From d0d9949d916e223cfdac0277dcabd8b09e710cfa Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 28 Aug 2014 12:04:14 -0500 Subject: [PATCH] Do SSL options correctly --- .../framework/login_scanner/glassfish.rb | 15 +-------------- modules/auxiliary/scanner/http/glassfish_login.rb | 2 -- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/lib/metasploit/framework/login_scanner/glassfish.rb b/lib/metasploit/framework/login_scanner/glassfish.rb index 3b911f1999..4f9f2c4baa 100644 --- a/lib/metasploit/framework/login_scanner/glassfish.rb +++ b/lib/metasploit/framework/login_scanner/glassfish.rb @@ -20,26 +20,13 @@ module Metasploit # Session ID needs to be actively tracked attr_accessor :jsession - # Our own Rex HTTP client needs this information - attr_accessor :ssl - - # Our own Rex HTTP client needs this information - attr_accessor :ssl_version - - - def set_sane_defaults - super - self.ssl = false - self.ssl_version = 'TLS1' - end - # # Sends a HTTP request with Rex # attempt_login is handling all the possible exceptions Rex might raise # def send_request(opts) - cli = Rex::Proto::Http::Client.new(host, port, {}, self.ssl, self.ssl_version) + cli = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version) cli.connect req = cli.request_raw(opts) res = cli.send_recv(req) diff --git a/modules/auxiliary/scanner/http/glassfish_login.rb b/modules/auxiliary/scanner/http/glassfish_login.rb index bcf8d005f4..2fafaf368b 100644 --- a/modules/auxiliary/scanner/http/glassfish_login.rb +++ b/modules/auxiliary/scanner/http/glassfish_login.rb @@ -146,8 +146,6 @@ class Metasploit3 < Msf::Auxiliary connection_timeout: 5 ) - # It doesn't look like we can configure SSL and SSL version with the HTTP class, - # so we do this from Glassfish @scanner.ssl = datastore['SSL'] @scanner.ssl_version = datastore['SSLVERSION'] end