Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent BeEF to be auto-BeEFed :-)

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1357 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor
2011-10-07 13:07:07 +00:00
parent c8799f49a3
commit 20f07a5b04
10 changed files with 179 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
extensions/admin_ui/controllers/panel/index.html
View File

@@ -8,6 +8,12 @@
<%= script_tag 'ext-base.js' %>
<%= script_tag 'ext-all.js' %>
<%= script_tag 'ext-beef.js' %>
<!-- jQuery encoder (ESAPI way) -->
<%= script_tag 'esapi/jquery-1.6.4.min.js' %>
<%= script_tag 'esapi/Class.create.js' %>
<%= script_tag 'esapi/jquery-encoder-0.1.0.js' %>
<script type="text/javascript" language="JavaScript">var $jEncoder = jQuery.noConflict();</script>
<!--/ jQuery encoder (ESAPI way) -->
<%= script_tag 'ux/TabCloseMenu.js' %>
<%= script_tag 'ux/StatusBar.js' %>
<%= script_tag 'ux/PagingStore.js' %>

64
extensions/admin_ui/media/javascript/esapi/Class.create.js Normal file
View File

@@ -0,0 +1,64 @@
/* Simple JavaScript Inheritance
* By John Resig http://ejohn.org/
* MIT Licensed.
*/
// Inspired by base2 and Prototype
(function(){
var initializing = false, fnTest = /xyz/.test(function(){xyz;}) ? /\b_super\b/ : /.*/;
// The base Class implementation (does nothing)
this.Class = function(){};
// Create a new Class that inherits from this class
Class.extend = function(prop) {
var _super = this.prototype;
// Instantiate a base class (but only create the instance,
// don't run the init constructor)
initializing = true;
var prototype = new this();
initializing = false;
// Copy the properties over onto the new prototype
for (var name in prop) {
// Check if we're overwriting an existing function
prototype[name] = typeof prop[name] == "function" &&
typeof _super[name] == "function" && fnTest.test(prop[name]) ?
(function(name, fn){
return function() {
var tmp = this._super;
// Add a new ._super() method that is the same method
// but on the super-class
this._super = _super[name];
// The method only need to be bound temporarily, so we
// remove it when we're done executing
var ret = fn.apply(this, arguments);
this._super = tmp;
return ret;
};
})(name, prop[name]) :
prop[name];
}
// The dummy class constructor
function Class() {
// All construction is actually done in the init method
if ( !initializing && this.init )
this.init.apply(this, arguments);
}
// Populate our constructed prototype object
Class.prototype = prototype;
// Enforce the constructor to be what we expect
Class.constructor = Class;
// And make this class extendable
Class.extend = arguments.callee;
return Class;
};
})();

4
extensions/admin_ui/media/javascript/esapi/jquery-1.6.4.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

82
extensions/admin_ui/media/javascript/esapi/jquery-encoder-0.1.0.js Normal file
View File

File diff suppressed because one or more lines are too long

6
extensions/admin_ui/media/javascript/ui/panel/DataGrid.js
View File

@@ -54,7 +54,7 @@ DataGrid = function(url, page, base) {
sortable: true,
width: 60,
renderer: function(value, metaData, record, rowIndex, colIndex, store) {
return "<b>" + value + "</b>";
return "<b>" + $jEncoder.encoder.encodeForHTML(value) + "</b>";
}
}, {
id: 'log-event',
@@ -62,13 +62,13 @@ DataGrid = function(url, page, base) {
dataIndex: 'event',
sortable:true,
width: 420,
renderer: this.formatTitle
renderer: $jEncoder.encoder.encodeForHTML(this.formatTitle)
}, {
id: 'log-date',
header: "Date",
dataIndex: 'date',
width: 80,
renderer: this.formatDate,
renderer: $jEncoder.encoder.encodeForHTML(this.formatDate),
sortable:true
}];

3
extensions/admin_ui/media/javascript/ui/panel/common.js
View File

@@ -257,12 +257,11 @@ function genExisingExploitPanel(panel, command_id, zombie, sb) {
renderer: function(value, p, record) {
html = String.format("<div style='color:#385F95;text-align:right;'>{0}</div>", value);
html += '<p>';
for(index in record.data.data) {
result = record.data.data[index];
index = index.toString().replace('_', ' ');
html += String.format('<b>{0}</b>: {1}<br>', index, result);
html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result));
}
html += '</p>';

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js
View File

@@ -64,7 +64,7 @@ ZombieTab_Commands = function(zombie) {
{header: 'date', width: 100, sortable: true, dataIndex: 'creationdate'},
{header: 'label', sortable: true, dataIndex: 'label', renderer:
function(value, metaData, record, rowIndex, colIndex, store) {
return 'command '+(record.get("id")+1);
return 'command '+($jEncoder.encoder.encodeForHTML(record.get("id")+1));
}
},
{header: 'object_id', sortable: true, dataIndex: 'object_id', hidden: true, menuDisabled: true}

8
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js
View File

@@ -58,21 +58,21 @@ ZombieTab_DetailsTab = function(zombie) {
header: 'information',
dataIndex: 'data',
renderer: function(value, p, record) {
html = ''
html = '';
for(index in value) {
result = value[index];
index = index.toString().replace('_', ' ');
html += String.format('<b>{0}</b>: {1}<br>', index, result);
html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result));
}
return html;
}
},
{header: 'command_module', dataIndex:'from', width: 25, renderer: function(value){return value;}},
{header: 'Category', dataIndex:'category', hidden: true, renderer: function(value){return value;}}
{header: 'command_module', dataIndex:'from', width: 25, renderer: function(value){return $jEncoder.encoder.encodeForHTML(value);}},
{header: 'Category', dataIndex:'category', hidden: true, renderer: function(value){return $jEncoder.encoder.encodeForHTML(value);}}
]
});

22
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRequester.js
View File

@@ -101,16 +101,16 @@ ZombieTab_Requester = function(zombie) {
columns: [
{header: 'Id', width: 10, sortable: true, dataIndex: 'id', hidden:true},
{header: 'Domain', sortable: true, dataIndex: 'domain'},
{header: 'Port', width: 30, sortable: true, dataIndex: 'port'},
{header: 'Method', width: 30, sortable: true, dataIndex: 'method'},
{header: 'Path', sortable: true, dataIndex: 'path'},
{header: 'Res Code', width: 35, sortable: true, dataIndex: 'response_status_code'},
{header: 'Res Text', width: 50, sortable: true, dataIndex: 'response_status_text'},
{header: 'Port Status', width: 40, sortable: true, dataIndex: 'response_port_status'},
{header: 'Processed', width: 50, sortable: true, dataIndex: 'has_ran'},
{header: 'Req Date', width: 50, sortable: true, dataIndex: 'request_date'},
{header: 'Res Date', width: 50, sortable: true, dataIndex: 'response_date'}
{header: 'Domain', sortable: true, dataIndex: 'domain', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Port', width: 30, sortable: true, dataIndex: 'port', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Method', width: 30, sortable: true, dataIndex: 'method', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Path', sortable: true, dataIndex: 'path', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Res Code', width: 35, sortable: true, dataIndex: 'response_status_code', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Res Text', width: 50, sortable: true, dataIndex: 'response_status_text', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Port Status', width: 40, sortable: true, dataIndex: 'response_port_status', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Processed', width: 50, sortable: true, dataIndex: 'has_ran', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Req Date', width: 50, sortable: true, dataIndex: 'request_date', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Res Date', width: 50, sortable: true, dataIndex: 'response_date', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}
],
@@ -274,7 +274,7 @@ ZombieTab_Requester = function(zombie) {
var tab_result_accordion = new Ext.Panel({
id: 'requester-response-'+request.id,
title: request.path,
title: $jEncoder.encoder.encodeForHTML(request.path),
split: true,
border: false,
layout:'accordion',

6
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js
View File

@@ -74,9 +74,9 @@ ZombieTab_XssRaysTab = function(zombie) {
columns: [
{header: 'Id', width: 10, sortable: true, dataIndex: 'id', hidden:true},
{header: 'Vector Method', width: 30, sortable: true, dataIndex: 'vector_method'},
{header: 'Vector Name', width: 40, sortable: true, dataIndex: 'vector_name'},
{header: 'Vector PoC', sortable: true, dataIndex: 'vector_poc'}
{header: 'Vector Method', width: 30, sortable: true, dataIndex: 'vector_method', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Vector Name', width: 40, sortable: true, dataIndex: 'vector_name', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},
{header: 'Vector PoC', sortable: true, dataIndex: 'vector_poc', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}
],
listeners: {