From e9f9942583ed76dfb019222abdcf2fbfe2e6f47d Mon Sep 17 00:00:00 2001 From: sinn3r Date: Thu, 7 Nov 2013 10:21:10 -0800 Subject: [PATCH] Updated How to write a browser exploit using HttpServer (markdown) --- How-to-write-a-browser-exploit-using-HttpServer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/How-to-write-a-browser-exploit-using-HttpServer.md b/How-to-write-a-browser-exploit-using-HttpServer.md index 942cd7f375..44d32053c2 100644 --- a/How-to-write-a-browser-exploit-using-HttpServer.md +++ b/How-to-write-a-browser-exploit-using-HttpServer.md @@ -68,7 +68,7 @@ def on_request_uri(cli, request) end ``` -Of course, when you write a Metasploit browser exploit there's a lot more you need to think about. For example, your module probably needs to do browser detection, because it wouldn't make any sense to allow Chrome to receive an IE exploit, would it? You probably also need to build a payload that's specific to the target, which means your module needs to know what target it's hitting, and you have to build a method to customize the exploit accordingly, etc. The HttpServer mixin provies all kinds of methods to allow you to accomplish all these. Make sure to check out the API documentation (you can either do this by running msf/documentation/gendocs.sh, or just run "yard" in the msf directory), or checkout existing code examples (especially the recent ones). +Of course, when you write a Metasploit browser exploit there's a lot more you need to think about. For example, your module probably needs to do browser detection, because it wouldn't make any sense to allow Chrome to receive an IE exploit, would it? You probably also need to build a payload that's specific to the target, which means your module needs to know what target it's hitting, and you have to build a method to customize the exploit accordingly, etc. The HttpServer and HttpServer::HTML mixin provies all kinds of methods to allow you to accomplish all these. Make sure to check out the API documentation (you can either do this by running msf/documentation/gendocs.sh, or just run "yard" in the msf directory), or checkout existing code examples (especially the recent ones). To get things started, you can always use the following template to start developing your browser exploit: