Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1561 from beefproject/warn-on-default-cert

Browse Source 
Minor refactor and warn if default SSL cert in use
This commit is contained in:
Brendan Coles
2018-05-12 00:18:54 +10:00
committed by GitHub
parent 7998f227c0 fb536ba06d
commit 07c0d84545
1 changed files with 41 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
core/main/server.rb
View File

@@ -90,50 +90,56 @@ module BeEF
# Rack mount points # Rack mount points
@rack_app = Rack::URLMap.new(@mounts) @rack_app = Rack::URLMap.new(@mounts)
if not @http_server return if @http_server
# Set the logging level of Thin to match the config # Set the logging level of Thin to match the config
Thin::Logging.silent = true Thin::Logging.silent = true
if @configuration.get('beef.http.debug') == true if @configuration.get('beef.http.debug') == true
Thin::Logging.silent = false Thin::Logging.silent = false
Thin::Logging.debug = true Thin::Logging.debug = true
end end
# Create the BeEF http server # Create the BeEF http server
@http_server = Thin::Server.new( @http_server = Thin::Server.new(
@configuration.get('beef.http.host'), @configuration.get('beef.http.host'),
@configuration.get('beef.http.port'), @configuration.get('beef.http.port'),
@rack_app) @rack_app)
if @configuration.get('beef.http.https.enable') == true # Configure SSL/TLS
openssl_version = OpenSSL::OPENSSL_VERSION return unless @configuration.get('beef.http.https.enable') == true
if openssl_version =~ / 1\.0\.1([a-f])? /
print_warning "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)." openssl_version = OpenSSL::OPENSSL_VERSION
print_more "Upgrade OpenSSL to version 1.0.1g or newer." if openssl_version =~ / 1\.0\.1([a-f])? /
end print_warning "Warning: #{openssl_version} is vulnerable to Heartbleed (CVE-2014-0160)."
@http_server.ssl = true print_more "Upgrade OpenSSL to version 1.0.1g or newer."
@http_server.ssl_options = {:private_key_file => File.expand_path(@configuration.get('beef.http.https.key'), $root_dir), end
:cert_chain_file => File.expand_path(@configuration.get('beef.http.https.cert'), $root_dir),
:verify_peer => false} cert_key = File.expand_path @configuration.get('beef.http.https.key'), $root_dir
end cert = File.expand_path @configuration.get('beef.http.https.cert'), $root_dir
@http_server.ssl = true
@http_server.ssl_options = {
:private_key_file => cert_key,
:cert_chain_file => cert,
:verify_peer => false
}
if Digest::SHA256.hexdigest(File.read(cert)).eql?('ccbc5e0a998eac18c1b60bbb14b439529c26e7ea4d824172df4991c3acc49cc4') ||
Digest::SHA256.hexdigest(File.read(cert_key)).eql?('300266e04bbda70f9f81a38d33973572d161f8d20bc8e2d6758f2bd6130f3825')
print_warning 'Warning: Default SSL cert/key in use.'
print_more 'Use the ./tools/generate-certificate utility to generate a new certificate.'
end end
end end
# Starts the BeEF http server # Starts the BeEF http server
def start def start
begin @http_server.start
@http_server.start # starts the web server rescue RuntimeError => e
rescue RuntimeError => e # port is in use
if e.message =~ /no acceptor/ # the port is in use raise unless e.message.include? 'no acceptor'
print_error "Another process is already listening on port #{@configuration.get('beef.http.port')}, or you're trying to bind BeEF to an invalid IP." print_error "Another process is already listening on port #{@configuration.get('beef.http.port')}, or you're trying to bind BeEF to an invalid IP."
print_error "Is BeEF already running? Exiting..." print_error "Is BeEF already running? Exiting..."
exit 127 exit 127
else
raise
end
end
end end
end end
end end
end end