From 90a7e93daae011a6edebf07cc7dc9786a1ae3f1a Mon Sep 17 00:00:00 2001 From: sinn3r Date: Sun, 10 Nov 2013 12:41:39 -0800 Subject: [PATCH] Updated How to write a browser exploit using BrowserExploitServer (markdown) --- How-to-write-a-browser-exploit-using-BrowserExploitServer.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/How-to-write-a-browser-exploit-using-BrowserExploitServer.md b/How-to-write-a-browser-exploit-using-BrowserExploitServer.md index 3e119abb6c..a188a27ef3 100644 --- a/How-to-write-a-browser-exploit-using-BrowserExploitServer.md +++ b/How-to-write-a-browser-exploit-using-BrowserExploitServer.md @@ -7,6 +7,8 @@ The BrowserExploitServer mixin is the only mixin specially designed for browser 3. Before the mixin decides if it should serve the exploit to the browser, it will check with the module for any exploitable requirements. If the requirements aren't met, it will send a 404 to the browser, and the operation bails. 4. If the requirements are met, the mixin will pass the profile (information about the browser gathered during the detection stage) to the module, and let it take over the rest. +Hint: In the module, you can check the :source key of the profile to determine whether the browser Javascript enabled or not: If the :source is "script", it means Javascript is enabled. If it's "headers" (as in HTTP headers), then the browser has Javascript disabled. + ### Setting Exploitable Requirements Exploitable browser requirements are defined under "BrowserRequirements" in the module's metadata. Here's an example of defining a vulnerable target running some ActiveX control: