From a0af1e95981c394e9a9fd4d04d0a38b9a5e7a649 Mon Sep 17 00:00:00 2001
From: bmc <>
Date: Fri, 10 Feb 2006 17:29:37 +0000
Subject: [PATCH] * a more complete selection of various unicode types
 supported by most browsers

git-svn-id: file:///home/svn/incoming/trunk@3523 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/msf/core/exploit/http.rb | 39 ++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/lib/msf/core/exploit/http.rb b/lib/msf/core/exploit/http.rb
index b20e210894..d8501ab282 100644
--- a/lib/msf/core/exploit/http.rb
+++ b/lib/msf/core/exploit/http.rb
@@ -461,7 +461,11 @@ protected
 		
         register_evasion_options(
             [
-                OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none','little', 'big']]),
+				# utf-7 and utf-7-all are currently not supported by most
+				# browsers, so remove them from the defaults.  support for them
+				# is enabled in the mixin if you override the Enum on a per
+				# exploit basis.
+                OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]),
 				OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]),
 				OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)',  0]),
             ], Exploit::Remote::HttpServer::Html
@@ -499,11 +503,34 @@ protected
 				body = '<script>document.write(unescape("' + Rex::Text.to_hex(body, '%') + '"))</script>'
 			}
 		end
-		
-		if datastore['HTML::unicode'] == 'little'
-			body = Rex::Text.to_unicode(body)
-		elsif datastore['HTML::unicode'] == 'big'
-			body = "\xFE\xFF" + Rex::Text.to_unicode(body, 1)
+			
+
+		case datastore['HTML::unicode']
+			when 'utf-16le'
+				headers['Content-Type'] = 'text/html; charset: utf-16le'
+				body = Rex::Text.to_unicode(body, 'utf-16le')
+			when 'utf-16be'
+				headers['Content-Type'] = 'text/html; charset: utf-16be'
+				body = Rex::Text.to_unicode(body, 'utf-16be')
+			when 'utf-16be-marker'
+				headers['Content-Type'] = 'text/html'
+				body = "\xFE\xFF" + Rex::Text.to_unicode(body, 'utf-16be')
+			when 'utf-32le'
+				headers['Content-Type'] = 'text/html; charset: utf-32le'
+				body = Rex::Text.to_unicode(body, 'utf-32le')
+			when 'utf-32be'
+				headers['Content-Type'] = 'text/html; charset: utf-32be'
+				body = Rex::Text.to_unicode(body, 'utf-32be')
+			when 'utf-7'
+				headers['Content-Type'] = 'text/html; charset: utf-7'
+				body = Rex::Text.to_unicode(body, 'utf-7')
+			when 'utf-7-all'
+				headers['Content-Type'] = 'text/html; charset: utf-7'
+				body = Rex::Text.to_unicode(body, 'utf-7-all')
+			when 'none'
+				# do nothing
+			else
+				raise RuntimeError, 'Invalid unicode.  how did you get here?'
 		end
 		
 		super(cli, body, headers)