Update User Agent strings December 2022

[smashery]

This is just a periodic update of the User Agents used by the framework, based on https://www.whatismybrowser.com/guides/the-latest-user-agent/

Verification

• Make sure that HTTP payloads still generate fine, and use one of the new user agents

[gwillcox-r7]

Seems to work:

msf6 payload(linux/x64/meterpreter/reverse_tcp) > use payload/linux/x64/meterpreter_reverse_http
msf6 payload(linux/x64/meterpreter_reverse_http) > show options

Module options (payload/linux/x64/meterpreter_reverse_http):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The local listener hostname
   LPORT  8080             yes       The local listener port
   LURI                    no        The HTTP Path


View the full module info with the info, or info -d command.

msf6 payload(linux/x64/meterpreter_reverse_http) > show advanced

Module advanced options (payload/linux/x64/meterpreter_reverse_http):

   Name                       Current Setting             Required  Description
   ----                       ---------------             --------  -----------
   AutoLoadStdapi             true                        yes       Automatically load the Stdapi extension
   AutoRunScript                                          no        A script to run automatically on session cre
                                                                    ation.
   AutoSystemInfo             true                        yes       Automatically capture system information on
                                                                    initialization.
   AutoUnhookProcess          false                       yes       Automatically load the unhook extension and
                                                                    unhook the process
   AutoVerifySessionTimeout   30                          no        Timeout period to wait for session validatio
                                                                    n to occur, in seconds
   EnableUnicodeEncoding      false                       yes       Automatically encode UTF-8 strings as hexade
                                                                    cimal
   HandlerSSLCert                                         no        Path to a SSL certificate in unified PEM for
                                                                    mat, ignored for HTTP transports
   HttpServerName             Apache                      no        The server header that the handler will send
                                                                     in response to requests
   HttpUnknownRequestRespons  <html><body><h1>It works!<  no        The returned HTML response body when the han
   e                          /h1></body></html>                    dler receives a request that is not from a p
                                                                    ayload
   HttpUserAgent              Mozilla/5.0 (iPad; CPU OS   no        The user-agent that the payload should use f
                              16_2 like Mac OS X) AppleW            or communication Max parameter length: 255 c
                              ebKit/605.1.15 (KHTML, lik            haracters
                              e Gecko) Version/16.1 Mobi
                              le/15E148 Safari/604.1
   IgnoreUnknownPayloads      false                       no        Whether to drop connections from payloads us
                                                                    ing unknown UUIDs
   InitialAutoRunScript                                   no        An initial script to run on session creation
                                                                     (before AutoRunScript)
   MeterpreterDebugBuild      false                       no        Use a debug version of Meterpreter
   MeterpreterDebugLogging                                no        The Meterpreter debug logging configuration,
                                                                     see https://github.com/rapid7/metasploit-fr
                                                                    amework/wiki/Meterpreter-Debugging-Meterpret
                                                                    er-Sessions
   MeterpreterTryToFork       false                       no        Fork a new process if the functionality is a
                                                                    vailable
   OverrideLHOST                                          no        When OverrideRequestHost is set, use this va
                                                                    lue as the host name for secondary requests
   OverrideLPORT                                          no        When OverrideRequestHost is set, use this va
                                                                    lue as the port number for secondary request
                                                                    s
   OverrideRequestHost        false                       no        Forces a specific host and port instead of u
                                                                    sing what the client requests, defaults to L
                                                                    HOST:LPORT
   OverrideScheme                                         no        When OverrideRequestHost is set, use this va
                                                                    lue as the scheme for secondary requests, e.
                                                                    g http or https
   PayloadProcessCommandLine                              no        The displayed command line that will be used
                                                                     by the payload
   PayloadUUIDName                                        no        A human-friendly name to reference this uniq
                                                                    ue payload (requires tracking)
   PayloadUUIDRaw                                         no        A hex string representing the raw 8-byte PUI
                                                                    D value for the UUID
   PayloadUUIDSeed                                        no        A string to use when generating the payload
                                                                    UUID (deterministic)
   PayloadUUIDTracking        false                       yes       Whether or not to automatically register gen
                                                                    erated UUIDs
   PingbackRetries            0                           yes       How many additional successful pingbacks
   PingbackSleep              30                          yes       Time (in seconds) to sleep between pingbacks
   ReverseAllowProxy          false                       yes       Allow reverse tcp even with Proxies specifie
                                                                    d. Connect back will NOT go through proxy bu
                                                                    t directly to LHOST
   ReverseListenerBindAddres                              no        The specific IP address to bind to on the lo
   s                                                                cal system
   ReverseListenerBindPort                                no        The port to bind to on the local system if d
                                                                    ifferent from LPORT
   ReverseListenerComm                                    no        The specific communication channel to use fo
                                                                    r this listener
   SessionCommunicationTimeo  300                         no        The number of seconds of no activity before
   ut                                                               this session should be killed
   SessionExpirationTimeout   604800                      no        The number of seconds before this session sh
                                                                    ould be forcibly shut down
   SessionRetryTotal          3600                        no        Number of seconds try reconnecting for on ne
                                                                    twork failure
   SessionRetryWait           10                          no        Number of seconds to wait between reconnect
                                                                    attempts
   VERBOSE                    false                       no        Enable detailed status messages
   WORKSPACE                                              no        Specify the workspace for this module


View the full module info with the info, or info -d command.

msf6 payload(linux/x64/meterpreter_reverse_http) > 

[gwillcox-r7]

msf6 payload(linux/x64/meterpreter_reverse_http) > generate -f elf -o reverse_http_self
[*] Writing 1068640 bytes to reverse_http_self...
msf6 payload(linux/x64/meterpreter_reverse_http) > to_handler
[*] Payload Handler Started as Job 0

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started HTTP reverse handler on http://127.0.0.1:8080
msf6 payload(linux/x64/meterpreter_reverse_http) > [!] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Redirecting stageless connection from /0FX4qUaFcHMAcQZzY9qKsQN3reymHW305n0OJPBe9wBWnf_v-k9xLmA8Zl0xFXU9b2lkEzySS6SLqpw1KZicUjBleOhDbYRKQ4OsgXxrH2Gbdtq4-15kIe76NB with UA 'Mozilla/5.0 (iPad; CPU OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1'
[!] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Redirecting stageless connection from /0FX4qUaFcHMAcQZzY9qKsQ--aFGUWHwuA05QGJWAay0aWI_Uxiqc8W1di0g-iLUoTHaxTwxecRce with UA 'Mozilla/5.0 (iPad; CPU OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1'
[!] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Redirecting stageless connection from /0FX4qUaFcHMAcQZzY9qKsQdsOUHyVHF with UA 'Mozilla/5.0 (iPad; CPU OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1'
[!] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Redirecting stageless connection from /0FX4qUaFcHMAcQZzY9qKsQRhYfDc with UA 'Mozilla/5.0 (iPad; CPU OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Mobile/15E148 Safari/604.1'
[!] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Without a database connected that payload UUID tracking will not work!
[*] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Attaching orphaned/stageless session...
[!] http://127.0.0.1:8080 handling request from 127.0.0.1; (UUID: 8cji5j3c) Without a database connected that payload UUID tracking will not work!
[*] Meterpreter session 1 opened (127.0.0.1:8080 -> 127.0.0.1:55140) at 2022-12-27 18:16:04 -0600
msf6 payload(linux/x64/meterpreter_reverse_http) > 

[gwillcox-r7]

Seems to be working well, will land this now.

[gwillcox-r7]

Release Notes

The list of user agent strings inside lib/rex/user_agent.rb has been updated to reflect the latest user agents as of December 2022.