* less duplication, since the common case is just fine for all but a few instances
git-svn-id: file:///home/svn/incoming/trunk@3531 4d416f70-5f16-0410-b530-b9f4589650daunstable
bmc
parent
f2ab112647
commit
a73f024ce1
|
|
@ -461,10 +461,10 @@ protected
|
|||
|
||||
register_evasion_options(
|
||||
[
|
||||
# utf-7 and utf-7-all are currently not supported by most
|
||||
# browsers, so remove them from the defaults. support for them
|
||||
# is enabled in the mixin if you override the Enum on a per
|
||||
# exploit basis.
|
||||
# utf-8, utf-7 and utf-7-all are currently not supported by
|
||||
# most browsers. as such, they are not added by default. The
|
||||
# mixin supports encoding using them, however they are not
|
||||
# listed in the Option.
|
||||
OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]),
|
||||
OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]),
|
||||
OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)', 0]),
|
||||
|
|
@ -503,34 +503,24 @@ protected
|
|||
body = '<script>document.write(unescape("' + Rex::Text.to_hex(body, '%') + '"))</script>'
|
||||
}
|
||||
end
|
||||
|
||||
|
||||
case datastore['HTML::unicode']
|
||||
when 'utf-16le'
|
||||
headers['Content-Type'] = 'text/html; charset: utf-16le'
|
||||
body = Rex::Text.to_unicode(body, 'utf-16le')
|
||||
when 'utf-16be'
|
||||
headers['Content-Type'] = 'text/html; charset: utf-16be'
|
||||
body = Rex::Text.to_unicode(body, 'utf-16be')
|
||||
when 'utf-16be-marker'
|
||||
headers['Content-Type'] = 'text/html'
|
||||
body = "\xFE\xFF" + Rex::Text.to_unicode(body, 'utf-16be')
|
||||
when 'utf-32le'
|
||||
headers['Content-Type'] = 'text/html; charset: utf-32le'
|
||||
body = Rex::Text.to_unicode(body, 'utf-32le')
|
||||
when 'utf-32be'
|
||||
headers['Content-Type'] = 'text/html; charset: utf-32be'
|
||||
body = Rex::Text.to_unicode(body, 'utf-32be')
|
||||
when 'utf-7'
|
||||
headers['Content-Type'] = 'text/html; charset: utf-7'
|
||||
body = Rex::Text.to_unicode(body, 'utf-7')
|
||||
when 'utf-7-all'
|
||||
headers['Content-Type'] = 'text/html; charset: utf-7'
|
||||
body = Rex::Text.to_unicode(body, 'utf-7', 'all')
|
||||
when 'none'
|
||||
# do nothing
|
||||
else
|
||||
raise RuntimeError, 'Invalid unicode. how did you get here?'
|
||||
|
||||
if ['utf-16le','utf-16be','utf32-le','utf32-be','utf-7','utf-8'].include?(datastore['HTML::unicode'])
|
||||
headers['Content-Type'] = 'text/html; charset: ' + datastore['HTML::unicode']
|
||||
body = Rex::Text.to_unicode(body, datastore['HTML::unicode'])
|
||||
else
|
||||
# special cases
|
||||
case datastore['HTML::unicode']
|
||||
when 'utf-16be-marker'
|
||||
headers['Content-Type'] = 'text/html'
|
||||
body = "\xFE\xFF" + Rex::Text.to_unicode(body, 'utf-16be')
|
||||
when 'utf-7-all'
|
||||
headers['Content-Type'] = 'text/html; charset: utf-7'
|
||||
body = Rex::Text.to_unicode(body, 'utf-7', 'all')
|
||||
when 'none'
|
||||
# do nothing
|
||||
else
|
||||
raise RuntimeError, 'Invalid unicode. how did you get here?'
|
||||
end
|
||||
end
|
||||
|
||||
super(cli, body, headers)
|
||||
|
|
|
|||
Loading…
Reference in New Issue