add mettle support for custom headers

Author: busterb

Gemfile.lock

@@ -19,7 +19,7 @@ PATH
       metasploit-model
       metasploit-payloads (= 1.3.15)
       metasploit_data_models
-      metasploit_payloads-mettle (= 0.2.5)
+      metasploit_payloads-mettle (= 0.2.8)
       msgpack
       nessus_rest
       net-ssh
@@ -189,7 +189,7 @@ GEM
       postgres_ext
       railties (~> 4.2.6)
       recog (~> 2.0)
-    metasploit_payloads-mettle (0.2.5)
+    metasploit_payloads-mettle (0.2.8)
     method_source (0.9.0)
     mini_portile2 (2.3.0)
     minitest (5.10.3)

lib/msf/base/sessions/mettle_config.rb

@@ -27,6 +27,10 @@ def generate_uri(opts={})
         generate_uri_uuid_mode(:init_connect, uri_req_len, uuid: opts[:uuid])
       end
 
+      def generate_uri_option(opts, opt)
+        opts[opt] ? "--#{opt} '#{opts[opt].gsub(/'/, "\\'")}' " : ''
+      end
+
       def generate_http_uri(opts)
         if Rex::Socket.is_ipv6?(opts[:lhost])
           target_uri = "#{opts[:scheme]}://[#{opts[:lhost]}]"
@@ -38,7 +42,15 @@ def generate_http_uri(opts)
         target_uri << opts[:lport].to_s
         target_uri << luri
         target_uri << generate_uri(opts)
-        target_uri
+        target_uri << '|'
+        target_uri << generate_uri_option(opts, :ua)
+        target_uri << generate_uri_option(opts, :host)
+        target_uri << generate_uri_option(opts, :referer)
+        if opts[:cookie]
+          opts[:header] = "Cookie: #{opts[:cookie]}"
+          target_uri << generate_uri_option(opts, :header)
+        end
+        target_uri.strip
       end
 
       def generate_tcp_uri(opts)
@@ -57,14 +69,11 @@ def generate_config(opts={})
 
         case opts[:scheme]
         when 'http'
-          transport = transport_config_reverse_http(opts)
-          opts[:uri] = generate_http_uri(transport)
+          opts[:uri] = generate_http_uri(transport_config_reverse_http(opts))
         when 'https'
-          transport = transport_config_reverse_https(opts)
-          opts[:uri] = generate_http_uri(transport)
+          opts[:uri] = generate_http_uri(transport_config_reverse_https(opts))
         when 'tcp'
-          transport = transport_config_reverse_tcp(opts)
-          opts[:uri] = generate_tcp_uri(transport)
+          opts[:uri] = generate_tcp_uri(transport_config_reverse_tcp(opts))
         else
           raise ArgumentError, "Unknown scheme: #{opts[:scheme]}"
         end
@@ -74,7 +83,7 @@ def generate_config(opts={})
         unless opts[:stageless] == true
           guid = [SecureRandom.uuid.gsub(/-/, '')].pack('H*')
         end
-        opts[:session_guid] = Base64.encode64(guid)
+        opts[:session_guid] = Base64.encode64(guid).strip
 
         opts.slice(:uuid, :session_guid, :uri, :debug, :log_file)
       end

lib/msf/core/payload/transport_config.rb

@@ -66,6 +66,9 @@ def transport_config_reverse_http(opts={})
       proxy_type:      ds['HttpProxyType'],
       proxy_user:      ds['HttpProxyUser'],
       proxy_pass:      ds['HttpProxyPass'],
+      host:            ds['HttpHostHeader'],
+      cookie:          ds['HttpCookie'],
+      referer:         ds['HttpReferer'],
       custom_headers:  get_custom_headers(ds)
     }.merge(timeout_config(opts))
   end

metasploit-framework.gemspec

@@ -72,7 +72,7 @@ Gem::Specification.new do |spec|
   # Needed for Meterpreter
   spec.add_runtime_dependency 'metasploit-payloads', '1.3.15'
   # Needed for the next-generation POSIX Meterpreter
-  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.2.5'
+  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.2.8'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # get list of network interfaces, like eth* from OS.

modules/payloads/singles/linux/aarch64/meterpreter_reverse_http.rb

@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 692384
+  CachedSize = 693880
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/aarch64/meterpreter_reverse_https.rb

@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 692384
+  CachedSize = 693880
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/aarch64/meterpreter_reverse_tcp.rb

@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 692384
+  CachedSize = 693880
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/armbe/meterpreter_reverse_http.rb

@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 678568
+  CachedSize = 682608
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/armbe/meterpreter_reverse_https.rb

@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 678568
+  CachedSize = 682608
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions

modules/payloads/singles/linux/armbe/meterpreter_reverse_tcp.rb

@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 678568
+  CachedSize = 682608
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions