Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed unuseful Mutexes, refactored all the ugly 'exception-oriented' code that was using WebRick BadRequest, added config.yaml option to enable verbose debugging logs of Thin

Browse Source
This commit is contained in:
antisnatchor
2011-11-19 18:02:41 +01:00
parent 7e6c4932d3
commit 05d06bb94e
25 changed files with 479 additions and 534 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config.yaml
View File

@@ -27,6 +27,7 @@ beef:
permitted_ui_subnet: "0.0.0.0/0"
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# if running behind a nat set the public ip address here

1
core/filters/base.rb
View File

@@ -114,6 +114,7 @@ module Filters
# @return [Boolean] If the string is a valid IP address
# @note only IPv4 compliant
def self.is_valid_ip?(ip)
return false if not is_non_empty_string?(ip)
return true if ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
false
end

14
core/main/command.rb
View File

@@ -122,17 +122,17 @@ module Core
# get, check and add the http_params to the datastore
http_params.keys.each { |http_params_key|
raise WEBrick::HTTPStatus::BadRequest, "http_params_key is invalid" if not BeEF::Filters.is_valid_command_module_datastore_key?(http_params_key)
(print_error 'http_params_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_params_key)
http_params_value = Erubis::XmlHelper.escape_xml(http_params[http_params_key])
raise WEBrick::HTTPStatus::BadRequest, "http_params_value is invalid" if not BeEF::Filters.is_valid_command_module_datastore_param?(http_params_value)
(print_error 'http_params_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_params_value)
@datastore[http_params_key] = http_params_value # add the checked key and value to the datastore
}
# get, check and add the http_headers to the datastore
http_headers.keys.each { |http_header_key|
raise WEBrick::HTTPStatus::BadRequest, "http_header_key is invalid" if not BeEF::Filters.is_valid_command_module_datastore_key?(http_header_key)
(print_error 'http_header_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_header_key)
http_header_value = Erubis::XmlHelper.escape_xml(http_headers[http_header_key][0])
raise WEBrick::HTTPStatus::BadRequest, "http_header_value is invalid" if not BeEF::Filters.is_valid_command_module_datastore_param?(http_header_value)
(print_error 'http_header_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_header_value)
@datastore['http_headers'][http_header_key] = http_header_value # add the checked key and value to the datastore
}
end
@@ -141,7 +141,7 @@ module Core
# @return [String] The command output
def output
f = @path+'command.js'
raise WEBrick::HTTPStatus::BadRequest, "#{f} file does not exist" if not File.exists? f
(print_error "#{f} file does not exist";return) if not File.exists? f
command = BeEF::Core::Models::Command.first(:id => @command_id)
@@ -164,8 +164,8 @@ module Core
# Saves the results received from the hooked browser
# @param [Hash] results Results from hooked browser
def save(results);
@results = results;
def save(results)
@results = results
end
# If nothing else than the file is specified, the function will map the file to a random path without any extension.

20
core/main/handlers/commands.rb
View File

@@ -22,7 +22,6 @@ module Handlers
include BeEF::Core::Handlers::Modules::BeEFJS
include BeEF::Core::Handlers::Modules::Command
attr_reader :guard
@data = {}
# Handles command data
@@ -30,7 +29,6 @@ module Handlers
# @param [Class] kclass Class of command
# @todo Confirm argument data variable type.
def initialize(data, kclass)
@guard = Mutex.new
@kclass = BeEF::Core::Command.const_get(kclass.capitalize)
@data = data
setup()
@@ -38,22 +36,24 @@ module Handlers
# Initial setup function, creates the command module and saves details to datastore
def setup()
@http_params = @data['request'].params
@http_header = Hash.new
http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
@http_params = @data['request'].params
@http_header = Hash.new
http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
.each {|key,value|
@http_header[key.sub(/^HTTP_/, '')] = value
}
# @note get and check command id from the request
command_id = get_param(@data, 'cid')
# @todo ruby filter needs to be updated to detect fixnums not strings
command_id = command_id.to_s()
raise WEBrick::HTTPStatus::BadRequest, "command_id is invalid" if not BeEF::Filters.is_valid_command_id?(command_id.to_s())
(print_error "command_id is invalid";return) if not BeEF::Filters.is_valid_command_id?(command_id.to_s())
# @note get and check session id from the request
beefhook = get_param(@data, 'beefhook')
raise WEBrick::HTTPStatus::BadRequest, "beefhook is invalid" if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
(print_error "BeEFhook is invalid";return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
# @note create the command module to handle the response
command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))
@@ -65,9 +65,9 @@ module Handlers
# @note get/set details for datastore and log entry
command_friendly_name = command.friendlyname
raise WEBrick::HTTPStatus::BadRequest, "command friendly name empty" if command_friendly_name.empty?
(print_error "command friendly name is empty";return) if command_friendly_name.empty?
command_results = get_param(@data, 'results')
raise WEBrick::HTTPStatus::BadRequest, "command results empty" if command_results.empty?
(print_error "command results are empty";return) if command_results.empty?
# @note save the command module results to the datastore and create a log entry
command_results = {'data' => command_results}
BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results)

2
core/main/handlers/hookedbrowsers.rb
View File

@@ -54,7 +54,7 @@ module Handlers
# @note generate the instructions to hook the browser
host_name = @request.host
raise WEBrick::HTTPStatus::BadRequest, "Invalid host name" if not BeEF::Filters.is_valid_hostname?(host_name)
(print_error "Invalid host name";return) if not BeEF::Filters.is_valid_hostname?(host_name)
build_beefjs!(host_name)
# @note is a known browser so send instructions

12
core/main/handlers/modules/command.rb
View File

@@ -25,15 +25,15 @@ module Modules
# @param [Object] hooked_browser Hooked Browser object
def add_command_instructions(command, hooked_browser)
raise WEBrick::HTTPStatus::BadRequest, "hooked_browser is nil" if hooked_browser.nil?
raise WEBrick::HTTPStatus::BadRequest, "hooked_browser.session is nil" if hooked_browser.session.nil?
raise WEBrick::HTTPStatus::BadRequest, "hooked_browser is nil" if command.nil?
raise WEBrick::HTTPStatus::BadRequest, "hooked_browser.command_module_id is nil" if command.command_module_id.nil?
(print_error "hooked_browser is nil";return) if hooked_browser.nil?
(print_error "hooked_browser.session is nil";return) if hooked_browser.session.nil?
(print_error "hooked_browser is nil";return) if command.nil?
(print_error "hooked_browser.command_module_id is nil";return) if command.command_module_id.nil?
# @note get the command module
command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
raise WEBrick::HTTPStatus::BadRequest, "command_module is nil" if command_module.nil?
raise WEBrick::HTTPStatus::BadRequest, "command_module.path is nil" if command_module.path.nil?
(print_error "command_module is nil";return) if command_module.nil?
(print_error "command_module.path is nil";return) if command_module.path.nil?
if(command_module.path.match(/^Dynamic/))
command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new

24
core/main/server.rb
View File

@@ -90,8 +90,8 @@ module BeEF
@rack_app = Rack::URLMap.new(@mounts)
if not @http_server
if @configuration.get('beef.debug') == true
# Thin::Logging.debug = true
if @configuration.get('beef.http.debug') == true
Thin::Logging.debug = true
end
@http_server = Thin::Server.new(
@configuration.get('beef.http.host'),
@@ -103,30 +103,10 @@ module BeEF
# Starts the BeEF http server
def start
# we trap CTRL+C in the console and kill the server
trap("INT") { BeEF::Core::Server.instance.stop }
# starts the web server
@http_server.start
end
# Stops the BeEF http server.
def stop
if @http_server
# shuts down the server
@http_server.stop
trap("INT") { BeEF::Core::Server.instance.stop }
# print goodbye message
puts
print_info 'BeEF server stopped'
end
end
# Restarts the BeEF http server.
def restart
stop
start
end
end
end
end

5
core/module.rb
View File

@@ -67,6 +67,11 @@ module Module
if class_symbol and class_symbol.respond_to?(:options)
return class_symbol.options
end
#TODO: do we really need to print this info? At then modules with no options are common,
# so I guess we shouldn't print this info even in debug mode
# else
# print_debug "Module '#{mod}', no options method defined"
# end
end
return []
end

1
core/ruby/patches/webrick/httputils.rb
View File

@@ -16,6 +16,7 @@ module WEBrick
# Add support for additional mime types
# @param [String] filename Filename
# @param [Hash] mime_tab Mime Type Hash
#TODO: FIND A WAY TO DO THE SAME IN RACK (modify the default content type returned when requesting audio files - WAV)
def mime_type(filename, mime_tab)
suffix1 = (/\.(\w+)$/ =~ filename && $1.downcase)
suffix2 = (/\.(\w+)\.[\w\-]+$/ =~ filename && $1.downcase)

2
extensions/admin_ui/api/command.rb
View File

@@ -30,7 +30,7 @@ module API
#
def get_browser_detail(key)
bd = BeEF::Extension::Initialization::Models::BrowserDetails
raise WEBrick::HTTPStatus::BadRequest, "@session_id is invalid" if not BeEF::Filters.is_valid_hook_session_id?(@session_id)
(print_error "@session_id is invalid";return) if not BeEF::Filters.is_valid_hook_session_id?(@session_id)
bd.get(@session_id, key)
end
end

4
extensions/admin_ui/classes/httpcontroller.rb
View File

@@ -63,9 +63,9 @@ module AdminUI
# get the mapped function (if it exists) from the derived class
path = request.path_info
raise WEBrick::HTTPStatus::BadRequest, "path is invalid" if not BeEF::Filters.is_valid_path_info?(path)
(print_error "path is invalid";return) if not BeEF::Filters.is_valid_path_info?(path)
function = @paths[path] || @paths[path + '/'] # check hash for '<path>' and '<path>/'
raise WEBrick::HTTPStatus::BadRequest, "path does not exist" if function.nil?
(print_error "path does not exist";return) if function.nil?
# call the relevant mapped function
function.call

4
extensions/admin_ui/controllers/authentication/authentication.rb
View File

@@ -98,8 +98,8 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
def logout
# test if session is unauth'd
raise WEBrick::HTTPStatus::BadRequest, "invalid nonce" if not @session.valid_nonce?(@request)
raise WEBrick::HTTPStatus::BadRequest, "invalid session" if not @session.valid_session?(@request)
(print_error "invalid nonce";return @body = "{ success : true }") if not @session.valid_nonce?(@request)
(print_error "invalid session";return @body = "{ success : true }") if not @session.valid_session?(@request)
@headers['Content-Type']='application/json; charset=UTF-8'

10
extensions/admin_ui/controllers/logs/logs.rb
View File

@@ -33,7 +33,7 @@ class Logs < BeEF::Extension::AdminUI::HttpController
def select_all_logs
log = BeEF::Core::Models::Log.all()
raise WEBrick::HTTPStatus::BadRequest, "log is nil" if log.nil?
(print_error "log is nil";return) if log.nil?
# format log
@body = logs2json(log)
@@ -45,16 +45,16 @@ class Logs < BeEF::Extension::AdminUI::HttpController
# get params
session = @params['session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "session is nil" if session.nil?
(print_error "session is nil";return) if session.nil?
zombie = BeEF::Core::Models::HookedBrowser.first(:session => session)
raise WEBrick::HTTPStatus::BadRequest, "zombie is nil" if zombie.nil?
raise WEBrick::HTTPStatus::BadRequest, "zombie.id is nil" if zombie.id.nil?
(print_error "zombie is nil";return) if zombie.nil?
(print_error "zombie.id is nil";return) if zombie.id.nil?
zombie_id = zombie.id
# get log
log = BeEF::Core::Models::Log.all(:hooked_browser_id => zombie_id)
raise WEBrick::HTTPStatus::BadRequest, "log is nil" if log.nil?
(print_error "log is nil";return) if log.nil?
# format log
@body = logs2json(log)

170
extensions/admin_ui/controllers/modules/modules.rb
View File

@@ -49,9 +49,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get the zombie
zombie_session = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Zombie session is nil" if zombie_session.nil?
(print_error "Zombie session is nil";return) if zombie_session.nil?
zombie = BeEF::Core::Models::HookedBrowser.first(:session => zombie_session)
raise WEBrick::HTTPStatus::BadRequest, "Zombie is nil" if zombie.nil?
(print_error "Zombie is nil";return) if zombie.nil?
# init the summary grid
summary_grid_hash = {
@@ -66,9 +66,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_page_hash = { 'Page Title' => encoded_page_title }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_page_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -81,9 +81,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_host_name_hash = { 'Hostname/IP' => encoded_host_name }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_host_name_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -96,9 +96,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_os_name_hash = { 'OS Name' => encoded_os_name }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_os_name_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -111,9 +111,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
browser_name_hash = { 'Browser Name' => friendly_browser_name }
browser_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => browser_name_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_name_row) # add the row
@@ -126,9 +126,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
browser_version_hash = { 'Browser Version' => encoded_browser_version }
browser_version_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => browser_version_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_version_row) # add the row
@@ -140,9 +140,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
browser_uastring_hash = { 'Browser UA String' => browser_uastring }
browser_uastring_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => browser_uastring_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_uastring_row) # add the row
@@ -155,9 +155,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_cookies_hash = { 'Cookies' => encoded_cookies }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_cookies_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -170,9 +170,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_browser_plugins_hash = { 'Browser Plugins' => encoded_browser_plugins }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_browser_plugins_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -185,9 +185,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_internal_ip_hash = { 'Internal IP' => encoded_internal_ip }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_internal_ip_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -200,9 +200,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_internal_hostname_hash = { 'Internal Hostname' => encoded_internal_hostname }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_internal_hostname_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -215,9 +215,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_system_platform_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -229,20 +229,20 @@ class Modules < BeEF::Extension::AdminUI::HttpController
screen_params_hash = JSON.parse(screen_params.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = screen_params_hash['width']
raise WEBrick::HTTPStatus::BadRequest, "width is wrong type" if not width.is_a?(Fixnum)
(print_error "width is wrong type";return) if not width.is_a?(Fixnum)
height = screen_params_hash['height']
raise WEBrick::HTTPStatus::BadRequest, "height is wrong type" if not height.is_a?(Fixnum)
(print_error "height is wrong type";return) if not height.is_a?(Fixnum)
colordepth = screen_params_hash['colordepth']
raise WEBrick::HTTPStatus::BadRequest, "colordepth is wrong type" if not colordepth.is_a?(Fixnum)
(print_error "colordepth is wrong type";return) if not colordepth.is_a?(Fixnum)
# construct the string to be displayed in the details tab
encoded_screen_params = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s)
encoded_screen_params_hash = { 'Screen Params' => encoded_screen_params }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_screen_params_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -254,18 +254,18 @@ class Modules < BeEF::Extension::AdminUI::HttpController
window_size_hash = JSON.parse(window_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = window_size_hash['width']
raise WEBrick::HTTPStatus::BadRequest, "width is wrong type" if not width.is_a?(Fixnum)
(print_error "width is wrong type";return) if not width.is_a?(Fixnum)
height = window_size_hash['height']
raise WEBrick::HTTPStatus::BadRequest, "height is wrong type" if not height.is_a?(Fixnum)
(print_error "height is wrong type";return) if not height.is_a?(Fixnum)
# construct the string to be displayed in the details tab
encoded_window_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s)
encoded_window_size_hash = { 'Window Size' => encoded_window_size }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_window_size_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -278,9 +278,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_java_enabled_hash = { 'Java Enabled' => encoded_java_enabled }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_java_enabled_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -293,9 +293,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_vbscript_enabled_hash = { 'VBScript Enabled' => encoded_vbscript_enabled }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_vbscript_enabled_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -308,9 +308,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_has_flash_hash = { 'Has Flash' => encoded_has_flash }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_flash_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -323,9 +323,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_has_googlegears_hash = { 'Has GoogleGears' => encoded_has_googlegears }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_googlegears_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -338,9 +338,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_has_web_socket_hash = { 'Has WebSockets' => encoded_has_web_socket }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_web_socket_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -353,9 +353,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_activex_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -368,9 +368,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_has_session_cookies_hash = { 'Session Cookies' => encoded_has_session_cookies }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_session_cookies_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -383,9 +383,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
encoded_has_persistent_cookies_hash = { 'Persistent Cookies' => encoded_has_persistent_cookies }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_persistent_cookies_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -461,7 +461,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
BeEF::Modules.get_enabled.each{|k, mod|
# get the hooked browser session id and set it in the command module
hook_session_id = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "hook_session_id is nil" if hook_session_id.nil?
(print_error "hook_session_id is nil";return) if hook_session_id.nil?
# create url path and file for the command module icon
command_module_status = set_command_module_status(k)
@@ -480,7 +480,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
next if !dyn_mod.path.split('/').first.match(/^Dynamic/)
hook_session_id = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "hook_session_id is nil" if hook_session_id.nil?
(print_error "hook_session_id is nil";return) if hook_session_id.nil?
dyn_mod_name = dyn_mod.path.split('/').last
dyn_mod_category = nil
@@ -526,7 +526,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# Returns the inputs definition of an command_module.
def select_command_module
command_module_id = @params['command_module_id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "command_module_id is nil" if command_module_id.nil?
(print_error "command_module_id is nil";return) if command_module_id.nil?
command_module = BeEF::Core::Models::CommandModule.get(command_module_id)
key = BeEF::Module.get_key_by_database_id(command_module_id)
@@ -545,19 +545,19 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get params
zombie_session = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Zombie session is nil" if zombie_session.nil?
(print_error "Zombie session is nil";return) if zombie_session.nil?
command_module_id = @params['command_module_id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "command_module id is nil" if command_module_id.nil?
(print_error "command_module id is nil";return) if command_module_id.nil?
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
# get the browser id
zombie = Z.first(:session => zombie_session)
raise WEBrick::HTTPStatus::BadRequest, "Zombie is nil" if zombie.nil?
(print_error "Zombie is nil";return) if zombie.nil?
zombie_id = zombie.id
raise WEBrick::HTTPStatus::BadRequest, "Zombie id is nil" if zombie_id.nil?
(print_error "Zombie id is nil";return) if zombie_id.nil?
C.all(:command_module_id => command_module_id, :hooked_browser_id => zombie_id).each do |command|
commands.push({
@@ -582,17 +582,17 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get params
zombie_session = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Zombie id is nil" if zombie_session.nil?
(print_error "Zombie id is nil";return) if zombie_session.nil?
command_module_id = @params['command_module_id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "command_module id is nil" if command_module_id.nil?
(print_error "command_module id is nil";return) if command_module_id.nil?
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
@params.keys.each {|param|
raise WEBrick::HTTPStatus::BadRequest, "invalid key param string" if not BeEF::Filters.has_valid_param_chars?(param)
raise WEBrick::HTTPStatus::BadRequest, "first char is num" if BeEF::Filters.first_char_is_num?(param)
(print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
(print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
definition[param[4..-1]] = params[param]
oc = BeEF::Core::Models::OptionCache.first_or_create(:name => param[4..-1])
oc.value = params[param]
@@ -614,13 +614,13 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get params
command_id = @params['command_id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Command id is nil" if command_id.nil?
(print_error "Command id is nil";return) if command_id.nil?
command = BeEF::Core::Models::Command.first(:id => command_id.to_i) || nil
raise WEBrick::HTTPStatus::BadRequest, "Command is nil" if command.nil?
(print_error "Command is nil";return) if command.nil?
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
command.instructions_sent = false
command.save
@@ -634,17 +634,17 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get params
zombie_session = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Zombie id is nil" if zombie_session.nil?
(print_error "Zombie id is nil";return) if zombie_session.nil?
command_module_id = @params['command_module_id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "command_module id is nil" if command_module_id.nil?
(print_error "command_module id is nil";return) if command_module_id.nil?
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(print_error "nonce is nil";return) if nonce.nil?
(print_error "nonce incorrect";return) if @session.get_nonce != nonce
@params.keys.each {|param|
raise WEBrick::HTTPStatus::BadRequest, "invalid key param string" if not BeEF::Filters.has_valid_param_chars?(param)
raise WEBrick::HTTPStatus::BadRequest, "first char is num" if BeEF::Filters.first_char_is_num?(param)
(print_error "invalid key param string";return) if not BeEF::Filters.has_valid_param_chars?(param)
(print_error "first char is num";return) if BeEF::Filters.first_char_is_num?(param)
definition[param[4..-1]] = params[param]
oc = BeEF::Core::Models::OptionCache.first_or_create(:name => param[4..-1])
oc.value = params[param]
@@ -652,9 +652,9 @@ class Modules < BeEF::Extension::AdminUI::HttpController
}
zombie = Z.first(:session => zombie_session)
raise WEBrick::HTTPStatus::BadRequest, "Zombie is nil" if zombie.nil?
(print_error "Zombie is nil";return) if zombie.nil?
zombie_id = zombie.id
raise WEBrick::HTTPStatus::BadRequest, "Zombie id is nil" if zombie_id.nil?
(print_error "Zombie id is nil";return) if zombie_id.nil?
command_module = BeEF::Core::Models::CommandModule.get(command_module_id)
if(command_module != nil && command_module.path.match(/^Dynamic/))
@@ -691,16 +691,16 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get params
command_id = @params['command_id']|| nil
raise WEBrick::HTTPStatus::BadRequest, "Command id is nil" if command_id.nil?
(print_error "Command id is nil";return) if command_id.nil?
command = BeEF::Core::Models::Command.first(:id => command_id.to_i) || nil
raise WEBrick::HTTPStatus::BadRequest, "Command is nil" if command.nil?
(print_error "Command is nil";return) if command.nil?
# get command_module
command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
raise WEBrick::HTTPStatus::BadRequest, "command_module is nil" if command_module.nil?
(print_error "command_module is nil";return) if command_module.nil?
resultsdb = BeEF::Core::Models::Result.all(:command_id => command_id)
raise WEBrick::HTTPStatus::BadRequest, "Command id result is nil" if resultsdb.nil?
(print_error "Command id result is nil";return) if resultsdb.nil?
resultsdb.each{ |result| results.push({'date' => result.date, 'data' => JSON.parse(result.data)}) }
@@ -718,12 +718,12 @@ class Modules < BeEF::Extension::AdminUI::HttpController
# get params
command_id = @params['command_id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Command id is nil" if command_id.nil?
(print_error "Command id is nil";return) if command_id.nil?
command = BeEF::Core::Models::Command.first(:id => command_id.to_i) || nil
raise WEBrick::HTTPStatus::BadRequest, "Command is nil" if command.nil?
(print_error "Command is nil";return) if command.nil?
command_module = BeEF::Core::Models::CommandModule.get(command.command_module_id)
raise WEBrick::HTTPStatus::BadRequest, "command_module is nil" if command_module.nil?
(print_error "command_module is nil";return) if command_module.nil?
if(command_module.path.split('/').first.match(/^Dynamic/))
dyn_mod_name = command_module.path.split('/').last
@@ -795,7 +795,7 @@ class Modules < BeEF::Extension::AdminUI::HttpController
command_modules_json = {}
command_module = BeEF::Core::Models::CommandModule.get(id)
raise WEBrick::HTTPStatus::BadRequest, "Module does not exists" if command_module.nil?
(print_error "Module does not exists";return 'success' => 'false') if command_module.nil?
payload_options = BeEF::Module.get_payload_options(command_module.name,payload_name)
# get payload options in JSON
@@ -803,8 +803,6 @@ class Modules < BeEF::Extension::AdminUI::HttpController
payload_options_json = []
payload_options_json[1] = payload_options
#payload_options_json[1] = e.get_payload_options(payload_name)
#raise WEBrick::HTTPStatus::BadRequest, "Payload JSON generation error" if payload_options_json.empty?
return {'success' => 'true', 'command_modules' => payload_options_json}.to_json
end

48
extensions/admin_ui/controllers/requester/requester.rb
View File

@@ -35,47 +35,55 @@ class Requester < BeEF::Extension::AdminUI::HttpController
}
})
end
def err_msg(error)
print_error "[REQUESTER] #{error}"
end
# Send a new http request to the hooked browser.
def send_request
# validate that the hooked browser's session has been sent
zombie_session = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid session id" if not BeEF::Filters.is_valid_hook_session_id?(zombie_session)
(self.err_msg "Invalid session id";return @body = '{success : false}') if not BeEF::Filters.is_valid_hook_session_id?(zombie_session)
# validate that the hooked browser exists in the db
zombie = Z.first(:session => zombie_session) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid hooked browser session" if zombie.nil?
(self.err_msg "Invalid hooked browser session";return @body = '{success : false}') if zombie.nil?
# validate that the raw request has been sent
raw_request = @params['raw_request'] || nil
raise WEBrick::HTTPStatus::BadRequest, "raw_request is nil" if raw_request.nil?
raise WEBrick::HTTPStatus::BadRequest, "raw_request contains non-printable chars" if not BeEF::Filters.has_non_printable_char?(raw_request)
(self.err_msg "raw_request is nil";return @body = '{success : false}') if raw_request.nil?
(self.err_msg "raw_request contains non-printable chars";return @body = '{success : false}') if not BeEF::Filters.has_non_printable_char?(raw_request)
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(self.err_msg "nonce is nil";return @body = '{success : false}') if nonce.nil?
(self.err_msg "nonce incorrect";return @body = '{success : false}') if @session.get_nonce != nonce
# validate that the raw request is correct and can be used
req_parts = raw_request.split(/ |\n/) # break up the request
verb = req_parts[0]
raise 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
self.err_msg 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
uri = req_parts[1]
raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
self.err_msg 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
version = req_parts[2]
raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
(self.err_msg 'Invalid HTTP version';return @body = '{success : false}') if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
# if BeEF::Filters.is_valid_http_version?(version) then print_error 'Invalid HTTP version'
host_str = req_parts[3]
raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
(self.err_msg 'Invalid HTTP Host Header';return @body = '{success : false}') if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
host = req_parts[4]
host_parts = host.split(/:/)
hostname = host_parts[0]
raise 'Invalid hostname' if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
(self.err_msg 'Invalid HTTP HostName';return @body = '{success : false}') if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
hostport = host_parts[1] || nil
if !hostport.nil?
raise 'Invalid hostport' if not BeEF::Filters.nums_only?(hostport) #check the target hostport
(self.err_msg 'Invalid HTTP HostPort';return @body = '{success : false}') if not BeEF::Filters.nums_only?(hostport) #check the target hostport
end
# (re)build the request
#TODO create the request by hand, with proper error-checking
green_request = StringIO.new(verb + " " + uri + " " + version + "\n" + host_str + " " + host)
request = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
request.parse(green_request)
@@ -104,16 +112,16 @@ class Requester < BeEF::Extension::AdminUI::HttpController
def get_zombie_history
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(self.err_msg "nonce is nil";return @body = '{success : false}') if nonce.nil?
(self.err_msg "nonce incorrect";return @body = '{success : false}') if @session.get_nonce != nonce
# validate that the hooked browser's session has been sent
zombie_session = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Zombie session is nil" if zombie_session.nil?
(self.err_msg "Zombie session is nil";return @body = '{success : false}') if zombie_session.nil?
# validate that the hooked browser exists in the db
zombie = Z.first(:session => zombie_session) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid hooked browser session" if zombie.nil?
(self.err_msg "Invalid hooked browser session";return @body = '{success : false}') if zombie.nil?
history = []
H.all(:hooked_browser_id => zombie.id).each{|http|
@@ -139,16 +147,16 @@ class Requester < BeEF::Extension::AdminUI::HttpController
def get_zombie_response
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(self.err_msg "nonce is nil";return @body = '{success : false}') if nonce.nil?
(self.err_msg "nonce incorrect";return @body = '{success : false}') if @session.get_nonce != nonce
# validate the http id
http_id = @params['http_id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "http_id is nil" if http_id.nil?
(self.err_msg "http_id is nil";return @body = '{success : false}') if http_id.nil?
# validate that the http object exist in the dabatase
http_db = H.first(:id => http_id) || nil
raise WEBrick::HTTPStatus::BadRequest, "http object could not be found in the database" if http_db.nil?
(self.err_msg "http object could not be found in the database";return @body = '{success : false}') if http_db.nil?
if http_db.response_data.length > (1024 * 100) #more thank 100K
response_data = http_db.response_data[0..(1024*100)]

8
extensions/admin_ui/controllers/xssrays/xssrays.rb
View File

@@ -42,16 +42,16 @@ class Xssrays < BeEF::Extension::AdminUI::HttpController
def get_xssrays_logs
# validate nonce
nonce = @params['nonce'] || nil
raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
(print_error "nonce is nil";return @body = {'success' => 'false'}.to_json) if nonce.nil?
(print_error "nonce incorrect";return @body = {'success' => 'false'}.to_json) if @session.get_nonce != nonce
# validate that the hooked browser's session has been sent
zombie_session = @params['zombie_session'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Zombie session is nil" if zombie_session.nil?
(print_error "Zombie session is nil";return @body = {'success' => 'false'}.to_json) if zombie_session.nil?
# validate that the hooked browser exists in the db
zombie = Z.first(:session => zombie_session) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid hooked browser session" if zombie.nil?
(print_error "Invalid hooked browser session";return @body = {'success' => 'false'}.to_json) if zombie.nil?
logs = []
BeEF::Core::Models::Xssraysdetail.all(:hooked_browser_id => zombie.id).each{|log|

6
extensions/admin_ui/handlers/ui.rb
View File

@@ -24,15 +24,11 @@ module Handlers
class UI
attr_reader :guard
#
# Constructor
#
def initialize(klass)
super
@guard = Mutex.new
@klass = BeEF::Extension::AdminUI::Controllers.const_get(klass.to_s.capitalize)
end
@@ -40,8 +36,6 @@ module Handlers
@request = Rack::Request.new(env)
@response = Rack::Response.new(env)
controller = nil
controller = @klass.new
controller.run(@request, @response)

91
extensions/console/lib/shellinterface.rb
View File

@@ -275,9 +275,9 @@ class ShellInterface
encoded_page_hash = { 'Page Title' => encoded_page_title }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_page_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -290,9 +290,9 @@ class ShellInterface
encoded_host_name_hash = { 'Hostname/IP' => encoded_host_name }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_host_name_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -305,9 +305,9 @@ class ShellInterface
encoded_os_name_hash = { 'OS Name' => encoded_os_name }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_os_name_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -320,9 +320,9 @@ class ShellInterface
browser_name_hash = { 'Browser Name' => friendly_browser_name }
browser_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => browser_name_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_name_row) # add the row
@@ -335,9 +335,9 @@ class ShellInterface
browser_version_hash = { 'Browser Version' => encoded_browser_version }
browser_version_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => browser_version_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_version_row) # add the row
@@ -349,9 +349,9 @@ class ShellInterface
browser_uastring_hash = { 'Browser UA String' => browser_uastring }
browser_uastring_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => browser_uastring_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(browser_uastring_row) # add the row
@@ -364,9 +364,9 @@ class ShellInterface
encoded_cookies_hash = { 'Cookies' => encoded_cookies }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_cookies_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -379,9 +379,9 @@ class ShellInterface
encoded_browser_plugins_hash = { 'Browser Plugins' => encoded_browser_plugins }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_browser_plugins_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -394,9 +394,9 @@ class ShellInterface
encoded_internal_ip_hash = { 'Internal IP' => encoded_internal_ip }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_internal_ip_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -409,9 +409,9 @@ class ShellInterface
encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_system_platform_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -424,9 +424,9 @@ class ShellInterface
encoded_internal_hostname_hash = { 'Internal Hostname' => encoded_internal_hostname }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_internal_hostname_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -438,20 +438,17 @@ class ShellInterface
screen_params_hash = JSON.parse(screen_params.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = screen_params_hash['width']
#raise WEBrick::HTTPStatus::BadRequest, "width is wrong type" if not width.is_a?(Fixnum)
height = screen_params_hash['height']
#raise WEBrick::HTTPStatus::BadRequest, "height is wrong type" if not height.is_a?(Fixnum)
colordepth = screen_params_hash['colordepth']
#raise WEBrick::HTTPStatus::BadRequest, "colordepth is wrong type" if not colordepth.is_a?(Fixnum)
# construct the string to be displayed in the details tab
encoded_screen_params = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s + ", Colour Depth: " + colordepth.to_s)
encoded_screen_params_hash = { 'Screen Params' => encoded_screen_params }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_screen_params_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -463,18 +460,16 @@ class ShellInterface
window_size_hash = JSON.parse(window_size.gsub(/\"\=\>/, '":')) # tidy up the string for JSON
width = window_size_hash['width']
#raise WEBrick::HTTPStatus::BadRequest, "width is wrong type" if not width.is_a?(Fixnum)
height = window_size_hash['height']
#raise WEBrick::HTTPStatus::BadRequest, "height is wrong type" if not height.is_a?(Fixnum)
# construct the string to be displayed in the details tab
encoded_window_size = CGI.escapeHTML("Width: "+width.to_s + ", Height: " + height.to_s)
encoded_window_size_hash = { 'Window Size' => encoded_window_size }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_window_size_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -487,9 +482,9 @@ class ShellInterface
encoded_java_enabled_hash = { 'Java Enabled' => encoded_java_enabled }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_java_enabled_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -502,9 +497,9 @@ class ShellInterface
encoded_vbscript_enabled_hash = { 'VBScript Enabled' => encoded_vbscript_enabled }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_vbscript_enabled_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -517,9 +512,9 @@ class ShellInterface
encoded_has_flash_hash = { 'Has Flash' => encoded_has_flash }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_flash_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -532,9 +527,9 @@ class ShellInterface
encoded_has_googlegears_hash = { 'Has GoogleGears' => encoded_has_googlegears }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_googlegears_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -547,9 +542,9 @@ class ShellInterface
encoded_has_web_socket_hash = { 'Has GoogleGears' => encoded_has_web_socket }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_web_socket_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -562,9 +557,9 @@ class ShellInterface
encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_activex_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -577,9 +572,9 @@ class ShellInterface
encoded_has_session_cookies_hash = { 'Session Cookies' => encoded_has_session_cookies }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_session_cookies_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row
@@ -592,9 +587,9 @@ class ShellInterface
encoded_has_persistent_cookies_hash = { 'Persistent Cookies' => encoded_has_persistent_cookies }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'category' => 'Browser Hook Initialization',
'data' => encoded_has_persistent_cookies_hash,
'from' => 'Initialisation'
'from' => 'Initialization'
}
summary_grid_hash['results'].push(page_name_row) # add the row

25
extensions/events/handler.rb
View File

@@ -20,18 +20,11 @@ module Events
#
# The http handler that manages the Events.
#
class Handler < WEBrick::HTTPServlet::AbstractServlet
attr_reader :guard
class Handler
Z = BeEF::Core::Models::HookedBrowser
#
# Class constructor
#
def initialize(data)
# we set up a mutex
@guard = Mutex.new
@data = data
setup()
end
@@ -43,11 +36,17 @@ module Events
# validates the hook token
beef_hook = @data['beefhook'] || nil
raise WEBrick::HTTPStatus::BadRequest, "beef_hook is null" if beef_hook.nil?
if beef_hook.nil?
print_error "[EVENTS] beef_hook is null"
return
end
# validates that a hooked browser with the beef_hook token exists in the db
zombie = Z.first(:session => beef_hook) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid beef hook id: the hooked browser cannot be found in the database" if zombie.nil?
if zombie.nil?
print_error "[EVENTS] Invalid beef hook id: the hooked browser cannot be found in the database"
return
end
events = @data['results']
@@ -72,7 +71,7 @@ module Events
when 'keys'
return event['time'].to_s+'s - [User Typed] "'+event['data'].to_s+'" > '+event['target'].to_s
end
print_debug 'Event handler has recieved an unknown event'
print_debug '[EVENTS] Event handler has received an unknown event'
return 'Unknown event'
end

526
extensions/initialization/handler.rb
View File

@@ -14,314 +14,282 @@
# limitations under the License.
#
module BeEF
module Extension
module Initialization
#
# The http handler that manages the return of the initial browser details.
#
class Handler
attr_reader :guard
@data = {}
module Extension
module Initialization
HB = BeEF::Core::Models::HookedBrowser
BD = BeEF::Extension::Initialization::Models::BrowserDetails
def initialize(data)
@guard = Mutex.new
@data = data
setup()
end
#
# The http handler that manages the return of the initial browser details.
#
class Handler
def setup()
# validate hook session value
session_id = get_param(@data, 'beefhook')
raise WEBrick::HTTPStatus::BadRequest, "session id is invalid" if not BeEF::Filters.is_valid_hook_session_id?(session_id)
hooked_browser = HB.first(:session => session_id)
return if not hooked_browser.nil? # browser is already registered with framework
@data = {}
# create the structure representing the hooked browser
zombie = BeEF::Core::Models::HookedBrowser.new(:ip => @data['request'].ip, :session => session_id)
zombie.firstseen = Time.new.to_i
HB = BeEF::Core::Models::HookedBrowser
BD = BeEF::Extension::Initialization::Models::BrowserDetails
# hostname
if not @data['results']['HostName'].nil? then
log_zombie_domain=@data['results']['HostName']
elsif (not @data['request'].referer.nil?) and (not @data['request'].referer.empty?)
log_zombie_domain=@data['request'].referer.gsub('http://','').gsub('https://','').split('/')[0]
else
log_zombie_domain="unknown" # Probably local file open
end
def initialize(data)
@data = data
setup()
end
# port
if not @data['results']['HostPort'].nil? then
def err_msg(error)
print_error "[INITIALIZATION] #{error}"
end
def setup()
# validate hook session value
session_id = get_param(@data, 'beefhook')
(self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id)
hooked_browser = HB.first(:session => session_id)
return if not hooked_browser.nil? # browser is already registered with framework
# create the structure representing the hooked browser
zombie = BeEF::Core::Models::HookedBrowser.new(:ip => @data['request'].ip, :session => session_id)
zombie.firstseen = Time.new.to_i
# hostname
if not @data['results']['HostName'].nil? then
log_zombie_domain=@data['results']['HostName']
elsif (not @data['request'].referer.nil?) and (not @data['request'].referer.empty?)
log_zombie_domain=@data['request'].referer.gsub('http://', '').gsub('https://', '').split('/')[0]
else
log_zombie_domain="unknown" # Probably local file open
end
# port
if not @data['results']['HostPort'].nil? then
log_zombie_port=@data['results']['HostPort']
else
else
log_zombie_domain_parts=log_zombie_domain.split(':')
log_zombie_port=80
if log_zombie_domain_parts.length > 1 then
log_zombie_port=log_zombie_domain_parts[1].to_i
log_zombie_port=log_zombie_domain_parts[1].to_i
end
end
end
zombie.domain = log_zombie_domain
zombie.port = log_zombie_port
zombie.domain = log_zombie_domain
zombie.port = log_zombie_port
#TODO: find a way to do this
#zombie.httpheaders = @data['request'].header.to_json
zombie.httpheaders = 'temp headers'
#Parse http_headers. Unfortunately Rack doesn't provide a util-method to get them :(
@http_headers = Hash.new
http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
.each {|key,value|
@http_headers[key.sub(/^HTTP_/, '')] = value
}
zombie.httpheaders = @http_headers.to_json
zombie.save
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
# get and store browser name
browser_name = get_param(@data['results'], 'BrowserName')
if BeEF::Filters.is_valid_browsername?(browser_name)
BD.set(session_id, 'BrowserName', browser_name)
else
self.err_msg "Invalid browser name returned from the hook browser's initial connection."
end
# get and store browser version
browser_version = get_param(@data['results'], 'BrowserVersion')
if BeEF::Filters.is_valid_browserversion?(browser_version)
BD.set(session_id, 'BrowserVersion', browser_version)
else
self.err_msg "Invalid browser version returned from the hook browser's initial connection."
end
# get and store browser string
browser_string = get_param(@data['results'], 'BrowserReportedName')
if BeEF::Filters.is_valid_browserstring?(browser_string)
BD.set(session_id, 'BrowserReportedName', browser_string)
else
self.err_msg "Invalid browser string returned from the hook browser's initial connection."
end
# get and store the cookies
cookies = get_param(@data['results'], 'Cookies')
if BeEF::Filters.is_valid_cookies?(cookies)
BD.set(session_id, 'Cookies', cookies)
else
self.err_msg "Invalid cookies returned from the hook browser's initial connection."
end
# get and store the os name
os_name = get_param(@data['results'], 'OsName')
if BeEF::Filters.is_valid_osname?(os_name)
BD.set(session_id, 'OsName', os_name)
else
self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
end
# get and store page title
page_title = get_param(@data['results'], 'PageTitle')
if BeEF::Filters.is_valid_pagetitle?(page_title)
BD.set(session_id, 'PageTitle', page_title)
else
self.err_msg "Invalid page title returned from the hook browser's initial connection."
end
page_title = get_param(@data['results'], 'PageTitle')
if BeEF::Filters.is_valid_pagetitle?(page_title)
BD.set(session_id, 'PageTitle', page_title)
else
self.err_msg "Invalid page title returned from the hook browser's initial connection."
end
zombie.save # the save needs to be conducted before any hooked browser specific logging
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
# get and store page title
host_name = get_param(@data['results'], 'HostName')
if BeEF::Filters.is_valid_hostname?(host_name)
BD.set(session_id, 'HostName', host_name)
else
self.err_msg "Invalid host name returned from the hook browser's initial connection."
end
# get and store browser name
begin
browser_name = get_param(@data['results'], 'BrowserName')
raise WEBrick::HTTPStatus::BadRequest, "Invalid browser name" if not BeEF::Filters.is_valid_browsername?(browser_name)
BD.set(session_id, 'BrowserName', browser_name)
rescue
print_error "Invalid browser name returned from the hook browser's initial connection."
end
# get and store browser version
begin
browser_version = get_param(@data['results'], 'BrowserVersion')
raise WEBrick::HTTPStatus::BadRequest, "Invalid browser version" if not BeEF::Filters.is_valid_browserversion?(browser_version)
BD.set(session_id, 'BrowserVersion', browser_version)
rescue
print_error "Invalid browser version returned from the hook browser's initial connection."
end
# get and store the browser plugins
browser_plugins = get_param(@data['results'], 'BrowserPlugins')
if BeEF::Filters.is_valid_browser_plugins?(browser_plugins)
BD.set(session_id, 'BrowserPlugins', browser_plugins)
else
self.err_msg "Invalid browser plugins returned from the hook browser's initial connection."
end
# get and store browser string
begin
browser_string = get_param(@data['results'], 'BrowserReportedName')
raise WEBrick::HTTPStatus::BadRequest, "Invalid browser string" if not BeEF::Filters.is_valid_browserstring?(browser_string)
BD.set(session_id, 'BrowserReportedName', browser_string)
rescue
print_error "Invalid browser string returned from the hook browser's initial connection."
end
# get and store the system platform
system_platform = get_param(@data['results'], 'SystemPlatform')
if BeEF::Filters.is_valid_system_platform?(system_platform)
BD.set(session_id, 'SystemPlatform', system_platform)
else
self.err_msg "Invalid system platform returned from the hook browser's initial connection."
end
# get and store the cookies
begin
cookies = get_param(@data['results'], 'Cookies')
raise WEBrick::HTTPStatus::BadRequest, "Invalid cookies" if not BeEF::Filters.is_valid_cookies?(cookies)
BD.set(session_id, 'Cookies', cookies)
rescue
print_error "Invalid cookies returned from the hook browser's initial connection."
end
# get and store the internal ip address
internal_ip = get_param(@data['results'], 'InternalIP')
if BeEF::Filters.is_valid_ip?(internal_ip)
BD.set(session_id, 'InternalIP', internal_ip)
else
self.err_msg "Invalid internal IP address returned from the hook browser's initial connection."
end
# get and store the os name
begin
os_name = get_param(@data['results'], 'OsName')
raise WEBrick::HTTPStatus::BadRequest, "Invalid browser os name" if not BeEF::Filters.is_valid_osname?(os_name)
BD.set(session_id, 'OsName', os_name)
rescue
print_error "Invalid operating system name returned from the hook browser's initial connection."
end
# get and store the internal hostname
internal_hostname = get_param(@data['results'], 'InternalHostname')
if BeEF::Filters.is_valid_hostname?(host_name)
BD.set(session_id, 'InternalHostname', internal_hostname)
else
self.err_msg "Invalid internal hostname returned from the hook browser's initial connection."
end
# get and store page title
begin
page_title = get_param(@data['results'], 'PageTitle')
raise WEBrick::HTTPStatus::BadRequest, "Invalid page title" if not BeEF::Filters.is_valid_pagetitle?(page_title)
BD.set(session_id, 'PageTitle', page_title)
rescue
print_error "Invalid page title returned from the hook browser's initial connection."
end
# get and store the hooked browser type
browser_type = get_param(@data['results'], 'BrowserType')
if BeEF::Filters.is_valid_browsertype?(browser_type)
BD.set(session_id, 'BrowserType', browser_type)
else
self.err_msg "Invalid hooked browser type returned from the hook browser's initial connection."
end
# get and store page title
begin
host_name = get_param(@data['results'], 'HostName')
raise WEBrick::HTTPStatus::BadRequest, "Invalid host name" if not BeEF::Filters.is_valid_hostname?(host_name)
BD.set(session_id, 'HostName', host_name)
rescue
print_error "Invalid host name returned from the hook browser's initial connection."
end
# get and store the zombie screen size and color depth
screen_params = get_param(@data['results'], 'ScreenParams')
if BeEF::Filters.is_valid_screen_params?(screen_params)
BD.set(session_id, 'ScreenParams', screen_params)
else
self.err_msg "Invalid screen params returned from the hook browser's initial connection."
end
# get and store the browser plugins
begin
browser_plugins = get_param(@data['results'], 'BrowserPlugins')
raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins" if not BeEF::Filters.is_valid_browser_plugins?(browser_plugins)
BD.set(session_id, 'BrowserPlugins', browser_plugins)
rescue
print_error "Invalid browser plugins returned from the hook browser's initial connection."
end
# get and store the window size
window_size = get_param(@data['results'], 'WindowSize')
if BeEF::Filters.is_valid_window_size?(window_size)
BD.set(session_id, 'WindowSize', window_size)
else
self.err_msg "Invalid window size returned from the hook browser's initial connection."
end
# get and store the system platform
begin
system_platform = get_param(@data['results'], 'SystemPlatform')
raise WEBrick::HTTPStatus::BadRequest, "Invalid system platform" if not BeEF::Filters.is_valid_system_platform?(system_platform)
BD.set(session_id, 'SystemPlatform', system_platform)
rescue
print_error "Invalid system platform returned from the hook browser's initial connection."
end
# get and store the yes|no value for JavaEnabled
java_enabled = get_param(@data['results'], 'JavaEnabled')
if BeEF::Filters.is_valid_yes_no?(java_enabled)
BD.set(session_id, 'JavaEnabled', java_enabled)
else
self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
end
# get and store the internal ip address
begin
internal_ip = get_param(@data['results'], 'InternalIP')
if not internal_ip.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid internal IP address" if not BeEF::Filters.is_valid_ip?(internal_ip)
BD.set(session_id, 'InternalIP', internal_ip)
# get and store the yes|no value for VBScriptEnabled
vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
if BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
BD.set(session_id, 'VBScriptEnabled', vbscript_enabled)
else
self.err_msg "Invalid value for VBScriptEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasFlash
has_flash = get_param(@data['results'], 'HasFlash')
if BeEF::Filters.is_valid_yes_no?(has_flash)
BD.set(session_id, 'HasFlash', has_flash)
else
self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasGoogleGears
has_googlegears = get_param(@data['results'], 'HasGoogleGears')
if BeEF::Filters.is_valid_yes_no?(has_googlegears)
BD.set(session_id, 'HasGoogleGears', has_googlegears)
else
self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebSocket
has_web_socket = get_param(@data['results'], 'HasWebSocket')
if BeEF::Filters.is_valid_yes_no?(has_web_socket)
BD.set(session_id, 'HasWebSocket', has_web_socket)
else
self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasActiveX
has_activex = get_param(@data['results'], 'HasActiveX')
if BeEF::Filters.is_valid_yes_no?(has_activex)
BD.set(session_id, 'HasActiveX', has_activex)
else
self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
end
# get and store whether the browser has session cookies enabled
has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
if BeEF::Filters.is_valid_yes_no?(has_session_cookies)
BD.set(session_id, 'hasSessionCookies', has_session_cookies)
else
self.err_msg "Invalid value for hasSessionCookies returned from the hook browser's initial connection."
end
# get and store whether the browser has persistent cookies enabled
has_persistent_cookies = get_param(@data['results'], 'hasPersistentCookies')
if BeEF::Filters.is_valid_yes_no?(has_persistent_cookies)
BD.set(session_id, 'hasPersistentCookies', has_persistent_cookies)
else
self.err_msg "Invalid value for hasPersistentCookies returned from the hook browser's initial connection."
end
# Call autorun modules
autorun = []
BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
if v.has_key?('autorun') and v['autorun'] == true
if BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
BeEF::Module.execute(k, session_id)
autorun.push(k)
else
print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser #{zombie.ip}"
end
end
}
if autorun.length > 0
print_info "Autorun executed: #{autorun.join(', ')} against Hooked browser #{zombie.ip}"
end
end
rescue
print_error "Invalid internal IP address returned from the hook browser's initial connection."
end
# get and store the internal hostname
begin
internal_hostname = get_param(@data['results'], 'InternalHostname')
if not internal_hostname.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid internal host name" if not BeEF::Filters.is_valid_hostname?(host_name)
BD.set(session_id, 'InternalHostname', internal_hostname)
def get_param(query, key)
(query.class == Hash and query.has_key?(key)) ? query[key] : nil
end
rescue
print_error "Invalid internal hostname returned from the hook browser's initial connection."
end
# get and store the hooked browser type
begin
browser_type = get_param(@data['results'], 'BrowserType')
if not browser_type.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid browser type" if not BeEF::Filters.is_valid_browsertype?(browser_type)
BD.set(session_id, 'BrowserType', browser_type)
end
rescue
print_error "Invalid hooked browser type returned from the hook browser's initial connection."
end
# get and store the zombie screen size and color depth
begin
screen_params = get_param(@data['results'], 'ScreenParams')
raise WEBrick::HTTPStatus::BadRequest, "Invalid screen params" if not BeEF::Filters.is_valid_screen_params?(screen_params)
BD.set(session_id, 'ScreenParams', screen_params)
rescue
print_error "Invalid screen params returned from the hook browser's initial connection."
end
# get and store the window size
begin
window_size = get_param(@data['results'], 'WindowSize')
raise WEBrick::HTTPStatus::BadRequest, "Invalid window size" if not BeEF::Filters.is_valid_window_size?(window_size)
BD.set(session_id, 'WindowSize', window_size)
rescue
print_error "Invalid window size returned from the hook browser's initial connection."
end
# get and store the yes|no value for JavaEnabled
begin
java_enabled = get_param(@data['results'], 'JavaEnabled')
if not java_enabled.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for JavaEnabled" if not BeEF::Filters.is_valid_yes_no?(java_enabled)
BD.set(session_id, 'JavaEnabled', java_enabled)
end
rescue
print_error "Invalid value for JavaEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for VBScriptEnabled
begin
vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
if not vbscript_enabled.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for VBScriptEnabled" if not BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
BD.set(session_id, 'VBScriptEnabled', vbscript_enabled)
end
rescue
print_error "Invalid value for VBScriptEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasFlash
begin
has_flash = get_param(@data['results'], 'HasFlash')
if not has_flash.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for HasFlash" if not BeEF::Filters.is_valid_yes_no?(has_flash)
BD.set(session_id, 'HasFlash', has_flash)
end
rescue
print_error "Invalid value for HasFlash returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasGoogleGears
begin
has_googlegears = get_param(@data['results'], 'HasGoogleGears')
if not has_googlegears.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for HasGoogleGears" if not BeEF::Filters.is_valid_yes_no?(has_googlegears)
BD.set(session_id, 'HasGoogleGears', has_googlegears)
end
rescue
print_error "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebSocket
begin
has_web_socket = get_param(@data['results'], 'HasWebSocket')
if not has_web_socket.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for HasWebSocket" if not BeEF::Filters.is_valid_yes_no?(has_web_socket)
BD.set(session_id, 'HasWebSocket', has_web_socket)
end
rescue
print_error "Invalid value for HasWebSocket returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasActiveX
begin
has_activex = get_param(@data['results'], 'HasActiveX')
if not has_activex.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for HasActiveX" if not BeEF::Filters.is_valid_yes_no?(has_activex)
BD.set(session_id, 'HasActiveX', has_activex)
end
rescue
print_error "Invalid value for HasActiveX returned from the hook browser's initial connection."
end
# get and store whether the browser has session cookies enabled
begin
has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
if not has_session_cookies.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for hasSessionCookies" if not BeEF::Filters.is_valid_yes_no?(has_session_cookies)
BD.set(session_id, 'hasSessionCookies', has_session_cookies)
end
rescue
print_error "Invalid value for hasSessionCookies returned from the hook browser's initial connection."
end
# get and store whether the browser has persistent cookies enabled
begin
has_persistent_cookies = get_param(@data['results'], 'hasPersistentCookies')
if not has_persistent_cookies.nil?
raise WEBrick::HTTPStatus::BadRequest, "Invalid value for hasPersistentCookies" if not BeEF::Filters.is_valid_yes_no?(has_persistent_cookies)
BD.set(session_id, 'hasPersistentCookies', has_persistent_cookies)
end
rescue
print_error "Invalid value for hasPersistentCookies returned from the hook browser's initial connection."
end
# Call autorun modules, this will be moved to core along with the Initialization extension
#TODO: re-enable it
# autorun = []
# BeEF::Core::Configuration.instance.get('beef.module').each{|k,v|
# if v.has_key?('autorun') and v['autorun'] == true
# if BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
# BeEF::Module.execute(k, session_id)
# autorun.push(k)
# else
# print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser #{zombie.ip}"
# end
# end
# }
# if autorun.length > 0
# print_info "Autorun executed: #{autorun.join(', ')} against Hooked browser #{zombie.ip}"
# end
end
def get_param(query, key)
return (query.class == Hash and query.has_key?(key)) ? query[key] : nil
end
end
end
end
end

9
extensions/initialization/models/browserdetails.rb
View File

@@ -28,15 +28,12 @@ module Models
storage_names[:default] = 'extension_initialization_browserdetails'
attr_reader :guard
#
# Class constructor
#
def initialize(config)
# we set up a mutex
super(config)
@@guard = Mutex.new
end
property :session_id, String, :length => 255, :key => true
@@ -69,7 +66,9 @@ module Models
result = browserdetails.save
# if the attempt to save the browser details fails return a bad request
raise WEBrick::HTTPStatus::BadRequest, "Failed to save browser details" if result.nil?
if result.nil?
print_error "Failed to save browser details"
end
browserdetails
end

2
extensions/requester/api/hook.rb
View File

@@ -56,6 +56,8 @@ module BeEF
def requester_parse_db_request(http_db_object)
# We're overwriting the URI::Parser UNRESERVED regex to prevent BAD URI errors when sending attack vectors (see tolerant_parser)
#TODO PARSE THE REQUEST MANUALLY, WITH PROPER ERROR CHECKING. SAME THING WE DO IN THE requester admin_ui controller
tolerant_parser = URI::Parser.new(:UNRESERVED => BeEF::Core::Configuration.instance.get("beef.extension.requester.uri_unreserved_chars"))
req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
params = nil

1
extensions/requester/filters.rb
View File

@@ -25,6 +25,7 @@ module BeEF
def self.is_valid_url?(uri)
# OPTIONS * is not yet supported
# return true if uri.eql? "*"
#TODO : CHECK THE normalize_path method and include it somewhere (maybe here)
return true if uri.eql? WEBrick::HTTPUtils.normalize_path(uri)
false
end

20
extensions/requester/handler.rb
View File

@@ -20,18 +20,12 @@ module BeEF
#
# The http handler that manages the Requester.
#
class Handler < WEBrick::HTTPServlet::AbstractServlet
attr_reader :guard
class Handler
H = BeEF::Core::Models::Http
Z = BeEF::Core::Models::HookedBrowser
#
# Class constructor
#
def initialize(data)
# we set up a mutex
@guard = Mutex.new
@data = data
setup()
end
@@ -40,26 +34,26 @@ module BeEF
# validates the hook token
beef_hook = @data['beefhook'] || nil
raise WEBrick::HTTPStatus::BadRequest, "beefhook is null" if beef_hook.nil?
(print_error "beefhook is null";return) if beef_hook.nil?
# validates the request id
request_id = @data['cid'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Original request id (command id) is null" if request_id.nil?
(print_error "Original request id (command id) is null";return) if request_id.nil?
# validates that a hooked browser with the beef_hook token exists in the db
zombie_db = Z.first(:session => beef_hook) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid beefhook id: the hooked browser cannot be found in the database" if zombie_db.nil?
(print_error "Invalid beefhook id: the hooked browser cannot be found in the database";return) if zombie_db.nil?
# validates that we have such a http request saved in the db
http_db = H.first(:id => request_id.to_i, :hooked_browser_id => zombie_db.id) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid http_db: no such request found in the database" if http_db.nil?
(print_error "Invalid http_db: no such request found in the database";return) if http_db.nil?
# validates that the http request has not be ran before
raise WEBrick::HTTPStatus::BadRequest, "This http request has been saved before" if http_db.has_ran.eql? "complete"
(print_error "This http request has been saved before";return) if http_db.has_ran.eql? "complete"
# validates the response code
response_code = @data['results']['response_status_code'] || nil
raise WEBrick::HTTPStatus::BadRequest, "Http response code is null" if response_code.nil?
(print_error "Http response code is null";return) if response_code.nil?
# save the results in the database
http_db.response_headers = @data['results']['response_headers']

7
extensions/xssrays/handler.rb
View File

@@ -29,11 +29,10 @@ module BeEF
# verify if the request contains the hook token
# raise an exception if it's null or not found in the DB
beef_hook = @request['hbsess'] || nil
raise WEBrick::HTTPStatus::BadRequest,
"[XSSRAYS] Invalid beefhook id: the hooked browser cannot be found in the database" if beef_hook.nil? || HB.first(:session => beef_hook) == nil
(print_error "[XSSRAYS] Invalid beefhook id: the hooked browser cannot be found in the database";return) if beef_hook.nil? || HB.first(:session => beef_hook) == nil
rays_scan_id = @request['raysid'] || nil
raise WEBrick::HTTPStatus::BadRequest, "[XSSRAYS] Raysid is null" if rays_scan_id.nil?
(print_error "[XSSRAYS] Raysid is null";return) if rays_scan_id.nil?
if @request['action'] == 'ray'
# we received a ray
@@ -44,7 +43,7 @@ module BeEF
finalize_scan(rays_scan_id)
else
#invalid action
raise WEBrick::HTTPStatus::BadRequest, "[XSSRAYS] Invalid action"
print_error "[XSSRAYS] Invalid action";return
end
end