Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple feature requests for BrowserExploitServer #3939

Closed
todb-r7 opened this issue Oct 2, 2014 · 2 comments
Closed

Multiple feature requests for BrowserExploitServer #3939

todb-r7 opened this issue Oct 2, 2014 · 2 comments
Labels
feature library module

Comments

@todb-r7
Copy link

todb-r7 commented Oct 2, 2014

This issue was RM8683, originally filed by by @wchen-r7

  • Having some sort of browser session manager, basically we extract the profile feature from BrowserExploitServer and turn it to a mixin. @jvennix-r7 has a PoC for this, can find it here: https://github.com/jvennix-r7/metasploit-framework/compare/browsersessionstore
  • Javascript Snippets as a mixin, which allows you to chain Javascripts. This is also @jvennix-r7's cool idea. His PoC for this can be found here: https://gist.github.com/anonymous/4a78034f7539b68fe94c
  • Being able to import ERB templates and run them as exploits. @jvazquez-r7 really likes this, but the actual implementation is still unclear.
  • Chaining callbacks. @jvazquez-r7's idea. Basically the module can tell the mixin a chain of methods to call during exploitation, and then use the mixin's "profile" feature to store/share data. I'm still thinking how to actually implement this, because this kind of touches @jvennix-r7's browser session manager. Feels like this will conflict how Joe wants to design his stuff.
  • Being able to pass the browser's user-agent to the payload, so payloads like windows/meterpreter/reverse_http(s) can reuse the user-agent. @jlee-r7's idea. He tried to explain to me how to properly implement this, but he lost me when he started talking about rewriting stuff.
  • Add detection code for Adobe Flash. Already found the JS lib, tested by Joev and got the green light from @todb-r7, so I think this can go in pretty quick.
  • The detection stage is repeated if a module wants to use BrowserExploitServer and support Browser Autopwn. I'm still looking for some feedback how we should deal with this.
  • Webdav.
  • Add support to detect multiple ActiveX controls/methods
  • Add support for Java (specifically: payload generation, and maybe exploit applet packaging?)
  • Add support for manual target selection (check datastore['TARGET'] and DefaultTarget)

@wchen-r7 later added:

Adobe Detection:
#3156

Java Detection (I can't remember which PR landed it):
In https://github.com/rapid7/metasploit-framework/blob/master/data/js/detect/misc_addons.js
@wchen-r7
Copy link
Contributor

wchen-r7 commented Oct 3, 2014

When I went through all the bugs, I suggested this one should close. It's more of a road map and it's not suitable as an issue.

@wchen-r7
Copy link
Contributor

wchen-r7 commented Oct 3, 2014

I've moved this to sploits and I am closing this.

If you think this ticket should remain open, feel free to reopen.

@wchen-r7 wchen-r7 closed this as completed Oct 3, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature library module
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@todb-r7 @wchen-r7