|
11 | 11 | # |
12 | 12 | # The BrowserExploitServer mixin provides methods to do common tasks seen in modern browser |
13 | 13 | # exploitation, and is designed to work against common setups such as on Windows, OSX, and Linux. |
| 14 | +# Wiki documentations about this mixin can be found here: |
| 15 | +# https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer |
| 16 | +# https://github.com/rapid7/metasploit-framework/wiki/Information-About-Unmet-Browser-Exploit-Requirements |
14 | 17 | # |
15 | 18 | ### |
16 | 19 |
|
@@ -87,10 +90,28 @@ def initialize(info={}) |
87 | 90 |
|
88 | 91 | register_advanced_options([ |
89 | 92 | OptString.new('CookieName', [false, "The name of the tracking cookie", DEFAULT_COOKIE_NAME]), |
90 | | - OptString.new('CookieExpiration', [false, "Cookie expiration in years (blank=expire on exit)"]) |
| 93 | + OptString.new('CookieExpiration', [false, "Cookie expiration in years (blank=expire on exit)"]), |
| 94 | + OptString.new('Custom404', [false, "An external custom 404 URL (Example: http://example.com/404.html)"]) |
91 | 95 | ], Exploit::Remote::BrowserExploitServer) |
92 | 96 | end |
93 | 97 |
|
| 98 | + def setup |
| 99 | + custom_404 = get_custom_404_url |
| 100 | + if !custom_404.blank? && custom_404 !~ /^http/i |
| 101 | + raise Msf::OptionValidateError.new(['Custom404 (must begin with http or https)']) |
| 102 | + end |
| 103 | + super |
| 104 | + end |
| 105 | + |
| 106 | + # |
| 107 | + # Returns the custom 404 URL set by the user |
| 108 | + # |
| 109 | + # @return [String] |
| 110 | + # |
| 111 | + def get_custom_404_url |
| 112 | + datastore['Custom404'].to_s |
| 113 | + end |
| 114 | + |
94 | 115 | # |
95 | 116 | # Allows a block of code to access BES resources in a thread-safe fashion |
96 | 117 | # |
@@ -514,6 +535,7 @@ def on_request_uri(cli, request) |
514 | 535 | end |
515 | 536 |
|
516 | 537 | else |
| 538 | + print_error("Target has requested an unknown path: #{request.uri}") |
517 | 539 | send_not_found(cli) |
518 | 540 | end |
519 | 541 | end |
@@ -578,5 +600,19 @@ def js_vuln_test |
578 | 600 | end |
579 | 601 | end |
580 | 602 |
|
| 603 | + private |
| 604 | + |
| 605 | + # |
| 606 | + # Sends a 404 respons. If a custom 404 is configured, then it will redirect to that instead. |
| 607 | + # |
| 608 | + def send_not_found(cli) |
| 609 | + custom_404_url = get_custom_404_url |
| 610 | + if custom_404_url.blank? |
| 611 | + super(cli) |
| 612 | + else |
| 613 | + send_redirect(cli, custom_404_url) |
| 614 | + end |
| 615 | + end |
| 616 | + |
581 | 617 | end |
582 | 618 | end |
0 commit comments