Lucene search
+L

HTTP Client Information Gather

🗓️ 22 Mar 2016 18:56:12Reported by sinn3r <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 19 Views

HTTP Client Information Gather module gathers browser information, including OS name, version, and plugins for exploitation purposes. It can return a customized output and redirect to an external web page

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::BrowserExploitServer

  def initialize(info={})
    super(update_info(info,
      'Name'           => "HTTP Client Information Gather",
      'Description'    => %q{
        This module gathers information about a browser that exploits might be interested in, such
        as OS name, browser version, plugins, etc. By default, the module will return a fake 404,
        but you can customize this output by changing the Custom404 datastore option, and
        redirect to an external web page.
      },
      'License'        => MSF_LICENSE,
      'Author'         => [ 'sinn3r' ],
      'DisclosureDate' => '2016-03-22',
      'Actions'     =>
        [
          [
            'WebServer',
              'Description' => 'A web server that collects information about the browser.'
          ]
        ],
      'PassiveActions' => [ 'WebServer' ],
      'DefaultAction'  => 'WebServer'
    ))
  end

  def is_key_wanted?(key)
    ![:module, :created_at, :tried, :vuln_test, :address].include?(key)
  end

  def is_value_wanted?(value)
    !(value.nil? || value =~ /^undefined|false/ || !value)
  end

  def ignore_items!(target_info)
    target_info.delete_if do |key, value|
      !is_key_wanted?(key) || !is_value_wanted?(value)
    end
  end

  def report_host_info(target_info)
    opts = { host: target_info[:address] }
    opts.merge!(target_info)
    report_host(opts)
  end

  def translate_script_meaning(value)
    case value
    when 'script'
      'Browser allows JavaScript'
    when 'headers'
      'Browser does not allow JavaScript'
    end
  end

  def print_target_info(cli, target_info)
    print_good("#{cli.peerhost} - We have found the following interesting information:")
    report_host_info(target_info)
    ignore_items!(target_info)
    target_info.each_pair do |key, value|
      if key == :source
        value = translate_script_meaning(value)
      end
      print_status("#{cli.peerhost} - #{key} = #{value}")
    end
  end

  def on_request_exploit(cli, req, target_info)
    print_target_info(cli, target_info)
    send_response(cli, '')
  end

  def run
    exploit
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Oct 2020 20:00Current
6.9Medium risk
Vulners AI Score6.9
19