Re: HTTP Evasions not working as intended

[HD Moore <hdm () metasploit com>]

On 1/6/2012 4:11 AM, Ashish Joshi wrote:
> This doesn’t seems to be working. Is there any bug related to it. I
> checked the bug-tracker and couldn’t find a relevant one.
>
> How do I make it work. Any help would be appreciated.

It depends on the implementation of the exploit. If the developer didn't
use the built-in HTTP client API to send the exploit request, these
options, even though exposed, will not be applied. There are some cases
where the mixin that provides HTTP methods (and evasion) is included but
only a small portion is used for the exploit.

The two options are deregister evasion options that don't apply
(somewhat ugly), changing the exploit to call the evasion-enabled APIs,
or using another exploit.

The only consistent place you will see this problem are HTTP at the moment.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework