Fix requester when evasion is enabled - Fix #1386
This commit is contained in:
Brendan Coles
@@ -28,8 +28,16 @@ module BeEF
|
|||||||
config = BeEF::Core::Configuration.instance
|
config = BeEF::Core::Configuration.instance
|
||||||
ws = BeEF::Core::Websocket::Websocket.instance
|
ws = BeEF::Core::Websocket::Websocket.instance
|
||||||
|
|
||||||
# todo antisnatchor: prevent sending "content" multiple times. Better leaving it after the first run, and don't send it again.
|
if config.get("beef.extension.evasion.enable")
|
||||||
#todo antisnatchor: remove this gsub crap adding some hook packing.
|
evasion = BeEF::Extension::Evasion::Evasion.instance
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
# todo antisnatchor: prevent sending "content" multiple times.
|
||||||
|
# Better leaving it after the first run, and don't send it again.
|
||||||
|
# todo antisnatchor: remove this gsub crap adding some hook packing.
|
||||||
|
|
||||||
|
# If we use WebSockets, just reply wih the component contents
|
||||||
if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session)
|
if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session)
|
||||||
content = File.read(find_beefjs_component_path 'beef.net.requester').gsub('//
|
content = File.read(find_beefjs_component_path 'beef.net.requester').gsub('//
|
||||||
// Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
|
// Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
|
||||||
@@ -37,9 +45,13 @@ module BeEF
|
|||||||
// See the file \'doc/COPYING\' for copying permission
|
// See the file \'doc/COPYING\' for copying permission
|
||||||
//', "")
|
//', "")
|
||||||
add_to_body output
|
add_to_body output
|
||||||
ws.send(content + @body,hb.session)
|
if config.get("beef.extension.evasion.enable")
|
||||||
#if we use WebSockets, just reply wih the component contents
|
ws.send(evasion.obfuscate(content) + @body, hb.session)
|
||||||
else # if we use XHR-polling, add the component to the main hook file
|
else
|
||||||
|
ws.send(content + @body, hb.session)
|
||||||
|
end
|
||||||
|
# if we use XHR-polling, add the component to the main hook file
|
||||||
|
else
|
||||||
build_missing_beefjs_components 'beef.net.requester'
|
build_missing_beefjs_components 'beef.net.requester'
|
||||||
# Send the command to perform the requests to the hooked browser
|
# Send the command to perform the requests to the hooked browser
|
||||||
add_to_body output
|
add_to_body output
|
||||||
@@ -47,13 +59,22 @@ module BeEF
|
|||||||
end
|
end
|
||||||
|
|
||||||
def add_to_body(output)
|
def add_to_body(output)
|
||||||
@body << %Q{
|
config = BeEF::Core::Configuration.instance
|
||||||
|
|
||||||
|
req = %Q{
|
||||||
beef.execute(function() {
|
beef.execute(function() {
|
||||||
beef.net.requester.send(
|
beef.net.requester.send(
|
||||||
#{output.to_json}
|
#{output.to_json}
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.get("beef.extension.evasion.enable")
|
||||||
|
evasion = BeEF::Extension::Evasion::Evasion.instance
|
||||||
|
@body << evasion.obfuscate(req)
|
||||||
|
else
|
||||||
|
@body << req
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
Reference in New Issue
Block a user