diff --git a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRequester.js b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRequester.js index 53aab0e0f..84acf74b3 100644 --- a/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRequester.js +++ b/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRequester.js @@ -73,7 +73,7 @@ ZombieTab_Requester = function(zombie) { autoDestroy: true, autoLoad: false, root: 'history', - + fields: ['domain', 'port', 'method', 'request_date', 'response_date','id', 'has_ran', 'path','response_status_code', 'response_status_text', 'response_port_status'], sortInfo: {field: 'request_date', direction: 'DESC'}, @@ -154,7 +154,7 @@ ZombieTab_Requester = function(zombie) { var tab_panel = Ext.getCmp('zombie-requester-tab-zombie-'+zombie.session); var r = grid.getStore().getAt(rowIndex).data; - if(!r.has_ran) { + if(r.has_ran != "complete") { commands_statusbar.update_fail("Response for this request has not been received yet."); return; } @@ -170,7 +170,8 @@ ZombieTab_Requester = function(zombie) { Ext.DomHelper.append('header', {tag: 'div', id: 'requesterWelcomeWinShown'}); } datagrid.store.reload({params:{start:0,limit:req_pagesize, sort: "date", dir:"DESC"}}); - } + }, + // Uncomment it when we'll add a contextMenu (right click on a row) in the history grid // ,rowcontextmenu: function(grid, rowIndex, event){ // event.stopEvent(); @@ -191,20 +192,20 @@ ZombieTab_Requester = function(zombie) { listeners: { activate: function(history_panel) { - history_panel.items.items[0].store.reload(); + history_panel.items.items[0].store.reload({params:{url:'/ui/requester/history.json'}}); } } }); - // Return the extension_requester_http table row ID given a grid row index - function getHttpDbId(grid, rowIndex){ + // Return the extension_requester_http table row ID given a grid row index + function getHttpDbId(grid, rowIndex){ var row = grid.getStore().getAt(rowIndex).data; - var result = null; - if(row != null){ - result = row.id; - } - return result; - } + var result = null; + if(row != null){ + result = row.id; + } + return result; + } // Function generating the requests panel to send raw requests //------------------------------------------------------------- @@ -248,14 +249,14 @@ ZombieTab_Requester = function(zombie) { } }] }); - - if(!value) { - value = "GET /demos/secret_page.html HTTP/1.1\n"; - if (zombie.domain) value += "Host: "+zombie.domain+"\n"; - else value += "Host: \n"; + if(!value) { + if (zombie.domain) { + value = "GET /demos/secret_page.html HTTP/1.1\n"; + value += "Host: "+zombie.domain+":3000\n"; + } else value = "GET / HTTP/1.1\nHost: \n"; } - + form.get('raw-request-zombie-'+zombie.session).value = value; panel = Ext.getCmp('requester-forge-requests-zombie-'+zombie.session); @@ -287,14 +288,16 @@ ZombieTab_Requester = function(zombie) { var tab_result_response_headers = new Ext.Panel({ title: 'Response Headers', border: false, + collapsed: false, layout: 'fit', padding: '5px 5px 5px 5px', - items:[new Ext.form.TextArea({id: 'requester-response-res-headers-'+request.id, value: xhr.result.response_headers + "\n"})] + items:[new Ext.form.TextArea({id: 'requester-response-res-headers-'+request.id, value: xhr.result.response_headers + "\n"})] }); var tab_result_response_body = new Ext.Panel({ title: 'Response Body', border: false, + collapsed: false, layout: 'fit', padding: '5px 5px 5px 5px', items:[new Ext.form.TextArea({id: 'requester-response-res-body-'+request.id, value: xhr.result.response + "\n"})] @@ -303,6 +306,7 @@ ZombieTab_Requester = function(zombie) { var tab_result_request = new Ext.Panel({ title: 'Request', border: false, + collapsed: true, layout: 'fit', padding: '5px 5px 5px 5px', items:[new Ext.form.TextArea({id: 'requester-response-req-'+request.id, value: xhr.result.request})] @@ -315,7 +319,7 @@ ZombieTab_Requester = function(zombie) { border: false, layout:'accordion', closable: true, - items:[tab_result_request, tab_result_response_headers, tab_result_response_body] + items:[tab_result_request, tab_result_response_headers, tab_result_response_body] }); tab_panel.add(tab_result_accordion); @@ -329,8 +333,8 @@ ZombieTab_Requester = function(zombie) { } }); }; - - + + ZombieTab_Requester.superclass.constructor.call(this, { id: 'zombie-requester-tab-zombie-'+zombie.session, title: 'Requester', diff --git a/extensions/proxy/handlers/zombie/handler.rb b/extensions/proxy/handlers/zombie/handler.rb index a6efd62e6..ef0e95fbb 100644 --- a/extensions/proxy/handlers/zombie/handler.rb +++ b/extensions/proxy/handlers/zombie/handler.rb @@ -66,7 +66,7 @@ module Zombie # while waiting for the HTTP response to be stored in the db. print_info("[PROXY] Thread started in order to process request ##{http.id} to [#{req.path.to_s}] on domain [#{req.host}:#{req.port}]") @response_thread = Thread.new do - while !H.first(:id => http.id).has_ran + while H.first(:id => http.id).has_ran != "complete" sleep 0.5 end @response = H.first(:id => http.id) diff --git a/extensions/requester/api/hook.rb b/extensions/requester/api/hook.rb index e65b78302..3f2f0bfb0 100644 --- a/extensions/requester/api/hook.rb +++ b/extensions/requester/api/hook.rb @@ -35,7 +35,7 @@ module BeEF @body = body # we generate all the requests and output them to the hooked browser output = [] - BeEF::Core::Models::Http.all(:hooked_browser_id => hb.id, :has_ran => false).each { |h| + BeEF::Core::Models::Http.all(:hooked_browser_id => hb.id, :has_ran => "waiting").each { |h| output << self.requester_parse_db_request(h) } diff --git a/extensions/requester/handler.rb b/extensions/requester/handler.rb index c217efff9..5b32042b6 100644 --- a/extensions/requester/handler.rb +++ b/extensions/requester/handler.rb @@ -56,8 +56,8 @@ module Requester raise WEBrick::HTTPStatus::BadRequest, "Invalid http_db: no such request found in the database" if http_db.nil? # validates that the http request has not be ran before - raise WEBrick::HTTPStatus::BadRequest, "This http request has been saved before" if http_db.has_ran.eql? true - + raise WEBrick::HTTPStatus::BadRequest, "This http request has been saved before" if http_db.has_ran.eql? "complete" + # validates the response code response_code = @data['results']['response_status_code'] || nil raise WEBrick::HTTPStatus::BadRequest, "Http response code is null" if response_code.nil? @@ -70,7 +70,7 @@ module Requester http_db.response_port_status = @data['results']['response_port_status'] http_db.response_data = @data['results']['response_data'] http_db.response_date = Time.now - http_db.has_ran = true + http_db.has_ran = "complete" # Store images as binary diff --git a/extensions/requester/models/http.rb b/extensions/requester/models/http.rb index b02c93459..36a9dc709 100644 --- a/extensions/requester/models/http.rb +++ b/extensions/requester/models/http.rb @@ -61,7 +61,7 @@ module Models property :port, Text, :lazy => false # Boolean value to say if the request was cross-domain - property :has_ran, Boolean, :default => false + property :has_ran, Text, :lazy => false, :default => "waiting" # The path of the request. # Example: /secret.html @@ -73,9 +73,6 @@ module Models # The date at which the http request has been saved. property :request_date, DateTime, :lazy => false - # Boolean value to say if the http response has been received or not. - property :has_ran, Boolean, :default => false - end end