Do SSL options correctly

2014-08-28 12:04:14 -05:00 · 2014-08-28 12:04:14 -05:00 · d0d9949d91
parent 0ba2f1e457
commit d0d9949d91
2 changed files with 1 additions and 16 deletions
--- a/lib/metasploit/framework/login_scanner/glassfish.rb
+++ b/lib/metasploit/framework/login_scanner/glassfish.rb
@ -20,26 +20,13 @@ module Metasploit
        # Session ID needs to be actively tracked
        attr_accessor :jsession

-        # Our own Rex HTTP client needs this information
-        attr_accessor :ssl
-
-        # Our own Rex HTTP client needs this information
-        attr_accessor :ssl_version
-
-
-        def set_sane_defaults
-          super
-          self.ssl = false
-          self.ssl_version = 'TLS1'
-        end
-

        #
        # Sends a HTTP request with Rex
        # attempt_login is handling all the possible exceptions Rex might raise
        #
        def send_request(opts)
-          cli = Rex::Proto::Http::Client.new(host, port, {}, self.ssl, self.ssl_version)
+          cli = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version)
          cli.connect
          req = cli.request_raw(opts)
          res = cli.send_recv(req)
--- a/modules/auxiliary/scanner/http/glassfish_login.rb
+++ b/modules/auxiliary/scanner/http/glassfish_login.rb
@ -146,8 +146,6 @@ class Metasploit3 < Msf::Auxiliary
      connection_timeout: 5
    )

-    # It doesn't look like we can configure SSL and SSL version with the HTTP class,
-    # so we do this from Glassfish
    @scanner.ssl         = datastore['SSL']
    @scanner.ssl_version = datastore['SSLVERSION']
  end