-
Notifications
You must be signed in to change notification settings - Fork 29
Advanced options
The framework has a few features or advanced options included which, are intended to make setting options easier. The options we are talking about are UA, LFILE, CONTENT and RURLS. All options have tab completion. Lets discuss.
Example of show lfiles:
wXf //> show lfiles
Local Files
===========
Name Description
---- -----------
datum.rb
payloads/ANDROID/android_shell.html
payloads/RFI/PHP/cmd_single.txt
payloads/XSS/alert.js
wXf.db
wordlists/dir_traversal_strings.txt
wordlists/dir_traversal_strings_indexhtml_nix.txt
wordlists/dir_traversal_strings_indexhtml_win.txt
LFILE(s) are files that are stored under the datum directory of wXf. If you put a file under datum and start/restart the console, it will show up in the list of available LFILE(s). This helps when you may have a wordlist or something else that you require access to from the console. If you are working inside of a module that has LFILE as an option and you'd like to see available LFILE(s), type show lfiles. When you've found the module you'd like to use, set it.
Example of show rurls:
wXf //> show rurls
Rurl(s) Files
=============
Name
----
test.txt
Much like LFILES, RURLS are just files stored under the rurls directory of wXf. If you place a file under this directory wXf and start the console it will show up when you type show rurls. If a module has RURLS as an option, the file is accessible as an option to set along with tab completion. Additionally, for your convenience, the console won't show the full path to the file and we won't ask you to type it in. All that work is internalized so that you can focus on better things :-).
Example of show ua:
wXf //> show ua
User-Agents
===========
Id User-Agent
-- ----------
1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
2 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
3 Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6
4 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; de-at) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4
Safari/531.21.10
5 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
6 Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4a) Gecko/20030401
7 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624
8 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.1) Gecko/20100122 firefox/3.6.1
9 Mozilla/5.0 (compatible; Konqueror/3; Linux)
10 Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C28
Safari/419.3
UA or User-Agents are a list of available User Agents identified by a number. Instead of typing...
(NOTE: THIS IS THE INCORRECT WAY TO DO THIS)
set UA Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
type:
(NOTE: THIS WOULD BE THE RIGHT WAY)
set UA 5
Example of show content:
wXf //> show content
Content-Types
=============
Id Content-Type
-- ------------
1 application/x-www-form-urlencoded
2 application/EDI-X12
3 application/EDIFACT
4 application/javascript
5 application/octet-stream
6 application/ogg
7 application/pdf
8 application/xhtml+xml
9 application/xml-dtd
10 application/json
11 application/zip
12 audio/basic
13 audio/mp4
14 audio/mpeg
15 audio/ogg
16 audio/vorbis
17 audio/x-ms-wma
18 audio/vnd.rn-realaudio
19 audio/vnd.wave
20 image/gif
21 image/jpeg
22 image/png
23 image/svg+xml
24 image/tiff
25 image/vnd.microsoft.icon
26 message/http
27 multipart/mixed
28 multipart/alternative
29 multipart/related
30 multipart/form-data
31 multipart/signed
32 multipart/encrypted
33 text/css
34 text/csv
35 text/html
36 text/javascript
37 application/javascript
38 text/plain
39 text/xml
This is similar to UA only we are specifying the id for the Content-Type. Note to developers, when passing this into mech_req make sure you use
mech_req({
'HEADERS' => {'Content-Type' => datahash['CONTENT']}
})
UA is passed directly
mech_req({
'UA' => datahash['UA']
})