Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bugfix on the requester, small code change in net.js (optimized cross_domain checks, added check when URI contains schema/domain as well)

Browse Source
This commit is contained in:
antisnatchor
2011-11-22 11:18:55 +01:00
parent 4c1ed2ee2e
commit 0866b0a8e1
2 changed files with 45 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
core/main/client/net.js
View File

@@ -145,13 +145,24 @@ beef.net = {
*/
request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain
cross_domain = !((document.domain == domain) && ((document.location.port == port) || (document.location.port == "" && port == "80")));
if (document.domain == domain){
if(document.location.port == "" || document.location.port == null){
cross_domain = !(port == "80" || port == "443");
}
}else{
cross_domain = true;
}
//build the url
var url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
//build the url
var url = "";
if(path.indexOf("http://") != -1 || path.indexOf("http://") != -1){
url = path;
}else{
url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
}
//define response object
var response = new this.response;
@@ -205,14 +216,26 @@ beef.net = {
* Firefox and Chrome automatically requests /safebrowsing/downloads (XHR)
*/
proxyrequest: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, requestid, callback) {
//check if same domain or cross domain
cross_domain = !((document.domain == domain) && ((document.location.port == port) || (document.location.port == "" && port == "80")));
if (document.domain == domain){
if(document.location.port == "" || document.location.port == null){
cross_domain = !(port == "80" || port == "443");
}
}else{
cross_domain = true;
}
//build the url
var url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
var url = "";
if(path.indexOf("http://") != -1 || path.indexOf("http://") != -1){
url = path;
}else{
url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
}
//define response object
var response = new this.response;

13
extensions/requester/api/hook.rb
View File

@@ -95,6 +95,15 @@ module BeEF
end
end
if @port.nil?
if uri.match(/^https:/)
@port = 443
else
@port = 80
end
end
print_debug "Uri [#{uri}] - Host: [#{@host}] - Port [#{@port}]"
#POST request
if not @content_length.nil? and @content_length > 0
post_data_scliced = req_parts.slice(@post_data_index + 1, req_parts.length)
@@ -102,7 +111,7 @@ module BeEF
http_request_object = {
'id' => http_db_object.id,
'method' => verb,
'host' => @host,
'host' => @host.strip,
'port' => @port,
'data' => @post_data,
'uri' => uri,
@@ -113,7 +122,7 @@ module BeEF
http_request_object = {
'id' => http_db_object.id,
'method' => verb,
'host' => @host,
'host' => @host.strip,
'port' => @port,
'uri' => uri,
'headers' => headers