From 8bb6608b94e2ec255a1bddd3cce036180c35c646 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=ADas=20A=2E=20R=C3=A9=20Medina?= <aereal@gmail.com>
Date: Wed, 8 Jun 2016 19:21:36 -0300
Subject: [PATCH] Added 'useragent' explanation to readme and updated changes.

---
 README.md           | 2 ++
 docs/CHANGES        | 2 ++
 modules/sparkle2.pm | 5 ++---
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 95a8397..7a362b3 100644
--- a/README.md
+++ b/README.md
@@ -619,6 +619,8 @@ will fill out for you (agentmd5, agentsha256, and agentsize) that can't be done
                 . "Content-Length: 0 \r\n"
                 . "Connection: close \r\n\r\n",
         },
+
+7) To filter via User-Agent, use as an example the Sparkle2 module. In base add  'useragent' => 'true', and on a request use as you would use the 'req' field but for user agents in 'useragent'. Note that this field already stripped "User-Agent: ".
 ```
 
 ## .:: [REQUIREMENTS] ::.
diff --git a/docs/CHANGES b/docs/CHANGES
index 797c932..7a6e220 100755
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -6,6 +6,8 @@ Version 2.0.8 - 08-06-2016
 - Added a 2 new configuration variables <%URL_FILE%> and <%URL_FILE_EXT%>
 - ACER Care Center Live Update module added
 - OpenBazaar module added
+- Sparkle module generic exploitation added
+- Extended filtering of requests via useragent too. 
 
 Version 2.0.7 - 03-06-2016
 --------------------------
diff --git a/modules/sparkle2.pm b/modules/sparkle2.pm
index 14ff101..9b31bf3 100644
--- a/modules/sparkle2.pm
+++ b/modules/sparkle2.pm
@@ -6,7 +6,6 @@
 # Info:
 # https://vulnsec.com/2016/osx-apps-vulnerabilities/
 # Credits to @radekk
-# This module
 #
 # This file is part of isr-evilgrade, www.infobytesec.com .
 #
@@ -38,11 +37,11 @@ my $base = {
     'version'     => '1.0',
     'appver'      => 'All',
     'author'      => ['Matias Ariel Re Medina <mre[at]infobytesec[dot]com>'],
-    'description' => qq{},
+    'description' => qq{Sparkle },
     # 'vh'          => '', #(sequelpro.com)', # |adiumx.cachefly.net|download.panic.com|iterm2.com|github.com,
     'useragent' => 'true',
     'request'     => [
-        {   'req'    => 'testing', #match Sparkle header,
+        {   'req'    => '.*', #match Sparkle header,
             'useragent' => 'Sparkle',
             'agent' => '',
             'type'   => 'string',                  #file|string|agent|install