From 0866b0a8e11c2e4cf5ac8b51bc5b8dd6b59fb9d0 Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Tue, 22 Nov 2011 11:18:55 +0100 Subject: [PATCH] bugfix on the requester, small code change in net.js (optimized cross_domain checks, added check when URI contains schema/domain as well) --- core/main/client/net.js | 45 ++++++++++++++++++++++++-------- extensions/requester/api/hook.rb | 13 +++++++-- 2 files changed, 45 insertions(+), 13 deletions(-) diff --git a/core/main/client/net.js b/core/main/client/net.js index dedd71f79..d80cca42c 100644 --- a/core/main/client/net.js +++ b/core/main/client/net.js @@ -145,13 +145,24 @@ beef.net = { */ request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) { //check if same domain or cross domain - cross_domain = !((document.domain == domain) && ((document.location.port == port) || (document.location.port == "" && port == "80"))); + if (document.domain == domain){ + if(document.location.port == "" || document.location.port == null){ + cross_domain = !(port == "80" || port == "443"); + } + }else{ + cross_domain = true; + } - //build the url - var url = scheme + "://" + domain; - url = (port != null) ? url + ":" + port : url; - url = (path != null) ? url + path : url; - url = (anchor != null) ? url + "#" + anchor : url; + //build the url + var url = ""; + if(path.indexOf("http://") != -1 || path.indexOf("http://") != -1){ + url = path; + }else{ + url = scheme + "://" + domain; + url = (port != null) ? url + ":" + port : url; + url = (path != null) ? url + path : url; + url = (anchor != null) ? url + "#" + anchor : url; + } //define response object var response = new this.response; @@ -205,14 +216,26 @@ beef.net = { * Firefox and Chrome automatically requests /safebrowsing/downloads (XHR) */ proxyrequest: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, requestid, callback) { + //check if same domain or cross domain - cross_domain = !((document.domain == domain) && ((document.location.port == port) || (document.location.port == "" && port == "80"))); + if (document.domain == domain){ + if(document.location.port == "" || document.location.port == null){ + cross_domain = !(port == "80" || port == "443"); + } + }else{ + cross_domain = true; + } //build the url - var url = scheme + "://" + domain; - url = (port != null) ? url + ":" + port : url; - url = (path != null) ? url + path : url; - url = (anchor != null) ? url + "#" + anchor : url; + var url = ""; + if(path.indexOf("http://") != -1 || path.indexOf("http://") != -1){ + url = path; + }else{ + url = scheme + "://" + domain; + url = (port != null) ? url + ":" + port : url; + url = (path != null) ? url + path : url; + url = (anchor != null) ? url + "#" + anchor : url; + } //define response object var response = new this.response; diff --git a/extensions/requester/api/hook.rb b/extensions/requester/api/hook.rb index 4be86ab4b..7166273e3 100644 --- a/extensions/requester/api/hook.rb +++ b/extensions/requester/api/hook.rb @@ -95,6 +95,15 @@ module BeEF end end + if @port.nil? + if uri.match(/^https:/) + @port = 443 + else + @port = 80 + end + end + print_debug "Uri [#{uri}] - Host: [#{@host}] - Port [#{@port}]" + #POST request if not @content_length.nil? and @content_length > 0 post_data_scliced = req_parts.slice(@post_data_index + 1, req_parts.length) @@ -102,7 +111,7 @@ module BeEF http_request_object = { 'id' => http_db_object.id, 'method' => verb, - 'host' => @host, + 'host' => @host.strip, 'port' => @port, 'data' => @post_data, 'uri' => uri, @@ -113,7 +122,7 @@ module BeEF http_request_object = { 'id' => http_db_object.id, 'method' => verb, - 'host' => @host, + 'host' => @host.strip, 'port' => @port, 'uri' => uri, 'headers' => headers