Home page logo
/

metasploit logo Metasploit mailing list archives

Re: forking based on resolution
From: Atul Agarwal <atul () secfence com>
Date: Mon, 21 Jun 2010 00:01:12 +0530

Hello,

If the aim is only to detect the PDA usage and force the user to view the
page with a desktop, an alternative solution would be checking the user
agent via a server side script.

Example in PHP:

<?php
if(preg_match('YOUR_REGEX',$_SERVER['HTTP_USER_AGENT'])
{
print "Something convincing to switch on to a desktop";
}
else
{
header("location:path_to_exploit");
}
?>

Replace "YOUR_REGEX" by a part of the user_agent of the PDA.

The downside of this method is that you will have to blacklist or whitelist
all possible user agents, whereas in js method, the example by scriptjunkie
would work in most scenarios.

On other note, I just checked the resolution of iphone4, and it was more
than 800x600, so the resolution checking would've failed I think.

Hope it helped.

Thanks,
Atul Agarwal
Secfence Technologies


On Sun, Jun 20, 2010 at 3:17 AM, Jeffs <jeffs () speakeasy net> wrote:

Any ideas on how to fork exploits based on the resolution of a the browser?
 It seems to me this would be a great switch to have in the program so one
could deliver expolits/payloads based on the resolution:

set resolution browser

with this setting "on" a message would be displayed to the user that they
must view the page using a browser capable of > 800 x 600, thereby forcing
the user to switch from PDA to desktop/laptop.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]