Updated How to write a browser exploit using BrowserExploitServer (markdown)
This commit is contained in:
sinn3r
@@ -7,6 +7,8 @@ The BrowserExploitServer mixin is the only mixin specially designed for browser
|
||||
3. Before the mixin decides if it should serve the exploit to the browser, it will check with the module for any exploitable requirements. If the requirements aren't met, it will send a 404 to the browser, and the operation bails.
|
||||
4. If the requirements are met, the mixin will pass the profile (information about the browser gathered during the detection stage) to the module, and let it take over the rest.
|
||||
|
||||
Hint: In the module, you can check the :source key of the profile to determine whether the browser Javascript enabled or not: If the :source is "script", it means Javascript is enabled. If it's "headers" (as in HTTP headers), then the browser has Javascript disabled.
|
||||
|
||||
### Setting Exploitable Requirements
|
||||
|
||||
Exploitable browser requirements are defined under "BrowserRequirements" in the module's metadata. Here's an example of defining a vulnerable target running some ActiveX control:
|
||||
|
||||
Reference in New Issue
Block a user