CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/gather/browser_info.rb
Views: 11623
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Exploit::Remote::BrowserExploitServer

8


9
  def initialize(info={})

10
    super(update_info(info,

11
      'Name'           => "HTTP Client Information Gather",

12
      'Description'    => %q{

13
        This module gathers information about a browser that exploits might be interested in, such

14
        as OS name, browser version, plugins, etc. By default, the module will return a fake 404,

15
        but you can customize this output by changing the Custom404 datastore option, and

16
        redirect to an external web page.

17
      },

18
      'License'        => MSF_LICENSE,

19
      'Author'         => [ 'sinn3r' ],

20
      'DisclosureDate' => '2016-03-22',

21
      'Actions'     =>

22
        [

23
          [

24
            'WebServer',

25
              'Description' => 'A web server that collects information about the browser.'

26
          ]

27
        ],

28
      'PassiveActions' => [ 'WebServer' ],

29
      'DefaultAction'  => 'WebServer'

30
    ))

31
  end

32


33
  def is_key_wanted?(key)

34
    ![:module, :created_at, :tried, :vuln_test, :address].include?(key)

35
  end

36


37
  def is_value_wanted?(value)

38
    !(value.nil? || value =~ /^undefined|false/ || !value)

39
  end

40


41
  def ignore_items!(target_info)

42
    target_info.delete_if do |key, value|

43
      !is_key_wanted?(key) || !is_value_wanted?(value)

44
    end

45
  end

46


47
  def report_host_info(target_info)

48
    opts = { host: target_info[:address] }

49
    opts.merge!(target_info)

50
    report_host(opts)

51
  end

52


53
  def translate_script_meaning(value)

54
    case value

55
    when 'script'

56
      'Browser allows JavaScript'

57
    when 'headers'

58
      'Browser does not allow JavaScript'

59
    end

60
  end

61


62
  def print_target_info(cli, target_info)

63
    print_good("#{cli.peerhost} - We have found the following interesting information:")

64
    report_host_info(target_info)

65
    ignore_items!(target_info)

66
    target_info.each_pair do |key, value|

67
      if key == :source

68
        value = translate_script_meaning(value)

69
      end

70
      print_status("#{cli.peerhost} - #{key} = #{value}")

71
    end

72
  end

73


74
  def on_request_exploit(cli, req, target_info)

75
    print_target_info(cli, target_info)

76
    send_response(cli, '')

77
  end

78


79
  def run

80
    exploit

81
  end

82
end

83


84