Replace /proxy controller with REST API - #1389

extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js

@@ -103,9 +103,10 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
                   switch (item.id) {
                       case 'use_as_proxy':
                            Ext.Ajax.request({
-                                url: '<%= @base_path %>/proxy/setTargetZombie',
+                                url: '/api/proxy/setTargetZombie?token=' + beefwui.get_rest_token(),
                                 method: 'POST',
-                                params: 'hb_id=' + escape(hb_id)
+                                headers: {'Content-Type': 'application/json; charset=UTF-8'},
+                                jsonData: {'hb_id': escape(hb_id)}
                             });
                           break;
                        case 'xssrays_hooked_domain':

extensions/proxy/api.rb

@@ -7,7 +7,6 @@ module BeEF
   module Extension
     module Proxy
       module API
-
         module RegisterHttpHandler
 
           BeEF::API::Registrar.instance.register(BeEF::Extension::Proxy::API::RegisterHttpHandler, BeEF::API::Server, 'pre_http_start')
@@ -24,13 +23,9 @@ module BeEF
           end
 
           def self.mount_handler(beef_server)
-            beef_server.mount('/proxy', BeEF::Extension::Requester::Handler)
             beef_server.mount('/api/proxy', BeEF::Extension::Proxy::ProxyRest.new)
           end
-
         end
-
-
       end
     end
   end

extensions/proxy/controllers/proxy.rb

@@ -1,51 +0,0 @@
-#
-# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
-# Browser Exploitation Framework (BeEF) - http://beefproject.com
-# See the file 'doc/COPYING' for copying permission
-#
-module BeEF
-module Extension
-module AdminUI
-module Controllers
-
-#
-# HTTP Controller for the Proxy component of BeEF.
-#
-class Proxy < BeEF::Extension::AdminUI::HttpController
-
-  H = BeEF::Core::Models::Http
-  HB = BeEF::Core::Models::HookedBrowser
-
-  def initialize
-    super({
-      'paths' => {
-        '/setTargetZombie' => method(:set_target_zombie)
-      }
-    })
-  end
-
-
-  def set_target_zombie
-    hb_session_id = @params['hb_id'].to_s
-    hooked_browser = HB.first(:session => hb_session_id)
-    previous_proxy_hb = HB.first(:is_proxy => true)
-
-    # if another HB is currently set as tunneling proxy, unset it
-    if(previous_proxy_hb != nil)
-      previous_proxy_hb.update(:is_proxy => false)
-      print_debug("Unsetting previously HB [#{previous_proxy_hb.ip.to_s}] used as Tunneling Proxy")
-    end
-
-    # set the HB requested in /setTargetProxy as Tunneling Proxy
-    if(hooked_browser != nil)
-      hooked_browser.update(:is_proxy => true)
-      print_info("Using Hooked Browser with ip [#{hooked_browser.ip.to_s}] as Tunneling Proxy")
-    end
-  end
-
-end
-
-end
-end
-end
-end

extensions/proxy/proxy.rb

@@ -27,7 +27,7 @@ module BeEF
           # load certificate
           begin
             cert_file = @conf.get('beef.extension.proxy.cert')
-            cert = File.open(cert_file)
+            cert = File.read(cert_file)
             ssl_context.cert = OpenSSL::X509::Certificate.new(cert)
           rescue
             print_error "[Proxy] Could not load SSL certificate '#{cert_file}'"
@@ -36,7 +36,7 @@ module BeEF
           # load key
           begin
             key_file = @conf.get('beef.extension.proxy.key')
-            key = File.open(key_file)
+            key = File.read(key_file)
             ssl_context.key = OpenSSL::PKey::RSA.new(key)
           rescue
             print_error "[Proxy] Could not load SSL key '#{key_file}'"