Authentication Capture: HTTP

This module provides a fake HTTP service that is designed to capture authentication credentials.

Search Other Modules

Rank

Normal

Authors

ddz < ddz [at] theta44.org >
hdm < hdm [at] metasploit.com >

Development

Similar Modules

Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/server/capture/http
msf auxiliary(http) > run

Module Options

AUTOPWN_HOST	The IP address of the browser_autopwn service
AUTOPWN_PORT	The SRVPORT port of the browser_autopwn service
AUTOPWN_URI	The URIPATH of the browser_autopwn service
FORMSDIR	The directory containing form snippets (example.com.txt) (default: /home/svn/jobs/msf3/data/exploits/capture/http/forms)
SITELIST	The list of URLs that should be used for cookie capture (default: /home/svn/jobs/msf3/data/exploits/capture/http/sites.txt)
SRVHOST	The local host to listen on. This must be an address on the local machine or 0.0.0.0 (default: 0.0.0.0)
SRVPORT	The local port to listen on. (default: 80)
SSL	Negotiate SSL for incoming connections
SSLCert	Path to a custom SSL certificate (default is randomly generated)
SSLVersion	Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) (default: SSL3)
TEMPLATE	The HTML template to serve in responses (default: /home/svn/jobs/msf3/data/exploits/capture/http/index.html)
ListenerComm	The specific communication channel to use for this service
VERBOSE	Enable detailed status messages
WORKSPACE	Specify the workspace for this module
TCP::max_send_size	Maximum tcp segment size. (0 = disable)
TCP::send_delay	Delays inserted before every send. (0 = disable)