Add max timeout

Author: jvazquez-r7

lib/msf/core/exploit/remote/browser_exploit_server.rb

@@ -388,9 +388,6 @@ def get_detection_html(user_agent)
       <%= js_misc_addons_detect %>
       <%= js_ie_addons_detect if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %>
 
-      var flash_version = "";
-      var do_flash_loop = true;
-
       function objToQuery(obj) {
         var q = [];
         for (var key in obj) {
@@ -410,11 +407,19 @@ def get_detection_html(user_agent)
         });
       }
 
+      var flashVersion = "";
+      var doFlashLoop = true;
+      var maxTimeout = null;
+
       function setFlashVersion(ver) {
         console.log('called! :) ' + ver)
-        flash_version = ver
-        do_flash_loop = false
-        console.log('flash version after set_version: ' + flash_version)
+        flashVersion = ver
+        doFlashLoop = false
+        if (maxTimeout != null) {
+          clearTimeout(maxTimeout);
+          maxTimeout = null
+        }
+        console.log('flash version after set_version: ' + flashVersion)
         return;
       }
 
@@ -483,23 +488,25 @@ def get_detection_html(user_agent)
         <% end %>
 
         if (d["flash"] != null && (d["flash"].match(/[\\d]+.[\\d]+.[\\d]+.[\\d]+/)) == null) {
-          alert('flash detection!')
-          // Load SWF for accurate Flash detection
-          // This SWF needs to send the Flash version info as a POST request to BES sort of like this:
+          alert('flash detection!');
           var flashObject = createFlashObject('<%=get_resource.chomp("/")%>/<%=@flash_swf%>', {width: 1, height: 1}, {allowScriptAccess: 'always', Play: 'True'});
 
+          // After 5s stop waiting and use the version retrieved with JS
+          maxTimeout = setTimeout(function(){ doFlashLoop = false }, 5000);
+
+          // Check every 100 ms
           (function loop(){
-            console.log('loop: ' + flash_version)
+            console.log('loop: ' + flashVersion)
             setTimeout(function(){
-              if (do_flash_loop) {
+              if (doFlashLoop) {
                 loop()
               }
-              console.log('finally: ' + flash_version)
-              if (!isEmpty(flash_version)) {
-                d["flash"] = flash_version
+              console.log('finally: ' + flashVersion)
+              if (!isEmpty(flashVersion)) {
+                d["flash"] = flashVersion
               }
               sendInfo(d)
-            }, 1000);
+            }, 100);
           })();
 
           document.body.appendChild(flashObject)
@@ -573,7 +580,7 @@ def on_request_uri(cli, request)
         vprint_status("Sending SWF used for Flash detection")
         swf = load_swf_detection
         send_response(cli, swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})
-        
+
       when /#{@info_receiver_page}/
         #
         # The detection code will hit this if Javascript is enabled