bombardment of warning: URI.unescape is obsolete on terminal

[netship02]

Steps to reproduce

How'd you do it?

1. Created new session using "exploit"
2. Session is created

This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.

Expected behavior

Session should be created without lot of warnings

Current behavior

Terminal output is filled with
"/opt/metasploit/lib/rex/proto/http/request.rb:79: warning: URI.unescape is obsolete"
warrings

You might also want to check the last ~1k lines of
/opt/metasploit/apps/pro/engine/config/logs/framework.log or
~/.msf4/logs/framework.log for relevant stack traces

System stuff

blackarch installation
Ruby version : ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]

Metasploit version

Framework: 5.0.83-dev
Console : 5.0.83-dev

Get this with the version command in msfconsole (or git log -1 --pretty=oneline for a source install).

I installed Metasploit with:

black arch installation
Ruby version : ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]

OS

What OS are you running Metasploit on?
Blackarch

[adfoster-r7]

This issue is caused by using Ruby 2.7 - and does not occur with Ruby 2.6. A code fix is required in Metasploit's codebase to remove this warning message for Ruby 2.7

A workaround is to downgrade your Ruby version to 2.6, or there are some documented work arounds for Ruby 2.7 warnings within #12809

[gwillcox-r7]

Going to close this issue as @adfoster-r7 has determined that Ruby 2.7 is the reason these errors appear and Metasploit currently doesn't support Ruby 2.7. Work is ongoing to add support in for Ruby 2.7 however. If you feel this issue was closed in error @netship02, feel free to comment below and ping me or @adfoster-r7 and one of us should be around to answer any questions.

[athul4554]

iam using ruby2.6.6 but still facing the same error

[gwillcox-r7]

@athul4554 Which module are you using? I don't have enough details right now to replicate your issue.

[athul4554]

I was using metasploit ... To gather information from another system .... But when the target system connects to my kalilinux these warning are coming ...I don't know why ... I have downgrade the ruby to 2.6.6 but now bundler error is occuring when using msfconsole

[adfoster-r7]

@gwillcox-r7 It's an error that occurs when using Ruby 2.7 with any module that makes calls to the Ruby URI.unescape method, in this scenario It believe it's a http/https meterpreter.

This isn't an issue that can be fixed by an end user, other than changing their Ruby version or suppressing warnings. There's more context on the Ruby specifics here

I'll reopen this ticket and assign it to myself until the functionality is fixed 👍

[athul4554]

[athul4554]

So there is nothing I can do now as a user right?

[gwillcox-r7]

@athul4554 See @afoster-r7's response above, specifically this line:

This isn't an issue that can be fixed by an end user, other than changing their Ruby version or suppressing warnings. There's more context on the Ruby specifics here

So you can temporarily fix it by switching Ruby versions, but otherwise no, this is something @afoster-r7 or one of his team members will need to fix.

[athul4554]

Thankyou for your quick response

[adfoster-r7]

This issue is now fixed in version 5.0.87 of Metasploit

[Hackitfree]

How do i update to 5.0.87 please ? Do I have to compile from source code?

[bcoles]

How do i update to 5.0.87 please ? Do I have to compile from source code?

Metasploit updates are available through the usual update channels.

If you're using Metasploit from the git repository, you can simply git pull.

If you've installed Metasploit using an operating system package manager, you'll need to wait until the package maintainer pushes an updated package.

msfupdate can be used to update Metasploit.

[d00mv1p3r]

I ran into the same problem and resolved it by executing the following:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

Source: https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

[thewb]

Workaround:
I'm on a project and my Kali instance has no internet connection so making a lot of changes suggested here won't work. However WHAT WILL WORK is start msfconsole and redirect stderr to /dev/null

kali# msfconsole 2>/dev/null

[adfoster-r7]

@thewb This should be fixed with the latest Metasploit version