Fix rapid7#8675, Add Cache-Control header, also meta tag for BAP2

wchen-r7 · wchen-r7 · commit 50b1ec4044a6 · 2017-07-10T16:05:09.000-05:00
Hopefully that browsers will respect this. Fix rapid7#8675
diff --git a/lib/msf/core/exploit/browser_autopwn2.rb b/lib/msf/core/exploit/browser_autopwn2.rb
@@ -810,6 +810,7 @@ def build_html(cli, request)
 
       %Q|<html>
       <head>
+      <meta http-equiv="cache-control" content="no-cache" />
       <script>
       #{js}
       </script>
diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb
@@ -32,6 +32,7 @@ def initialize(info = {})
 
     register_evasion_options(
       [
+        OptBool.new('HTTP::no_cache', [false, 'Disallow the browser to cache HTTP content', false]),
         OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', false]),
         OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', false]),
         OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', false]),
@@ -558,6 +559,10 @@ def send_response(cli, body, headers = {})
       response.headers.junk_headers = 1
     end
 
+    if datastore['HTTP::no_cache']
+      response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate'
+    end
+
     headers.each_pair { |k,v| response[k] = v }
 
     cli.send_response(response)
diff --git a/modules/auxiliary/gather/browser_info.rb b/modules/auxiliary/gather/browser_info.rb
@@ -74,7 +74,7 @@ def print_target_info(cli, target_info)
 
   def on_request_exploit(cli, req, target_info)
     print_target_info(cli, target_info)
-    send_not_found(cli)
+    send_response(cli, '')
   end
 
   def run
