To conduct a browser exploitation attack, we will use the browser_autopwn module in Metasploit, as shown in the following screenshot:
We can see we loaded the browser_autopwn module residing at auxiliary/server/browser_autpown2 successfully in Metasploit. To launch the attack, we need to specify LHOST, URIPATH, and SRVPORT. SRVPORT is the port on which our exploit server base will run. It is recommended to use port 80 or 443, since the addition of port numbers to the URL catch many eyes and looks fishy. URIPATH is the directory path for the various exploits, and should be kept in the root ...