Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

The domain no longer set in the zombiehandler. It is now set via hostname in inithandler.

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@537 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
wade@bindshell.net
2010-11-17 11:09:17 +00:00
parent aaf4a0d8f4
commit 267fab1d9b
5 changed files with 37 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/filter/init.rb
View File

@@ -35,6 +35,18 @@ module BeEF
true
end
# verify the hostname string is valid
def self.is_valid_hostname?(str)
return false if not BeEF::Filter.is_non_empty_string?(str)
return false if BeEF::Filter.has_non_printable_char?(str)
return false if str.length > 255
return false if (str =~ /^[a-zA-Z0-9][a-zA-Z0-9\-\.]*[a-zA-Z0-9]$/).nil?
return false if not (str =~ /\.\./).nil?
return false if not (str =~ /\-\-/).nil?
true
end
end
end

5
lib/server/inithandler.rb
View File

@@ -50,6 +50,11 @@ module BeEF
raise WEBrick::HTTPStatus::BadRequest, "Invalid page title name" if not Filter.is_valid_pagetitle?(page_title)
BD.set(session_id, 'PageTitle', page_title)
# get and store page title
host_name = get_param(request.query, 'HostName')
raise WEBrick::HTTPStatus::BadRequest, "Invalid host name" if not Filter.is_valid_hostname?(host_name)
BD.set(session_id, 'HostName', host_name)
# init details have been returned so set flag and save
hooked_browser.has_init = true
@guard.synchronize {

1
lib/server/zombiehandler.rb
View File

@@ -48,7 +48,6 @@ module BeEF
# create the structure repesenting the hooked browser
zombie = BeEF::Models::Zombie.new(:ip => request.peeraddr[3], :session => hook_session_value)
zombie.domain = request.get_referer_domain
zombie.firstseen = Time.new.to_i
zombie.has_init = false # set to true (in inithandler.rb) when the init values returned
zombie.httpheaders = request.header.to_json

19
lib/ui/modules/modules.rb
View File

@@ -41,10 +41,10 @@ class Modules < BeEF::HttpController
'results' => []
}
# set and add the return values for the page name
# set and add the return values for the page title
page_title = BD.get(zombie_session, 'PageTitle')
encoded_page_name = CGI.escapeHTML(page_title)
encoded_page_hash = { 'Page Title' => encoded_page_name }
encoded_page_title = CGI.escapeHTML(page_title)
encoded_page_hash = { 'Page Title' => encoded_page_title }
page_name_row = {
'category' => 'Browser Hook Initialisation',
@@ -54,6 +54,19 @@ class Modules < BeEF::HttpController
summary_grid_hash['results'].push(page_name_row) # add the row
# set and add the return values for the host name
host_name = BD.get(zombie_session, 'HostName')
encoded_host_name = CGI.escapeHTML(host_name)
encoded_host_name_hash = { 'Host Name' => encoded_host_name }
page_name_row = {
'category' => 'Browser Hook Initialisation',
'data' => encoded_host_name_hash,
'from' => 'Initialisation'
}
summary_grid_hash['results'].push(page_name_row) # add the row
# set and add the return values for the browser name
browser_name = BD.get(zombie_session, 'BrowserName')
friendly_browser_name = BeEF::Constants::Browsers.friendly_name(browser_name)

6
lib/ui/zombies/zombies.rb
View File

@@ -73,11 +73,12 @@ class Zombies < BeEF::HttpController
browser_icon = BeEF::Models::BrowserDetails.browser_icon(hooked_browser.session)
os_icon = BeEF::Models::BrowserDetails.os_icon(hooked_browser.session)
domain = BeEF::Models::BrowserDetails.get(hooked_browser.session, 'HostName')
return {
'session' => hooked_browser.session,
'ip' => hooked_browser.ip,
'domain' => hooked_browser.domain,
'domain' => domain,
'browser_icon' => browser_icon,
'os_icon' => os_icon
}
@@ -89,7 +90,8 @@ class Zombies < BeEF::HttpController
hooked_browser_hash = get_simple_hooked_browser_hash(zombie)
return hooked_browser_hash.merge( {
'lastseen' => zombie.lastseen
'lastseen' => zombie.lastseen,
'httpheaders' => JSON.parse(zombie.httpheaders)
})
end