metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

MetasploitModule#test_misfortune

To test for this vulnerability, we must first find a URI known to return
a 404 (not found) which we will use as a canary.  This URI (for example,
/foo) is then taken and used as the value for a carefully crafted cookie
when making a request to the configured host+port+uri.  If the response
is a 404 and the body includes the canary, it is likely that the cookie
overwrote RomPager's concept of the requested URI, indicating that it is
vulnerable.

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-MetasploitModule-test_misfortune-for-pr

# Commit to git

git add modules/auxiliary/scanner/http/allegro_rompager_misfortune_cookie.rbgit commit -m "better docs for MetasploitModule#test_misfortune"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-MetasploitModule-test_misfortune-for-pr

hub pull-request

# Celebrate!