Metasploit Framework
 
 
 
 
 
 
Go to file
RootUp 03781e920c
Merge pull request #1 from todb-r7/pr-9180
Hi @todb-r7 
By setting TARGET_URL to `www.google.com`  the module works, but in vulnerable browser the address bar would display like `http://192.168.1.102:9090/www.google.com` 

`
msf auxiliary(samsung_browser_sop_bypass) > 
[*] Using URL: http://192.168.1.102:9090/
[*] Server started.
[*] 192.168.1.100: Request 'GET /'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /favicon.ico'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /www.google.com'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /favicon.ico'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[*] 192.168.1.100: Request 'GET /favicon.ico'
[*] 192.168.1.100: Attempting to spoof origin for www.google.com
[+] 192.168.1.100: Collected credential for 'www.google.com' test:test
`
2017-12-10 11:57:04 +05:30
.github
app
config
data Land #8509, add Winsxs bypass for UAC 2017-10-11 16:24:52 -05:00
db
docker move Dockerfile to root 2017-08-28 16:57:28 +02:00
documentation Land #9109, wp-mobile-detector upload and execute 2017-11-01 13:25:16 -05:00
external Fix conflicts in PR 8509 by mergeing to master 2017-10-09 10:30:21 -05:00
lib Bump version of framework to 4.16.16 2017-11-03 10:03:38 -07:00
modules Rename to actually call out the browser name 2017-12-08 13:53:13 -06:00
plugins remove more instances of positive? 2017-08-02 12:47:34 -05:00
script kill cucumber in framework 2017-07-12 08:00:29 -05:00
scripts remove more unusual raise RuntimeError patterns 2017-11-01 05:59:12 -05:00
spec Land #9157, Add missing ppce500v2 tests 2017-11-01 12:33:02 -05:00
test use https for metaploit.com links 2017-07-24 06:26:21 -07:00
tools add e500v2 payloads 2017-10-30 14:04:10 -05:00
.dockerignore use https for metaploit.com links 2017-07-24 06:26:21 -07:00
.gitignore use https for metaploit.com links 2017-07-24 06:26:21 -07:00
.gitmodules
.mailmap
.rspec
.rubocop.yml disable redundant return warning, update a couple others 2017-08-13 23:51:52 -04:00
.ruby-gemset
.ruby-version bump Ruby to 2.4.2, fix security issues 2017-09-23 21:12:12 -04:00
.simplecov
.travis.yml increase travis timeout 2017-09-29 11:50:02 +02:00
.yardopts remove HACKING from yardopts 2017-09-07 02:35:56 -05:00
CODE_OF_CONDUCT.md
CONTRIBUTING.md update references to sourceforge ML 2017-08-20 13:23:54 -05:00
COPYING
Dockerfile disable gem update for now as version 2.7.1 is broken 2017-11-06 07:49:10 +01:00
Gemfile restrict aggregator on arm for now 2017-10-18 13:21:02 -05:00
Gemfile.local.example update Gemfile.local example, use Gemfile.local if it exists when bundling 2017-04-30 10:57:55 -05:00
Gemfile.lock Bump version of framework to 4.16.16 2017-11-03 10:03:38 -07:00
LICENSE move gem licenses to a separate auto-generated file 2017-04-07 11:49:58 -05:00
LICENSE_GEMS Update rex-exploitation to 0.1.15 2017-10-11 14:09:35 -05:00
README.md update references to sourceforge ML 2017-08-20 13:23:54 -05:00
Rakefile trying rspec-retry 2017-06-20 14:02:32 -05:00
Vagrantfile fix #8693, update Vagrant to latest rvm syntax 2017-07-10 21:41:50 -05:00
docker-compose.yml move Dockerfile to root 2017-08-28 16:57:28 +02:00
metasploit-framework.gemspec bump mettle, update toolchain, add e500v2 and reduce size of x86_64 2017-10-30 05:09:31 -05:00
msfconsole
msfd Removing unnecessary spaces 2017-09-12 10:00:18 -03:00
msfrpc Removing unnecessary spaces 2017-09-12 10:00:18 -03:00
msfrpcd Removing unnecessary spaces 2017-09-12 10:00:18 -03:00
msfupdate update specs 2017-05-27 00:34:12 -05:00
msfvenom Removing unnecessary spaces 2017-09-12 10:00:18 -03:00

README.md

Metasploit Build Status Code Climate

The Metasploit Framework is released under a BSD-style license. See COPYING for more details.

The latest version of this software is available from: https://metasploit.com

Bug tracking and development information can be found at: https://github.com/rapid7/metasploit-framework

New bugs and feature requests should be directed to: https://r-7.co/MSF-BUGv1

API documentation for writing modules can be found at: https://rapid7.github.io/metasploit-framework/api

Questions and suggestions can be sent to: Freenode IRC channel or e-mail the metasploit-hackers mailing list

Installing

Generally, you should use the free installer, which contains all of the dependencies and will get you up and running with a few clicks. See the Dev Environment Setup if you'd like to deal with dependencies on your own.

Using Metasploit

Metasploit can do all sorts of things. The first thing you'll want to do is start msfconsole, but after that, you'll probably be best served by reading Metasploit Unleashed, the great community resources, or the wiki.

Contributing

See the Dev Environment Setup guide on GitHub, which will walk you through the whole process from installing all the dependencies, to cloning the repository, and finally to submitting a pull request. For slightly more information, see Contributing.