(:cli) { double(:peerhost => '0.0.0.0') }
|
||||
let(:cookie) { '' }
|
||||
let(:headers) { {'Cookie' => cookie, 'User-Agent' => ''} }
|
||||
let(:body) { '' }
|
||||
let(:cookie_name) { Msf::Exploit::Remote::BrowserExploitServer::DEFAULT_COOKIE_NAME }
|
||||
let(:request) do
|
||||
double(:body => body, :headers => headers, :uri => server.get_resource )
|
||||
end
|
||||
|
||||
before do
|
||||
server.stub(:send_redirect)
|
||||
server.stub(:send_response)
|
||||
server.stub(:send_not_found)
|
||||
end
|
||||
|
||||
context 'when a new visitor requests the exploit' do
|
||||
it 'calls send_response once' do
|
||||
server.should_receive(:send_response).once
|
||||
server.on_request_uri(cli, request)
|
||||
end
|
||||
|
||||
it 'serves the os.js detection script' do
|
||||
server.should_receive(:send_response) do |cli, html, headers|
|
||||
expect(html).to include('window.os_detect')
|
||||
end
|
||||
server.on_request_uri(cli, request)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a returning visitor requests the exploit' do
|
||||
let(:body) { '' }
|
||||
let(:tag) { 'joe' }
|
||||
let(:cookie) { "#{cookie_name}=#{tag}" }
|
||||
|
||||
before { server.init_profile(tag) }
|
||||
|
||||
it 'calls send_redirect once' do
|
||||
server.should_receive(:send_redirect).once
|
||||
server.on_request_uri(cli, request)
|
||||
end
|
||||
|
||||
it 'redirects to the exploit URL' do
|
||||
server.should_receive(:send_redirect) do |cli, url|
|
||||
expect(url).to end_with(exploit_page)
|
||||
end
|
||||
server.on_request_uri(cli, request)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when a returning visitor from a previous msf run requests the exploit' do
|
||||
let(:body) { '' }
|
||||
let(:tag) { 'joe' }
|
||||
let(:cookie) { "#{cookie_name}=#{tag}" }
|
||||
|
||||
it 'calls send_response once' do
|
||||
server.should_receive(:send_response).once
|
||||
server.on_request_uri(cli, request)
|
||||
end
|
||||
|
||||
it 'serves the os.js detection script' do
|
||||
server.should_receive(:send_response) do |cli, html, headers|
|
||||
expect(html).to include('window.os_detect')
|
||||
end
|
||||
server.on_request_uri(cli, request)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue