adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

169 lines
72 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><link rel="shortcut icon" href="/assets/images/favicon.png" type="image/x-icon"><link rel="stylesheet" href="/assets/css/just-the-docs-default.css"> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-4622520-7"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-4622520-7', { 'anonymize_ip': true }); </script> <script type="text/javascript" src="/assets/js/vendor/lunr.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/mermaid@10.8.0/dist/mermaid.min.js"></script> <script type="text/javascript" src="/assets/js/just-the-docs.js"></script><meta name="viewport" content="width=device-width, initial-scale=1"><title>BrowserExploitServer | Metasploit Documentation Penetration Testing Software, Pen Testing Security</title><meta name="generator" content="Jekyll v4.3.4" /><meta property="og:title" content="BrowserExploitServer" /><meta property="og:locale" content="en_US" /><meta name="description" content="View Metasploit Framework Documentation" /><meta property="og:description" content="View Metasploit Framework Documentation" /><link rel="canonical" href="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html" /><meta property="og:url" content="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html" /><meta property="og:site_name" content="Metasploit Documentation Penetration Testing Software, Pen Testing Security" /><meta property="og:type" content="website" /><meta name="twitter:card" content="summary" /><meta property="twitter:title" content="BrowserExploitServer" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"View Metasploit Framework Documentation","headline":"BrowserExploitServer","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://rapid7.github.io/metasploit-framework/assets/images/favicon.png"}},"url":"https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html"}</script><body> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-link" viewBox="0 0 24 24"><title>Link</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-link"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path> </svg> </symbol> <symbol id="svg-search" viewBox="0 0 24 24"><title>Search</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"> <circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"><title>Menu</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"><title>Expand</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-chevron-right"><polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbol id="svg-doc" viewBox="0 0 24 24"><title>Document</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"><path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline> </svg> </symbol> </svg> <script type="text/javascript" src="/assets/js/toggle_init.js"></script><div class="side-bar"><div class="site-header"> <a href="/" class="site-title lh-tight"><img src="/assets/images/metasploit-logo-dark-external-use.svg" alt="Metasploit Logo" class="title-logo" /> </a> <a href="#" id="menu-button" class="site-button"> <svg viewBox="0 0 24 24" class="icon"><use xlink:href="#svg-menu"></use></svg> </a></div><nav role="navigation" aria-label="Main" id="site-nav" class="site-nav"><ul class="nav-list"><li class="nav-list-item active"><a href="/" class="nav-list-link">Home</a><li class="nav-list-item active"><a href="/docs/code-of-conduct.html" class="nav-list-link">Code Of Conduct</a><li class="nav-list-item active"><a href="/docs/modules.html" class="nav-list-link">Modules</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/" class="nav-list-link">Pentesting</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-setting-module-options.html" class="nav-list-link">Setting Module Options</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-upgrading-shells-to-meterpreter.html" class="nav-list-link">Upgrading Shells to Meterpreter</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-post-gather-modules.html" class="nav-list-link">Post Gather Modules</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-http.html" class="nav-list-link">HTTP + HTTPS</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-kubernetes.html" class="nav-list-link">Kubernetes</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-mysql.html" class="nav-list-link">MySQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-postgresql.html" class="nav-list-link">PostgreSQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-smb.html" class="nav-list-link">SMB</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-ssh.html" class="nav-list-link">SSH</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-winrm.html" class="nav-list-link">WinRM</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-mssql.html" class="nav-list-link">MSSQL</a><li class="nav-list-item active"><a href="/docs/pentesting/metasploit-guide-ldap.html" class="nav-list-link">LDAP</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/" class="nav-list-link">Active Directory</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/ad-certificates/" class="nav-list-link">AD CS</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/overview.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/attacking-ad-cs-esc-vulnerabilities.html" class="nav-list-link">Attacking AD CS ESC Vulnerabilities Using Metasploit</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/ldap_esc_vulnerable_cert_finder.html" class="nav-list-link">Vulnerable cert finder</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/ad_cs_cert_template.html" class="nav-list-link">Manage certificate templates</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/ad-certificates/icpr_cert.html" class="nav-list-link">Request certificates</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/pentesting/active-directory/kerberos/" class="nav-list-link">Kerberos</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/overview.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/service_authentication.html" class="nav-list-link">Authenticating to SMB/WinRM/etc</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/kerberos_login.html" class="nav-list-link">Kerberos login enumeration and bruteforcing</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/get_ticket.html" class="nav-list-link">Get Ticket granting tickets and service tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/ticket_converter.html" class="nav-list-link">Converting kirbi and ccache files</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/forge_ticket.html" class="nav-list-link">Forging tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/inspect_ticket.html" class="nav-list-link">Inspecting tickets</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/kerberoasting.html" class="nav-list-link">Kerberoasting</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/keytab.html" class="nav-list-link">Keytab support and decrypting wireshark traffic</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/rbcd.html" class="nav-list-link">Resource-based constrained delegation (RBCD)</a><li class="nav-list-item active"><a href="/docs/pentesting/active-directory/kerberos/unconstrained_delegation.html" class="nav-list-link">Unconstrained delegation</a></ul></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/" class="nav-list-link">Using Metasploit</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/getting-started/" class="nav-list-link">Getting Started</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/getting-started/nightly-installers.html" class="nav-list-link">Nightly Installers</a><li class="nav-list-item active"><a href="/docs/using-metasploit/getting-started/reporting-a-bug.html" class="nav-list-link">Reporting a Bug</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/basics/" class="nav-list-link">Basics</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/using-metasploit.html" class="nav-list-link">Running modules</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-a-metasploit-module-appropriately.html" class="nav-list-link">How to use a Metasploit module appropriately</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-payloads-work.html" class="nav-list-link">How payloads work</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/module-documentation.html" class="nav-list-link">Module Documentation</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-a-reverse-shell-in-metasploit.html" class="nav-list-link">How to use a reverse shell in Metasploit</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/how-to-use-msfvenom.html" class="nav-list-link">How to use msfvenom</a><li class="nav-list-item active"><a href="/docs/using-metasploit/basics/managing-sessions.html" class="nav-list-link">Managing Sessions</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/intermediate/" class="nav-list-link">Intermediate</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/metasploit-database-support.html" class="nav-list-link">Database Support</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/evading-anti-virus.html" class="nav-list-link">Evading Anti Virus</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/exploit-ranking.html" class="nav-list-link">Exploit Ranking</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/hashes-and-password-cracking.html" class="nav-list-link">Hashes and Password Cracking</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/how-to-use-plugins.html" class="nav-list-link">Metasploit Plugins</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/payload-uuid.html" class="nav-list-link">Payload UUID</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/pivoting-in-metasploit.html" class="nav-list-link">Pivoting in Metasploit</a><li class="nav-list-item active"><a href="/docs/using-metasploit/intermediate/running-private-modules.html" class="nav-list-link">Running Private Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/" class="nav-list-link">Advanced</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/how-to-configure-dns.html" class="nav-list-link">How to Configure DNS</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/metasploit-web-service.html" class="nav-list-link">Metasploit Web Service</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/meterpreter/" class="nav-list-link">Meterpreter</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-configuration.html" class="nav-list-link">Configuration</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/debugging-dead-meterpreter-sessions.html" class="nav-list-link">Debugging Dead Meterpreter Sessions</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html" class="nav-list-link">Debugging Meterpreter Sessions</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-executebof-command.html" class="nav-list-link">ExecuteBof Command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-http-communication.html" class="nav-list-link">HTTP Communication</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/how-to-get-started-with-writing-a-meterpreter-script.html" class="nav-list-link">How to get started with writing a Meterpreter script</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-paranoid-mode.html" class="nav-list-link">Paranoid Mode</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/powershell-extension.html" class="nav-list-link">Powershell Extension</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/python-extension.html" class="nav-list-link">Python Extension</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-reg-command.html" class="nav-list-link">Reg Command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-reliable-network-communication.html" class="nav-list-link">Reliable Network Communication</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-sleep-control.html" class="nav-list-link">Sleep Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-stageless-mode.html" class="nav-list-link">Stageless Mode</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/the-ins-and-outs-of-http-and-https-communications-in-meterpreter-and-metasploit-stagers.html" class="nav-list-link">The ins and outs of HTTP and HTTPS communications in Meterpreter and Metasploit Stagers</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-timeout-control.html" class="nav-list-link">Timeout Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-transport-control.html" class="nav-list-link">Transport Control</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-unicode-support.html" class="nav-list-link">Unicode Support</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/meterpreter/meterpreter-wishlist.html" class="nav-list-link">Wishlist</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/advanced/RPC/" class="nav-list-link">RPC</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/RPC/how-to-use-metasploit-json-rpc.html" class="nav-list-link">How to use Metasploit JSON RPC</a><li class="nav-list-item active"><a href="/docs/using-metasploit/advanced/RPC/how-to-use-metasploit-messagepack-rpc.html" class="nav-list-link">How to use Metasploit Messagepack RPC</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/other/" class="nav-list-link">Other</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-metasploit-mcp-server.html" class="nav-list-link">How to use Metasploit MCP Server</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-metasploit-with-ngrok.html" class="nav-list-link">How to use Metasploit with ngrok</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/how-to-use-the-favorite-command.html" class="nav-list-link">How to use the Favorite command</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/information-about-unmet-browser-exploit-requirements.html" class="nav-list-link">Information About Unmet Browser Exploit Requirements</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/using-metasploit/other/oracle-support/" class="nav-list-link">Oracle Support</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/using-metasploit/other/oracle-support/how-to-get-oracle-support-working-with-kali-linux.html" class="nav-list-link">How to get Oracle Support working with Kali Linux</a><li class="nav-list-item active"><a href="/docs/using-metasploit/other/oracle-support/oracle-usage.html" class="nav-list-link">Oracle Usage</a></ul><li class="nav-list-item active"><a href="/docs/using-metasploit/other/why-cve-is-not-available.html" class="nav-list-link">Why CVE is not available</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/" class="nav-list-link active">Development</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/get-started/" class="nav-list-link">Get Started</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/get-started/contributing-to-metasploit.html" class="nav-list-link">Contributing to Metasploit</a><li class="nav-list-item active"><a href="/docs/development/get-started/creating-your-first-pr.html" class="nav-list-link">Creating Your First PR</a><li class="nav-list-item active"><a href="/docs/development/get-started/setting-up-a-metasploit-development-environment.html" class="nav-list-link">Setting Up a Metasploit Development Environment</a><li class="nav-list-item active"><a href="/docs/development/get-started/sanitizing-pcaps.html" class="nav-list-link">Sanitizing PCAPs</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/get-started/git/" class="nav-list-link">Git</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/get-started/git/git-reference-sites.html" class="nav-list-link">Git Reference Sites</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/git-cheatsheet.html" class="nav-list-link">Git cheatsheet</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/keeping-in-sync-with-rapid7-master.html" class="nav-list-link">Keeping in sync with rapid7 master</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/remote-branch-pruning.html" class="nav-list-link">Remote Branch Pruning</a><li class="nav-list-item active"><a href="/docs/development/get-started/git/using-git.html" class="nav-list-link">Using Git</a></ul><li class="nav-list-item active"><a href="/docs/development/get-started/navigating-and-understanding-metasploits-codebase.html" class="nav-list-link">Navigating the codebase</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/" class="nav-list-link active">Developing Modules</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/guides/" class="nav-list-link">Guides</a><ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/guides/scanners/" class="nav-list-link">Scanners</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/scanners/how-to-write-a-http-loginscanner-module.html" class="nav-list-link">Writing a HTTP LoginScanner</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/scanners/creating-metasploit-framework-loginscanners.html" class="nav-list-link">Writing an FTP LoginScanner</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-check-microsoft-patch-levels-for-your-exploit.html" class="nav-list-link">How to check Microsoft patch levels for your exploit</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-use-fetch-payloads.html" class="nav-list-link">How to use Fetch Payloads</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-use-command-stagers.html" class="nav-list-link">How to use command stagers</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-check-method.html" class="nav-list-link">How to write a check method</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-cmd-injection-module.html" class="nav-list-link">How to write a cmd injection module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-write-a-browser-exploit-using-httpserver.html" class="nav-list-link">Writing a browser exploit</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-get-started-with-writing-a-post-module.html" class="nav-list-link">Writing a post module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/how-to-get-started-with-writing-an-auxiliary-module.html" class="nav-list-link">Writing an auxiliary module</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/guides/get-started-writing-an-exploit.html" class="nav-list-link">Writing an exploit</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/external-modules/" class="nav-list-link">External Modules</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-metasploit-modules.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-golang-modules.html" class="nav-list-link">Writing GoLang Modules</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/external-modules/writing-external-python-modules.html" class="nav-list-link">Writing Python Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/module-metadata/" class="nav-list-link">Module metadata</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/definition-of-module-reliability-side-effects-and-stability.html" class="nav-list-link">Definition of Module Reliability Side Effects and Stability</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/how-to-use-datastore-options.html" class="nav-list-link">How to use datastore options</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/module-metadata/module-reference-identifiers.html" class="nav-list-link">Module Reference Identifiers</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/" class="nav-list-link active">Libraries</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/api.html" class="nav-list-link">API</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-msf-auxiliary-authbrute-to-write-a-bruteforcer.html" class="nav-list-link">AuthBrute</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-cleanup-after-module-execution.html" class="nav-list-link">Cleanup</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/c/" class="nav-list-link">Compiling C</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-use-metasploit-framework-compiler-windows-to-compile-c-code.html" class="nav-list-link">Overview</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-decode-base64-with-metasploit-framework-compiler.html" class="nav-list-link">Base64 Support</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-decrypt-rc4-with-metasploit-framework-compiler.html" class="nav-list-link">RC4 Support</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/c/how-to-xor-with-metasploit-framework-compiler.html" class="nav-list-link">XOR Support</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/deserialization/" class="nav-list-link">Deserialization</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/deserialization/dot-net-deserialization.html" class="nav-list-link">Dot Net Deserialization</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/deserialization/generating-ysoserial-java-serialized-objects.html" class="nav-list-link">Java Deserialization</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/handling-module-failures-with-fail_with.html" class="nav-list-link">Fail_with</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-fileformat-mixin-to-create-a-file-format-exploit.html" class="nav-list-link">Fileformat</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-git-mixin-to-write-an-exploit-module.html" class="nav-list-link">Git Mixin</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/http/" class="nav-list-link active">HTTP</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html" class="nav-list-link active">BrowserExploitServer</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-httpclient.html" class="nav-list-link">How to Send an HTTP Request Using HttpClient</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-parse-an-http-response.html" class="nav-list-link">How to parse an HTTP response</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-send-an-http-request-using-rex-proto-http-client.html" class="nav-list-link">How to send an HTTP request using Rex Proto Http Client</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/http/how-to-write-a-module-using-httpserver-and-httpclient.html" class="nav-list-link">How to write a module using HttpServer and HttpClient</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-log-in-metasploit.html" class="nav-list-link">Logging</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/obfuscation/" class="nav-list-link">Obfuscation</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/obfuscation/how-to-use-metasploit-framework-obfuscation-crandomizer.html" class="nav-list-link">C Obfuscation</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html" class="nav-list-link">JavaScript Obfuscation</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-phpexe-to-exploit-an-arbitrary-file-upload-bug.html" class="nav-list-link">PhpExe</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/post-mixins.html" class="nav-list-link">PostMixins</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-powershell-in-an-exploit.html" class="nav-list-link">Powershell</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-railgun-for-windows-post-exploitation.html" class="nav-list-link">Railgun</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/using-reflectivedll-injection.html" class="nav-list-link">ReflectiveDLL Injection</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-do-reporting-or-store-data-in-module-development.html" class="nav-list-link">Reporting and Storing Data</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-seh-mixin-to-exploit-an-exception-handler.html" class="nav-list-link">SEH Exploitation</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/developing-modules/libraries/smb_library/" class="nav-list-link">SMB Library</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/smb_library/guidelines-for-writing-modules-with-smb.html" class="nav-list-link">Guidelines for Writing Modules with SMB</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/smb_library/what-my-rex-proto-smb-error-means.html" class="nav-list-link">What my Rex Proto SMB Error means</a></ul><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/sql-injection-libraries.html" class="nav-list-link">SQL Injection</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-the-msf-exploit-remote-tcp-mixin.html" class="nav-list-link">TCP</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-use-wbemexec-for-a-write-privilege-attack-on-windows.html" class="nav-list-link">WbemExec</a><li class="nav-list-item active"><a href="/docs/development/developing-modules/libraries/how-to-zip-files-with-msf-util-exe-to_zip.html" class="nav-list-link">Zip</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/google-summer-of-code/" class="nav-list-link">Google Summer of Code</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-mentor-organization-application.html" class="nav-list-link">2017 Mentor Organization Application</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-project-ideas.html" class="nav-list-link">2017 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2017-student-proposal.html" class="nav-list-link">2017 Student Proposal</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2018-project-ideas.html" class="nav-list-link">2018 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2019-project-ideas.html" class="nav-list-link">2019 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2020-project-ideas.html" class="nav-list-link">2020 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2021-project-ideas.html" class="nav-list-link">2021 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2022-project-ideas.html" class="nav-list-link">2022 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2023-project-ideas.html" class="nav-list-link">2023 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/gsoc-2026-project-ideas.html" class="nav-list-link">2026 Project Ideas</a><li class="nav-list-item active"><a href="/docs/development/google-summer-of-code/how-to-apply-to-gsoc.html" class="nav-list-link">How to Apply to GSoC</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/" class="nav-list-link">Maintainers</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/committer-keys.html" class="nav-list-link">Committer Keys</a><li class="nav-list-item active"><a href="/docs/development/maintainers/committer-rights.html" class="nav-list-link">Committer Rights</a><li class="nav-list-item active"><a href="/docs/development/maintainers/downloads-by-version.html" class="nav-list-link">Downloads by Version</a><li class="nav-list-item active"><a href="/docs/development/maintainers/metasploit-hackathons.html" class="nav-list-link">Metasploit Hackathons</a><li class="nav-list-item active"><a href="/docs/development/maintainers/metasploit-loginpalooza.html" class="nav-list-link">Metasploit Loginpalooza</a><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/process/" class="nav-list-link">Process</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/process/assigning-labels.html" class="nav-list-link">Assigning Labels</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/guidelines-for-accepting-modules-and-enhancements.html" class="nav-list-link">Guidelines for Accepting Modules and Enhancements</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/how-to-deprecate-a-metasploit-module.html" class="nav-list-link">How to deprecate a Metasploit module</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/landing-pull-requests.html" class="nav-list-link">Landing Pull Requests</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/adding-release-notes-to-prs.html" class="nav-list-link">Release Notes</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/rolling-back-merges.html" class="nav-list-link">Rolling back merges</a><li class="nav-list-item active"><a href="/docs/development/maintainers/process/unstable-modules.html" class="nav-list-link">Unstable Modules</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/maintainers/ruby-gems/" class="nav-list-link">Ruby Gems</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/how-to-add-and-update-gems-in-metasploit-framework.html" class="nav-list-link">Adding and Updating</a><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/merging-metasploit-payload-gem-updates.html" class="nav-list-link">Merging Metasploit Payload Gem Updates</a><li class="nav-list-item active"><a href="/docs/development/maintainers/ruby-gems/using-local-gems.html" class="nav-list-link">Using local Gems</a></ul></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/propsals/" class="nav-list-link">Proposals</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/propsals/bundled-modules-proposal.html" class="nav-list-link">Bundled Modules Proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/java-meterpreter-feature-parity-proposal.html" class="nav-list-link">Java Meterpreter Feature Parity Proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/msf6-feature-proposals.html" class="nav-list-link">MSF6 Feature Proposals</a><li class="nav-list-item active"><a href="/docs/development/propsals/metasploit-url-support-proposal.html" class="nav-list-link">Metasploit URL support proposal</a><li class="nav-list-item active"><a href="/docs/development/propsals/payload-rename-justification.html" class="nav-list-link">Payload Rename Justification</a><li class="nav-list-item active"><a href="/docs/development/propsals/uberhandler.html" class="nav-list-link">Uberhandler</a><li class="nav-list-item active"><a href="/docs/development/propsals/work-needed-to-allow-msfdb-to-use-postgresql-common.html" class="nav-list-link">Work needed to allow msfdb to use postgresql common</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/quality/" class="nav-list-link">Quality</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/quality/common-metasploit-module-coding-mistakes.html" class="nav-list-link">Common Metasploit Module Coding Mistakes</a><li class="nav-list-item active"><a href="/docs/development/quality/loading-test-modules.html" class="nav-list-link">Loading Test Modules</a><li class="nav-list-item active"><a href="/docs/development/quality/measuring-metasploit-performance.html" class="nav-list-link">Measuring Metasploit Performance</a><li class="nav-list-item active"><a href="/docs/development/quality/msftidy.html" class="nav-list-link">Msftidy</a><li class="nav-list-item active"><a href="/docs/development/quality/payload-testing.html" class="nav-list-link">Payload Testing</a><li class="nav-list-item active"><a href="/docs/development/quality/style-tips.html" class="nav-list-link">Style Tips</a><li class="nav-list-item active"><a href="/docs/development/quality/using-rubocop.html" class="nav-list-link">Using Rubocop</a><li class="nav-list-item active"><a href="/docs/development/quality/writing-module-documentation.html" class="nav-list-link">Writing Module Documentation</a></ul><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="/docs/development/roadmap/" class="nav-list-link">Roadmap</a><ul class="nav-list"><li class="nav-list-item active"><a href="/docs/development/roadmap/2017-roadmap.html" class="nav-list-link">2017 Roadmap</a><li class="nav-list-item active"><a href="/docs/development/roadmap/2017-roadmap-review.html" class="nav-list-link">2017 Roadmap Review</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-breaking-changes.html" class="nav-list-link">Metasploit Breaking Changes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-data-service-enhancements-goliath.html" class="nav-list-link">Metasploit Data Service</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-5-release-notes.html" class="nav-list-link">Metasploit Framework 5.0 Release Notes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-6-release-notes.html" class="nav-list-link">Metasploit Framework 6.0 Release Notes</a><li class="nav-list-item active"><a href="/docs/development/roadmap/metasploit-framework-wish-list.html" class="nav-list-link">Metasploit Framework Wish List</a></ul></ul><li class="nav-list-item active"><a href="/docs/contact.html" class="nav-list-link">Contact</a></ul></nav><footer class="site-footer"> This site uses <a href="https://github.com/pmarsceill/just-the-docs">Just the Docs</a>, a documentation theme for Jekyll.</footer></div><div class="main" id="top"><div id="main-header" class="main-header"><div class="search"><div class="search-input-wrap"> <input type="text" id="search-input" class="search-input" tabindex="0" placeholder="Search Metasploit Documentation" aria-label="Search Metasploit Documentation" autocomplete="off"> <label for="search-input" class="search-label"><svg viewBox="0 0 24 24" class="search-icon"><use xlink:href="#svg-search"></use></svg></label></div><div id="search-results" class="search-results"></div></div><link rel="stylesheet" href="/assets/css/main.css"><nav aria-label="Auxiliary" class="aux-nav"><ul class="aux-nav-list"><li class="aux-nav-list-item"> <a href="//github.com/rapid7/metasploit-framework" class="site-button" target="_blank" rel="noopener noreferrer" > Metasploit Framework on GitHub </a></ul></nav></div><div id="main-content-wrap" class="main-content-wrap"><nav aria-label="Breadcrumb" class="breadcrumb-nav"><ol class="breadcrumb-nav-list"><li class="breadcrumb-nav-list-item"> <a href="/docs/development/">Development</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/">Developing Modules</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/libraries/">Libraries</a><li class="breadcrumb-nav-list-item"> <a href="/docs/development/developing-modules/libraries/http/">HTTP</a><li class="breadcrumb-nav-list-item"> <span>BrowserExploitServer</span></ol></nav><div id="main-content" class="main-content" role="main"><p>The Metasploit Framework provides different mixins you can use to develop a browser exploit, mainly they are:</p><ul><li><strong><a href="/docs/development/developing-modules/guides/how-to-write-a-browser-exploit-using-httpserver.html">Msf::Exploit::Remote::HttpServer</a></strong> - The most basic form of a HTTP server.<li><strong><a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http_server/html.rb">Msf::Exploit::Remote::HttpServer::HTML</a></strong> - which provides Javascript functions that the module can use when crafting HTML contents.<li><strong><a href="/docs/development/developing-modules/libraries/http/how-to-write-a-browser-exploit-using-browserexploitserver.html">Msf::Exploit::Remote::BrowserExploitServer</a></strong> - which includes features from both HttpServer and HttpServer::HTML, but with even more goodies. This writeup covers the <a href="https://github.com/rapid7/metasploit-framework/blob/a7d255bbe5537822c614ede71933fdc6597dd369/lib/msf/core/exploit/remote/browser_exploit_server.rb">BrowserExploitServer</a> mixin.</ul><h3 id="the-automatic-exploitation-procedure"> <a href="#the-automatic-exploitation-procedure" class="anchor-heading" aria-labelledby="the-automatic-exploitation-procedure"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> The Automatic Exploitation Procedure</h3><p>The BrowserExploitServer mixin is the only mixin specially designed for browser exploitation. Before you use this mixin, you should understand what it does behind the scenes for you:</p><ol><li>It automatically collects the browser information, including things like: OS name, version, browser name, browser version, whether a proxy is used, Java plugin version, Microsoft Office version, etc, etc. If the browser doesnt have Javascript enabled, then it knows less about the target. All the info gathered will be stored in a profile managed by the mixin.<li>The mixin will then tag the browser to track the session. It will also use the same tag to retrieve the profile when needed.<li>Before the mixin decides if it should serve the exploit to the browser, it will check with the module for any exploitable requirements. If the requirements arent met, it will send a 404 to the browser, and the operation bails.<li>If the requirements are met, the mixin will pass the profile (information about the browser gathered during the detection stage) to the module, and let it take over the rest.</ol><p>Hint: In the module, you can check the :source key in the profile to determine whether Javascript is enabled or not: If the :source is “script”, it means Javascript is enabled. If its “headers” (as in HTTP headers), then the browser has Javascript disabled.</p><h3 id="setting-exploitable-requirements"> <a href="#setting-exploitable-requirements" class="anchor-heading" aria-labelledby="setting-exploitable-requirements"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Setting Exploitable Requirements</h3><p>Being able to set browser requirements is an important feature of the mixin. It allows your attack to be smarter, more targeted, and prevents accidents. Heres a scenario: Say you have a vulnerability against Internet Explorer that only affects a specific range of MSHTML builds, you can set the :os_name, :ua_name, :ua_ver, and :mshtml_build to make sure it doesnt blindly exploit against anything else. The :mshtml_build requirement can be found in “Product version” under MSHTMLs file properties.</p><p>Exploitable browser requirements are defined under “BrowserRequirements” in the modules metadata. Heres an example of defining a vulnerable target running some ActiveX control:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="s1">'BrowserRequirements'</span> <span class="o">=&gt;</span>
<span class="p">{</span>
<span class="ss">source: </span><span class="sr">/script/i</span><span class="p">,</span>
<span class="ss">activex: </span><span class="p">[</span>
<span class="p">{</span>
<span class="ss">clsid: </span><span class="s1">'{D27CDB6E-AE6D-11cf-96B8-444553540000}'</span><span class="p">,</span>
<span class="ss">method: </span><span class="s1">'LoadMovie'</span>
<span class="p">}</span>
<span class="p">],</span>
<span class="ss">os_name: </span><span class="sr">/win/i</span>
<span class="p">}</span>
</code></pre></div></div><p>You can also define target-specific requirements. This is also how the mixin is able to automatically select a target, and you can get it with the “get_target” method. Heres an example of how to define target-specific requirements for IE8 on Win XP and IE 9 on Win 7:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="s1">'BrowserRequirements'</span> <span class="o">=&gt;</span>
<span class="p">{</span>
<span class="ss">:source</span> <span class="o">=&gt;</span> <span class="sr">/script|headers/i</span><span class="p">,</span>
<span class="s1">'ua_name'</span> <span class="o">=&gt;</span> <span class="no">HttpClients</span><span class="o">::</span><span class="no">IE</span><span class="p">,</span>
<span class="p">},</span>
<span class="s1">'Targets'</span> <span class="o">=&gt;</span>
<span class="p">[</span>
<span class="p">[</span> <span class="s1">'Automatic'</span><span class="p">,</span> <span class="p">{}</span> <span class="p">],</span>
<span class="p">[</span>
<span class="s1">'Windows XP with IE 8'</span><span class="p">,</span>
<span class="p">{</span>
<span class="ss">:os_name</span> <span class="o">=&gt;</span> <span class="s1">'Windows XP'</span><span class="p">,</span>
<span class="s1">'ua_ver'</span> <span class="o">=&gt;</span> <span class="s1">'8.0'</span><span class="p">,</span>
<span class="s1">'Rop'</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">,</span>
<span class="s1">'Offset'</span> <span class="o">=&gt;</span> <span class="mh">0x100</span>
<span class="p">}</span>
<span class="p">],</span>
<span class="p">[</span>
<span class="s1">'Windows 7 with IE 9'</span><span class="p">,</span>
<span class="p">{</span>
<span class="s1">'os_name'</span> <span class="o">=&gt;</span> <span class="s1">'Windows 7'</span><span class="p">,</span>
<span class="s1">'ua_ver'</span> <span class="o">=&gt;</span> <span class="s1">'9.0'</span><span class="p">,</span>
<span class="s1">'Rop'</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">,</span>
<span class="s1">'Offset'</span> <span class="o">=&gt;</span> <span class="mh">0x200</span>
<span class="p">}</span>
<span class="p">]</span>
<span class="p">]</span>
</code></pre></div></div><p>You can use these for <strong>:os_name</strong>:</p><div class="table-wrapper"><table><thead><tr><th>Constant<th>Purpose<tbody><tr><td>OperatingSystems::Match::WINDOWS<td>Match all versions of Windows<tr><td>OperatingSystems::Match::WINDOWS_95<td>Match Windows 95<tr><td>OperatingSystems::Match::WINDOWS_98<td>Match Windows 98<tr><td>OperatingSystems::Match::WINDOWS_ME<td>Match Windows ME<tr><td>OperatingSystems::Match::WINDOWS_NT3<td>Match Windows NT 3<tr><td>OperatingSystems::Match::WINDOWS_NT4<td>Match Windows NT 4<tr><td>OperatingSystems::Match::WINDOWS_2000<td>Match Windows 2000<tr><td>OperatingSystems::Match::WINDOWS_XP<td>Match Windows XP<tr><td>OperatingSystems::Match::WINDOWS_2003<td>Match Windows Server 2003<tr><td>OperatingSystems::Match::WINDOWS_VISTA<td>Match Windows Vista<tr><td>OperatingSystems::Match::WINDOWS_2008<td>Match Windows Server 2008<tr><td>OperatingSystems::Match::WINDOWS_7<td>Match Windows 7<tr><td>OperatingSystems::Match::WINDOWS_2012<td>Match Windows 2012<tr><td>OperatingSystems::Match::WINDOWS_8<td>Match Windows 8<tr><td>OperatingSystems::Match::WINDOWS_81<td>Match Windows 8.1<tr><td>OperatingSystems::Match::LINUX<td>Match a Linux distro<tr><td>OperatingSystems::Match::MAC_OSX<td>Match Mac OSX<tr><td>OperatingSystems::Match::FREEBSD<td>Match FreeBSD<tr><td>OperatingSystems::Match::NETBSD<td>Match NetBSD<tr><td>OperatingSystems::Match::OPENBSD<td>Match OpenBSD<tr><td>OperatingSystems::Match::VMWARE<td>Match VMWare<tr><td>OperatingSystems::Match::ANDROID<td>Match Android<tr><td>OperatingSystems::Match::APPLE_IOS<td>Match Apple IOS</table></div><p>You can use these for <strong>:ua_name</strong>:</p><div class="table-wrapper"><table><thead><tr><th>Constant<th>Value<tbody><tr><td>HttpClients::IE<td>“MSIE”<tr><td>HttpClients::FF<td>“Firefox”<tr><td>HttpClients::SAFARI<td>“Safari”<tr><td>HttpClients::OPERA<td>“Opera”<tr><td>HttpClients::CHROME<td>“Chrome”</table></div><p>More of these constants can be found here: <a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/constants.rb">https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/constants.rb</a></p><p>All currently supported requirements by the mixin can be found here (see REQUIREMENT_KEY_SET): <a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/browser_exploit_server.rb#L46">https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/browser_exploit_server.rb#L46</a></p><h3 id="set-up-a-listener"> <a href="#set-up-a-listener" class="anchor-heading" aria-labelledby="set-up-a-listener"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Set up a listener</h3><p>After the detection stage and the requirement check, the mixin will trigger the “on_request_exploit” callback method, thats where you handle the HTTP request, craft the HTML, and send back the exploit response. Heres an example of how to set up “on_request_exploit”:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">#</span>
<span class="c1"># Listens for the HTTP request</span>
<span class="c1"># cli is the socket</span>
<span class="c1"># request is the Rex::Proto::Http::Request object</span>
<span class="c1"># target_info is a hash that contains all the browser info (aka the profile)</span>
<span class="c1">#</span>
<span class="k">def</span> <span class="nf">on_request_exploit</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">target_info</span><span class="p">)</span>
<span class="n">print_status</span><span class="p">(</span><span class="s2">"Here's what I know about the target: </span><span class="si">#{</span><span class="n">target_info</span><span class="p">.</span><span class="nf">inspect</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
<span class="k">end</span>
</code></pre></div></div><h3 id="crafting-html-with-browserexploitserver"> <a href="#crafting-html-with-browserexploitserver" class="anchor-heading" aria-labelledby="crafting-html-with-browserexploitserver"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Crafting HTML with BrowserExploitServer</h3><p>There are two coding styles the BrowserExploitServer mixin supports: The good old HTML, or <a href="http://ruby-doc.org/stdlib-2.1.3/libdoc/erb/rdoc/ERB.html">ERB</a> template. The first is pretty self-explanatory:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">on_request_exploit</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">target_info</span><span class="p">)</span>
<span class="n">html</span> <span class="o">=</span> <span class="sx">%Q|
&lt;html&gt;
Hello, world!
&lt;/html&gt;
|</span>
<span class="n">send_exploit_html</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">html</span><span class="p">)</span>
<span class="k">end</span>
</code></pre></div></div><p><a href="http://ruby-doc.org/stdlib-2.1.3/libdoc/erb/rdoc/ERB.html">ERB</a> is a new way to write Metasploit browser exploits. If youve written one or two web applications, this is no stranger to you. When youre using the BrowserExploitServer mixin to write an exploit, what really happens is youre writing a rails template. Heres an example of using of this feature:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">on_request_exploit</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">target_info</span><span class="p">)</span>
<span class="n">html</span> <span class="o">=</span> <span class="sx">%Q|
&lt;html&gt;
Do you feel lucky, punk?&lt;br&gt;
&lt;% if [true, false].sample %&gt;
Lucky!&lt;br&gt;
&lt;% else %&gt;
Bad luck, bro!&lt;Br&gt;
&lt;% end %&gt;
&lt;/html&gt;
|</span>
<span class="n">send_exploit_html</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">html</span><span class="p">)</span>
<span class="k">end</span>
</code></pre></div></div><p>If you want to access local variables or arguments, make sure to pass the binding object to send_exploit_html:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">exploit_template1</span><span class="p">(</span><span class="n">target_info</span><span class="p">,</span> <span class="n">txt</span><span class="p">)</span>
<span class="n">txt2</span> <span class="o">=</span> <span class="s2">"I can use local vars!"</span>
<span class="n">template</span> <span class="o">=</span> <span class="sx">%Q|
&lt;% msg = "This page is generated by an exploit" %&gt;
&lt;%=msg%&gt;&lt;br&gt;
&lt;%=txt%&gt;&lt;br&gt;
&lt;%=txt2%&gt;&lt;br&gt;
&lt;p&gt;&lt;/p&gt;
Data gathered from source: </span><span class="si">#{</span><span class="n">target_info</span><span class="p">[</span><span class="ss">:source</span><span class="p">]</span><span class="si">}</span><span class="sx">&lt;br&gt;
OS name: </span><span class="si">#{</span><span class="n">target_info</span><span class="p">[</span><span class="ss">:os_name</span><span class="p">]</span><span class="si">}</span><span class="sx">&lt;br&gt;
UA name: </span><span class="si">#{</span><span class="n">target_info</span><span class="p">[</span><span class="ss">:ua_name</span><span class="p">]</span><span class="si">}</span><span class="sx">&lt;br&gt;
UA version: </span><span class="si">#{</span><span class="n">target_info</span><span class="p">[</span><span class="ss">:ua_ver</span><span class="p">]</span><span class="si">}</span><span class="sx">&lt;br&gt;
Java version: </span><span class="si">#{</span><span class="n">target_info</span><span class="p">[</span><span class="ss">:java</span><span class="p">]</span><span class="si">}</span><span class="sx">&lt;br&gt;
Office version: </span><span class="si">#{</span><span class="n">target_info</span><span class="p">[</span><span class="ss">:office</span><span class="p">]</span><span class="si">}</span><span class="sx">
|</span>
<span class="k">return</span> <span class="n">template</span><span class="p">,</span> <span class="nb">binding</span><span class="p">()</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">on_request_exploit</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">target_info</span><span class="p">)</span>
<span class="n">send_exploit_html</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">exploit_template</span><span class="p">(</span><span class="n">target_info</span><span class="p">,</span> <span class="n">txt</span><span class="p">))</span>
<span class="k">end</span>
</code></pre></div></div><p>The BrowserExploitServer mixin also offers plenty of other things useful while crafting the exploit. For example: it can generate a target-specific payload when you call the “get_payload” method. It also gives you access to the RopDb mixin, which contains a collection of ROPs to bypass DEP (Data Execution Prevention). Make sure to check out the API documentation for more information.</p><p>To get thing started, heres a code example you can use start developing your browser exploit:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1">##</span>
<span class="c1"># This module requires Metasploit: https://metasploit.com/download</span>
<span class="c1"># Current source: https://github.com/rapid7/metasploit-framework</span>
<span class="c1">##</span>
<span class="k">class</span> <span class="nc">MetasploitModule</span> <span class="o">&lt;</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span>
<span class="no">Rank</span> <span class="o">=</span> <span class="no">NormalRanking</span>
<span class="kp">include</span> <span class="no">Msf</span><span class="o">::</span><span class="no">Exploit</span><span class="o">::</span><span class="no">Remote</span><span class="o">::</span><span class="no">BrowserExploitServer</span>
<span class="k">def</span> <span class="nf">initialize</span><span class="p">(</span><span class="n">info</span> <span class="o">=</span> <span class="p">{})</span>
<span class="k">super</span><span class="p">(</span>
<span class="n">update_info</span><span class="p">(</span>
<span class="n">info</span><span class="p">,</span>
<span class="s1">'Name'</span> <span class="o">=&gt;</span> <span class="s1">'BrowserExploitServer Example'</span><span class="p">,</span>
<span class="s1">'Description'</span> <span class="o">=&gt;</span> <span class="sx">%q{
This is an example of building a browser exploit using the BrowserExploitServer mixin
}</span><span class="p">,</span>
<span class="s1">'License'</span> <span class="o">=&gt;</span> <span class="no">MSF_LICENSE</span><span class="p">,</span>
<span class="s1">'Author'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'sinn3r'</span> <span class="p">],</span>
<span class="s1">'References'</span> <span class="o">=&gt;</span> <span class="p">[</span>
<span class="p">[</span> <span class="s1">'URL'</span><span class="p">,</span> <span class="s1">'http://metasploit.com'</span> <span class="p">]</span>
<span class="p">],</span>
<span class="s1">'Platform'</span> <span class="o">=&gt;</span> <span class="s1">'win'</span><span class="p">,</span>
<span class="s1">'BrowserRequirements'</span> <span class="o">=&gt;</span> <span class="p">{</span>
<span class="ss">source: </span><span class="sr">/script|headers/i</span>
<span class="p">},</span>
<span class="s1">'Targets'</span> <span class="o">=&gt;</span> <span class="p">[</span>
<span class="p">[</span> <span class="s1">'Automatic'</span><span class="p">,</span> <span class="p">{}</span> <span class="p">],</span>
<span class="p">[</span>
<span class="s1">'Windows XP with IE 8'</span><span class="p">,</span>
<span class="p">{</span>
<span class="s1">'os_name'</span> <span class="o">=&gt;</span> <span class="s1">'Windows XP'</span><span class="p">,</span>
<span class="s1">'ua_name'</span> <span class="o">=&gt;</span> <span class="s1">'MSIE'</span><span class="p">,</span>
