Add CookieExpiration option, add trailing slash to URI.

2014-03-10 13:07:17 -05:00 · 2014-03-10 13:07:17 -05:00 · c07f390382
parent 05067b4e33
commit c07f390382
1 changed files with 12 additions and 6 deletions
--- a/lib/msf/core/exploit/remote/browser_exploit_server.rb
+++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@ -79,7 +79,8 @@ module Msf
      ], Exploit::Remote::BrowserExploitServer)

      register_advanced_options([
-        OptString.new('CookieName', [false,  "The name of the tracking cookie", DEFAULT_COOKIE_NAME])
+        OptString.new('CookieName', [false,  "The name of the tracking cookie", DEFAULT_COOKIE_NAME]),
+        OptString.new('CookieExpiration', [false,  "Cookie expiration in years (blank=expire on exit)"])
      ], Exploit::Remote::BrowserExploitServer)
    end

@ -98,7 +99,7 @@ module Msf
    # @return [String] URI to the exploit page
    #
    def get_module_resource
-      "#{get_resource.chomp("/")}/#{@exploit_receiver_page}"
+      "#{get_resource.chomp("/")}/#{@exploit_receiver_page}/"
    end

    #
@ -403,7 +404,7 @@ module Msf
      </script>
      <noscript>
      <img style="visibility:hidden" src="#{get_resource.chomp("/")}/#{@noscript_receiver_page}/">
-      <meta http-equiv="refresh" content="1; url=#{get_resource.chomp("/")}/#{@exploit_receiver_page}/">
+      <meta http-equiv="refresh" content="1; url=#{get_module_resource}">
      </noscript>
      |
    end
@ -414,8 +415,13 @@ module Msf
    end

    def cookie_header(tag)
-      expires = (DateTime.now + 365*20).to_time.strftime("%a, %d %b %Y 12:00:00 GMT")
-      "#{cookie_name}=#{tag}; Expires=#{expires};"
+      cookie = "#{cookie_name}=#{tag};"
+      if datastore['CookieExpiration'].present?
+        expires_date = (DateTime.now + 365*datastore['CookieExpiration'].to_i)
+        expires_str  = expires_date.to_time.strftime("%a, %d %b %Y 12:00:00 GMT")
+        cookie << " Expires=#{expires};"
+      end
+      cookie
    end

    #
@ -431,7 +437,7 @@ module Msf
        # This is the information gathering stage
        #
        if get_profile(retrieve_tag(cli, request))
-          send_redirect(cli, "#{get_resource.chomp("/")}/#{@exploit_receiver_page}")
+          send_redirect(cli, get_module_resource)
          return
        end