Bypass: Metasploit OS detection

mrjefftang · mrjefftang · commit e3f613ecc641 · 2017-02-23T15:42:04.000-05:00
SEP is triggering on HTTP POSTs which start with `os_name`
diff --git a/lib/msf/core/exploit/remote/browser_exploit_server.rb b/lib/msf/core/exploit/remote/browser_exploit_server.rb
@@ -430,7 +430,6 @@ def get_detection_html(user_agent)
       window.onload = function() {
         var osInfo = os_detect.getVersion();
         var d = {
-          "os_name"     : osInfo.os_name,
           "os_vendor"   : osInfo.os_vendor,
           "os_device"   : osInfo.os_device,
           "ua_name"     : osInfo.ua_name,
@@ -439,7 +438,8 @@ def get_detection_html(user_agent)
           "java"        : misc_addons_detect.getJavaVersion(),
           "silverlight" : misc_addons_detect.hasSilverlight(),
           "flash"       : misc_addons_detect.getFlashVersion(),
-          "vuln_test"   : <%= js_vuln_test %>
+          "vuln_test"   : <%= js_vuln_test %>,
+          "os_name"     : osInfo.os_name
         };
 
         <% if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %>
