Add CookieExpiration option, add trailing slash to URI.

joevennix · joevennix · commit c07f3903827a · 2014-03-10T13:07:17.000-05:00
diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@@ -79,7 +79,8 @@ def initialize(info={})
       ], Exploit::Remote::BrowserExploitServer)
 
       register_advanced_options([
-        OptString.new('CookieName', [false,  "The name of the tracking cookie", DEFAULT_COOKIE_NAME])
+        OptString.new('CookieName', [false,  "The name of the tracking cookie", DEFAULT_COOKIE_NAME]),
+        OptString.new('CookieExpiration', [false,  "Cookie expiration in years (blank=expire on exit)"])
       ], Exploit::Remote::BrowserExploitServer)
     end
 
@@ -98,7 +99,7 @@ def sync(&block)
     # @return [String] URI to the exploit page
     #
     def get_module_resource
-      "#{get_resource.chomp("/")}/#{@exploit_receiver_page}"
+      "#{get_resource.chomp("/")}/#{@exploit_receiver_page}/"
     end
 
     #
@@ -403,7 +404,7 @@ def get_detection_html(user_agent)
       </script>
       <noscript>
       <img style="visibility:hidden" src="#{get_resource.chomp("/")}/#{@noscript_receiver_page}/">
-      <meta http-equiv="refresh" content="1; url=#{get_resource.chomp("/")}/#{@exploit_receiver_page}/">
+      <meta http-equiv="refresh" content="1; url=#{get_module_resource}">
       </noscript>
       |
     end
@@ -414,8 +415,13 @@ def cookie_name
     end
 
     def cookie_header(tag)
-      expires = (DateTime.now + 365*20).to_time.strftime("%a, %d %b %Y 12:00:00 GMT")
-      "#{cookie_name}=#{tag}; Expires=#{expires};"
+      cookie = "#{cookie_name}=#{tag};"
+      if datastore['CookieExpiration'].present?
+        expires_date = (DateTime.now + 365*datastore['CookieExpiration'].to_i)
+        expires_str  = expires_date.to_time.strftime("%a, %d %b %Y 12:00:00 GMT")
+        cookie << " Expires=#{expires};"
+      end
+      cookie
     end
 
     #
@@ -431,7 +437,7 @@ def on_request_uri(cli, request)
         # This is the information gathering stage
         #
         if get_profile(retrieve_tag(cli, request))
-          send_redirect(cli, "#{get_resource.chomp("/")}/#{@exploit_receiver_page}")
+          send_redirect(cli, get_module_resource)
           return
         end
 
