Ensure Windows x64 Meterpreter HTTP/S Payloads Include the User Agent Header #19726
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pczinser
changed the title
pczinser
changed the title
pczinser
changed the title
|
Thanks pczinser! From initial look, everything seems okay. Not sure why reverse_http is not the same for |
msutovsky-r7
approved these changes
Dec 16, 2024
Release NotesThe reverse HTTP and HTTPS Meterpreter x64 payloads now correctly set the User-Agent HTTP header when connecting back to Metasploit. Before this fix, the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This code addresses an issue in the Windows x64 meterpreter staged reverse http, and by extension https, payload. These payloads do not make use of the HttpUserAgent option when it makes it's request to a listener e.g msf's exploit multi/handler. I have put a simple check in the inline assembly to include the User Agent if it is set. There is a default user agent for the payload so the default behavior of this payload will be to make requests with a user agent of
Mozilla/5.0 (Windows NT 10 .0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0if no User Agent is desired simplyset HttpUserAgent ""and the payload will not include a User Agent.I encountered this issue organically but it seems to have been identified in #15886
Verification
List the steps needed to make sure this thing works
msfconsoleuse payload/windows/x64/meterpreter/reverse_httpset LHOST 127.0.0.1set LPORT 8080set HttpUserAgent verified123generate -f exe -o payload.exebelow are some screenshots of my testing,
current behavior:
fixed behavior:
