Metasploit mailing list archives
Re: HTTP Evasions not working as intended
From: HD Moore <hdm () metasploit com>
Date: Sat, 07 Jan 2012 02:46:06 -0600
On 1/6/2012 4:11 AM, Ashish Joshi wrote:
This doesn’t seems to be working. Is there any bug related to it. I checked the bug-tracker and couldn’t find a relevant one. How do I make it work. Any help would be appreciated.
It depends on the implementation of the exploit. If the developer didn't use the built-in HTTP client API to send the exploit request, these options, even though exposed, will not be applied. There are some cases where the mixin that provides HTTP methods (and evasion) is included but only a small portion is used for the exploit. The two options are deregister evasion options that don't apply (somewhat ugly), changing the exploit to call the evasion-enabled APIs, or using another exploit. The only consistent place you will see this problem are HTTP at the moment. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- HTTP Evasions not working as intended Ashish Joshi (Jan 06)
- Re: HTTP Evasions not working as intended egypt (Jan 06)
- Re: HTTP Evasions not working as intended HD Moore (Jan 07)