Posted on Leave a comment

HTTP client information gathering with Metasploit

Good morning friends. Hope you are doing well. Today we are going to see HTTP client information gathering exploit of Metasploit. As the name explains, this exploit gathers information about our target’s browser which may be useful to us in further exploiting the system. We get information like  OS name, browser version, plugins, etc. Let us see how this exploit works. Start Metasploit and load the exploit as shown below.

This exploit will run a server on the attacker system( here Kali rolling ). So SRVhost IP address should be Kali’s IP address. The port can be default or it can be set to 80 as I have done.

Run the exploit as shown below. It will start a server as shown below. Now we need to send this link to our victim’s.

When the victim clicks on the link, he will be shown a 404 error as shown below.

In the meantime, we will be getting the target information. Given below are the information we gathered from three browsers, Chrome,

Firefox

and Internet explorer.

We got information like target OS, browser info along with its version, architecture etc. The most valuable info from this can be the OS of our target, the knowledge we can use in choosing our exploits to hack it. Happy hacking.