From c07f3903827a6cb9ffedc0e8e9a99be3de480578 Mon Sep 17 00:00:00 2001
From: Joe Vennix <joev@metasploit.com>
Date: Mon, 10 Mar 2014 13:07:17 -0500
Subject: [PATCH] Add CookieExpiration option, add trailing slash to URI.

---
 .../exploit/remote/browser_exploit_server.rb   | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb
index 994355b5a9..902befc114 100644
--- a/lib/msf/core/exploit/remote/browser_exploit_server.rb
+++ b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@@ -79,7 +79,8 @@ module Msf
       ], Exploit::Remote::BrowserExploitServer)
 
       register_advanced_options([
-        OptString.new('CookieName', [false,  "The name of the tracking cookie", DEFAULT_COOKIE_NAME])
+        OptString.new('CookieName', [false,  "The name of the tracking cookie", DEFAULT_COOKIE_NAME]),
+        OptString.new('CookieExpiration', [false,  "Cookie expiration in years (blank=expire on exit)"])
       ], Exploit::Remote::BrowserExploitServer)
     end
 
@@ -98,7 +99,7 @@ module Msf
     # @return [String] URI to the exploit page
     #
     def get_module_resource
-      "#{get_resource.chomp("/")}/#{@exploit_receiver_page}"
+      "#{get_resource.chomp("/")}/#{@exploit_receiver_page}/"
     end
 
     #
@@ -403,7 +404,7 @@ module Msf
       </script>
       <noscript>
       <img style="visibility:hidden" src="#{get_resource.chomp("/")}/#{@noscript_receiver_page}/">
-      <meta http-equiv="refresh" content="1; url=#{get_resource.chomp("/")}/#{@exploit_receiver_page}/">
+      <meta http-equiv="refresh" content="1; url=#{get_module_resource}">
       </noscript>
       |
     end
@@ -414,8 +415,13 @@ module Msf
     end
 
     def cookie_header(tag)
-      expires = (DateTime.now + 365*20).to_time.strftime("%a, %d %b %Y 12:00:00 GMT")
-      "#{cookie_name}=#{tag}; Expires=#{expires};"
+      cookie = "#{cookie_name}=#{tag};"
+      if datastore['CookieExpiration'].present?
+        expires_date = (DateTime.now + 365*datastore['CookieExpiration'].to_i)
+        expires_str  = expires_date.to_time.strftime("%a, %d %b %Y 12:00:00 GMT")
+        cookie << " Expires=#{expires};"
+      end
+      cookie
     end
 
     #
@@ -431,7 +437,7 @@ module Msf
         # This is the information gathering stage
         #
         if get_profile(retrieve_tag(cli, request))
-          send_redirect(cli, "#{get_resource.chomp("/")}/#{@exploit_receiver_page}")
+          send_redirect(cli, get_module_resource)
           return
         end