<span class="s1">'ua_ver'</span> <span class="o">=&gt;</span> <span class="s1">'8.0'</span>
<span class="p">}</span>
<span class="p">],</span>
<span class="p">[</span>
<span class="s1">'Windows 7 with IE 9'</span><span class="p">,</span>
<span class="p">{</span>
<span class="s1">'os_name'</span> <span class="o">=&gt;</span> <span class="s1">'Windows 7'</span><span class="p">,</span>
<span class="s1">'ua_name'</span> <span class="o">=&gt;</span> <span class="s1">'MSIE'</span><span class="p">,</span>
<span class="s1">'ua_ver'</span> <span class="o">=&gt;</span> <span class="s1">'9.0'</span>
<span class="p">}</span>
<span class="p">]</span>
<span class="p">],</span>
<span class="s1">'Payload'</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="s1">'BadChars'</span> <span class="o">=&gt;</span> <span class="s2">"</span><span class="se">\x00</span><span class="s2">"</span> <span class="p">},</span>
<span class="s1">'DisclosureDate'</span> <span class="o">=&gt;</span> <span class="s1">'2013-04-01'</span><span class="p">,</span>
<span class="s1">'DefaultTarget'</span> <span class="o">=&gt;</span> <span class="mi">0</span>
<span class="p">)</span>
<span class="p">)</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">exploit_template</span><span class="p">(</span><span class="n">target_info</span><span class="p">)</span>
<span class="n">template</span> <span class="o">=</span> <span class="sx">%(
Data source: &lt;%=target_info[:source]%&gt;&lt;br&gt;
OS name: &lt;%=target_info[:os_name]%&gt;&lt;br&gt;
UA name: &lt;%=target_info[:ua_name]%&gt;&lt;br&gt;
UA version: &lt;%=target_info[:ua_ver]%&gt;&lt;br&gt;
Java version: &lt;%=target_info[:java]%&gt;&lt;br&gt;
Office version: &lt;%=target_info[:office]%&gt;
)</span>
<span class="k">return</span> <span class="n">template</span><span class="p">,</span> <span class="nb">binding</span>
<span class="k">end</span>
<span class="k">def</span> <span class="nf">on_request_exploit</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">_request</span><span class="p">,</span> <span class="n">target_info</span><span class="p">)</span>
<span class="n">send_exploit_html</span><span class="p">(</span><span class="n">cli</span><span class="p">,</span> <span class="n">exploit_template</span><span class="p">(</span><span class="n">target_info</span><span class="p">))</span>
<span class="k">end</span>
<span class="k">end</span>
</code></pre></div></div><h3 id="javascript-obfuscation"> <a href="#javascript-obfuscation" class="anchor-heading" aria-labelledby="javascript-obfuscation"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> JavaScript Obfuscation</h3><p>BrowserExploitServer relies on the <a href="https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/jsobfu.rb">JSObfu mixin</a> to support JavaScript obfuscation. When youre writing JavaScript, you should always write it like this:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">js</span> <span class="o">=</span> <span class="n">js_obfuscate</span><span class="p">(</span><span class="n">your_code</span><span class="p">)</span>
</code></pre></div></div><p>The <code class="language-plaintext highlighter-rouge">#js_obfuscate</code> will return a <code class="language-plaintext highlighter-rouge">Rex::Exploitation::JSObfu</code> object. To get the obfuscated JavaScript, call the <code class="language-plaintext highlighter-rouge">#to_s</code> method:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">js</span><span class="p">.</span><span class="nf">to_s</span>
</code></pre></div></div><p>If you need to access an obfuscated symbol name, you can use then <code class="language-plaintext highlighter-rouge">#sym</code> method:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Get the obfuscated version of function name test()</span>
<span class="n">var_name</span> <span class="o">=</span> <span class="n">js</span><span class="p">.</span><span class="nf">sym</span><span class="p">(</span><span class="s1">'test'</span><span class="p">)</span>
</code></pre></div></div><p>Note that by default, even though your module is calling the <code class="language-plaintext highlighter-rouge">#js_obfuscate</code> method, obfuscation will not kick in unless the user sets the JsObfuscate datastore option. This option is an OptInt, which allows you to set the number of times to obfuscate (default is 0).</p><p>If your BES-based exploit does not want obfuscation at all, always make sure you call the <code class="language-plaintext highlighter-rouge">#deregister_options</code> and remove the JsObfuscate option. Like this:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">deregister_options</span><span class="p">(</span><span class="s1">'JsObfuscate'</span><span class="p">)</span>
</code></pre></div></div><p>To learn more about Metasploits JavaScript obfuscation capabilities, please read <a href="/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html">How to obfuscate JavaScript in Metasploit</a>.</p><h3 id="related-articles"> <a href="#related-articles" class="anchor-heading" aria-labelledby="related-articles"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Related Articles:</h3><ul><li><a href="/docs/development/developing-modules/guides/how-to-write-a-browser-exploit-using-httpserver.html">How to write a browser exploit using HttpServer</a><li><a href="/docs/using-metasploit/other/information-about-unmet-browser-exploit-requirements.html">Information About Unmet Browser Exploit Requirements</a></ul><hr><footer><p><a href="#top" id="back-to-top">Back to top</a></p><p class="text-small text-grey-dk-000 mb-0"> <a href="https://github.com/rapid7/metasploit-framework/tree/master/docs/metasploit-framework.wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer.md" id="edit-this-page">Edit this page on GitHub</a></p></footer></div></div><div class="search-overlay"></div></div><script type="text/javascript" src="/assets/js/toggle_mode.js"></script> <script> var config = { theme: 'default', logLevel: 'fatal', securityLevel: 'strict', startOnLoad: true, arrowMarkerAbsolute: false, er: { diagramPadding: 20, layoutDirection: 'TB', minEntityWidth: 100, minEntityHeight: 75, entityPadding: 15, stroke: 'gray', fill: 'honeydew', fontSize: 12, useMaxWidth: true, }, flowchart:{ diagramPadding: 8, htmlLabels: true, curve: 'basis', }, sequence: { diagramMarginX: 50, diagramMarginY: 10, actorMargin: 50, width: 150, height: 65, boxMargin: 10, boxTextMargin: 5, noteMargin: 10, messageMargin: 35, messageAlign: 'center', mirrorActors: true, bottomMarginAdj: 1, useMaxWidth: true, rightAngles: false, showSequenceNumbers: false, }, gantt: { titleTopMargin: 25, barHeight: 20, barGap: 4, topPadding: 50, leftPadding: 75, fontSize: 11, gridLineStartPadding: 35, fontFamily: '\'Open Sans\', sans-serif', numberSectionStyles: 4, axisFormat: '%Y-%m-%d', topAxis: false, }, }; mermaid.initialize(config); window.mermaid.init(undefined, document.querySelectorAll('.language-mermaid')); </script>
Reference in New Issue View Git Blame Copy Permalink