- Delays in delivering data sets to Project Sonar (SNR-184) - An issue that affects Project Sonar's forward/reverse DNS studies causes delays in the delivery of data to the Sonar API and scans.io. Any process that depends on data from the forward/reverse DNS studies may experience delays of up to a week for the latest results to be available. This issue should be resolved by the end of the week (May 27, 2016).
- Fixed a redirect issue with Advantech WebAccess Dashboard (PR-6853) - A lack of normalization with the HTTP headers caused redirect issues with the Advantech WebAccess Dashboard module. This fixes the send_request_cgi redirection issue.
Features and Enhancements
- Generate JAR files with msfvenom (PR-6862) - msfvenom now supports the JAR file output format. You can generate JAR files to deliver malicious Java payloads and bypass application white lists that contain java.exe.
- Added the ability to choose the cipher used by web servers to serve SSL certificates (MS-1551 / PR-6901) - Previous versions of Metasploit Pro served SSL certificates using the RC4 cipher. The 'SSL cipher specification' option has been added so that you can choose the cipher that will be used to serve SSL certificates. This option is available when you configure the web server for a social engineering campaign.
- Added the ability to set the cipher for SSL-enabled server modules (PR-6902) - Use the 'SSLCipher' option in msfconsole to set the cipher for SSL-enabled server modules, such as BrowserAutopwn2.
- Rails Web Console V2 - Exploit an IP whitelist bypass vulnerability in the developer web console that is included with Ruby on Rails 4.0.x and 4.1.x. This module will also achieve code execution on Rails 4.2.x if the attack is launched from a whitelisted IP range.
To download the offline file for this update, go to http://updates.metasploit.com/packages/4c330c0fed3335c6d0681963b55beeaab0b900ac. bin.
PRO 4.11.7 updates to 4.11.7-2016052401