Adds support to http scanners for network capture decryption

cgranleese-r7 · cgranleese-r7 · commit cfd2eda8ab96 · 2025-04-24T11:27:18.000+01:00
diff --git a/lib/metasploit/framework/login_scanner/http.rb b/lib/metasploit/framework/login_scanner/http.rb
@@ -334,6 +334,7 @@ def create_client(opts)
           rport = opts['rport'] || port
           cli_ssl = opts['ssl'] || ssl
           cli_ssl_version = opts['ssl_version'] || ssl_version
+          cli_sslkeylogfile = opts['SSLKeyLogFile'] || sslkeylogfile
           cli_proxies = opts['proxies'] || proxies
           username = opts['credential'] ? opts['credential'].public : http_username
           password = opts['credential'] ? opts['credential'].private : http_password
@@ -357,7 +358,8 @@ def create_client(opts)
             username,
             password,
             kerberos_authenticator: kerberos_authenticator,
-            subscriber: http_logger_subscriber
+            subscriber: http_logger_subscriber,
+            sslkeylogfile: cli_sslkeylogfile
           )
           configure_http_client(cli)
 
diff --git a/lib/metasploit/framework/login_scanner/rex_socket.rb b/lib/metasploit/framework/login_scanner/rex_socket.rb
@@ -21,6 +21,9 @@ module RexSocket
           # @!attribute ssl_verify_mode
           #   @return [String] the SSL certification verification mechanism
           attr_accessor :ssl_verify_mode
+          # @!attribute sslkeylogfile
+          #   @return [String, nil] The SSL key log file path
+          attr_accessor :sslkeylogfile
           # @!attribute ssl_cipher
           #   @return [String] The SSL cipher to use for the context
           attr_accessor :ssl_cipher
diff --git a/lib/msf/core/auxiliary/login_scanner.rb b/lib/msf/core/auxiliary/login_scanner.rb
@@ -20,6 +20,7 @@ def configure_login_scanner(conf)
           proxies: datastore['Proxies'],
           stop_on_success: datastore['STOP_ON_SUCCESS'],
           bruteforce_speed: datastore['BRUTEFORCE_SPEED'],
+          sslkeylogfile: datastore['SSLKeyLogFile'],
           framework: framework,
           framework_module: self,
           local_port: datastore['CPORT'],
diff --git a/lib/rex/proto/http/client.rb b/lib/rex/proto/http/client.rb
@@ -184,7 +184,7 @@ def connect(t = -1)
             'Context' => context,
             'SSL' => ssl,
             'SSLVersion' => ssl_version,
-            'SSLKeyLogFile' => sslkeylogfile,
+            'SSLKeyLogFile' => config['SSLKeyLogFile'] || sslkeylogfile,
             'Proxies' => proxies,
             'Timeout' => timeout,
             'Comm' => comm
