From 1b173e4b986b1f1e898448ef6d6688a1cf72087d Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sat, 16 Feb 2019 13:57:52 +0000 Subject: [PATCH] Replace /proxy controller with REST API - #1389 --- .../javascript/ui/panel/zombiesTreeList.js | 5 +- extensions/proxy/api.rb | 5 -- extensions/proxy/controllers/proxy.rb | 51 ------------------- extensions/proxy/proxy.rb | 4 +- 4 files changed, 5 insertions(+), 60 deletions(-) delete mode 100644 extensions/proxy/controllers/proxy.rb diff --git a/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js b/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js index c6f401037..4554eca30 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js +++ b/extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js @@ -103,9 +103,10 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, { switch (item.id) { case 'use_as_proxy': Ext.Ajax.request({ - url: '<%= @base_path %>/proxy/setTargetZombie', + url: '/api/proxy/setTargetZombie?token=' + beefwui.get_rest_token(), method: 'POST', - params: 'hb_id=' + escape(hb_id) + headers: {'Content-Type': 'application/json; charset=UTF-8'}, + jsonData: {'hb_id': escape(hb_id)} }); break; case 'xssrays_hooked_domain': diff --git a/extensions/proxy/api.rb b/extensions/proxy/api.rb index 735df50b5..4457b8929 100644 --- a/extensions/proxy/api.rb +++ b/extensions/proxy/api.rb @@ -7,7 +7,6 @@ module BeEF module Extension module Proxy module API - module RegisterHttpHandler BeEF::API::Registrar.instance.register(BeEF::Extension::Proxy::API::RegisterHttpHandler, BeEF::API::Server, 'pre_http_start') @@ -24,13 +23,9 @@ module BeEF end def self.mount_handler(beef_server) - beef_server.mount('/proxy', BeEF::Extension::Requester::Handler) beef_server.mount('/api/proxy', BeEF::Extension::Proxy::ProxyRest.new) end - end - - end end end diff --git a/extensions/proxy/controllers/proxy.rb b/extensions/proxy/controllers/proxy.rb deleted file mode 100644 index 5be9fc63a..000000000 --- a/extensions/proxy/controllers/proxy.rb +++ /dev/null @@ -1,51 +0,0 @@ -# -# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net -# Browser Exploitation Framework (BeEF) - http://beefproject.com -# See the file 'doc/COPYING' for copying permission -# -module BeEF -module Extension -module AdminUI -module Controllers - -# -# HTTP Controller for the Proxy component of BeEF. -# -class Proxy < BeEF::Extension::AdminUI::HttpController - - H = BeEF::Core::Models::Http - HB = BeEF::Core::Models::HookedBrowser - - def initialize - super({ - 'paths' => { - '/setTargetZombie' => method(:set_target_zombie) - } - }) - end - - - def set_target_zombie - hb_session_id = @params['hb_id'].to_s - hooked_browser = HB.first(:session => hb_session_id) - previous_proxy_hb = HB.first(:is_proxy => true) - - # if another HB is currently set as tunneling proxy, unset it - if(previous_proxy_hb != nil) - previous_proxy_hb.update(:is_proxy => false) - print_debug("Unsetting previously HB [#{previous_proxy_hb.ip.to_s}] used as Tunneling Proxy") - end - - # set the HB requested in /setTargetProxy as Tunneling Proxy - if(hooked_browser != nil) - hooked_browser.update(:is_proxy => true) - print_info("Using Hooked Browser with ip [#{hooked_browser.ip.to_s}] as Tunneling Proxy") - end - end - -end - -end -end -end -end diff --git a/extensions/proxy/proxy.rb b/extensions/proxy/proxy.rb index ad059d0a8..16d370761 100644 --- a/extensions/proxy/proxy.rb +++ b/extensions/proxy/proxy.rb @@ -27,7 +27,7 @@ module BeEF # load certificate begin cert_file = @conf.get('beef.extension.proxy.cert') - cert = File.open(cert_file) + cert = File.read(cert_file) ssl_context.cert = OpenSSL::X509::Certificate.new(cert) rescue print_error "[Proxy] Could not load SSL certificate '#{cert_file}'" @@ -36,7 +36,7 @@ module BeEF # load key begin key_file = @conf.get('beef.extension.proxy.key') - key = File.open(key_file) + key = File.read(key_file) ssl_context.key = OpenSSL::PKey::RSA.new(key) rescue print_error "[Proxy] Could not load SSL key '#{key_file}'"