Merge remote-tracking branch 'origin/master' into 3182_Resubmit_PR
This commit is contained in:
zinduolis
1
Gemfile
1
Gemfile
@@ -21,6 +21,7 @@ gem 'term-ansicolor', :require => 'term/ansicolor'
|
||||
gem 'rubyzip', '~> 2.3'
|
||||
gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
|
||||
gem 'rake', '~> 13.2'
|
||||
gem 'activerecord', '~> 7.0'
|
||||
gem 'otr-activerecord', '~> 2.2.0'
|
||||
gem 'sqlite3', '~> 1.4'
|
||||
gem 'rubocop', '~> 1.66.1', require: false
|
||||
|
||||
13
Gemfile.lock
13
Gemfile.lock
@@ -1,13 +1,13 @@
|
||||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
activemodel (7.1.4)
|
||||
activesupport (= 7.1.4)
|
||||
activerecord (7.1.4)
|
||||
activemodel (= 7.1.4)
|
||||
activesupport (= 7.1.4)
|
||||
activemodel (7.1.4.2)
|
||||
activesupport (= 7.1.4.2)
|
||||
activerecord (7.1.4.2)
|
||||
activemodel (= 7.1.4.2)
|
||||
activesupport (= 7.1.4.2)
|
||||
timeout (>= 0.4.0)
|
||||
activesupport (7.1.4)
|
||||
activesupport (7.1.4.2)
|
||||
base64
|
||||
bigdecimal
|
||||
concurrent-ruby (~> 1.0, >= 1.0.2)
|
||||
@@ -268,6 +268,7 @@ PLATFORMS
|
||||
x86_64-linux
|
||||
|
||||
DEPENDENCIES
|
||||
activerecord (~> 7.0)
|
||||
ansi (~> 1.5)
|
||||
async (~> 1.32)
|
||||
async-dns (~> 1.3)
|
||||
|
||||
@@ -4,8 +4,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
|
||||
t.text :hooked_browser_id
|
||||
# The http request to perform. In clear text.
|
||||
t.text :request
|
||||
# Boolean value as string to say whether cross-domain requests are allowed
|
||||
t.boolean :allow_cross_domain, default: true
|
||||
# Boolean value as string to say whether cross-origin requests are allowed
|
||||
t.boolean :allow_cross_origin, default: true
|
||||
# The http response body received. In clear text.
|
||||
t.text :response_data
|
||||
# The http response code. Useful to handle cases like 404, 500, 302, ...
|
||||
@@ -26,7 +26,7 @@ class CreateHttp < ActiveRecord::Migration[6.0]
|
||||
t.text :domain
|
||||
# The port on which perform the request.
|
||||
t.text :port
|
||||
# Boolean value to say if the request was cross-domain
|
||||
# Boolean value to say if the request was cross-origin
|
||||
t.text :has_ran, default: 'waiting'
|
||||
# The path of the request.
|
||||
# Example: /secret.html
|
||||
|
||||
@@ -5,7 +5,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
|
||||
t.datetime :scan_start
|
||||
t.datetime :scan_finish
|
||||
t.text :domain
|
||||
t.text :cross_domain
|
||||
t.text :cross_origin
|
||||
t.integer :clean_timeout
|
||||
t.boolean :is_started
|
||||
t.boolean :is_finished
|
||||
|
||||
@@ -31,7 +31,7 @@
|
||||
* for example, if someone deletes all but one type of cookie, once
|
||||
* that cookie is re-discovered, all of the other cookie types get reset
|
||||
*
|
||||
* !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
|
||||
* !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
|
||||
* OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
|
||||
*
|
||||
* USAGE:
|
||||
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
|
||||
else
|
||||
return this.getFromStr(name, document.cookie);
|
||||
}catch(e){
|
||||
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
|
||||
// the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
|
||||
// evercookie_userdata and evercookie_window will be used in this case.
|
||||
}
|
||||
};
|
||||
|
||||
@@ -38,7 +38,7 @@ beef.mitb = {
|
||||
if (method == "GET") {
|
||||
//GET request -> cross-origin
|
||||
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
|
||||
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
|
||||
beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
|
||||
window.open(url);
|
||||
}else { //GET request -> same-origin
|
||||
beef.mitb.sniff("GET [Ajax Request]: " + url);
|
||||
|
||||
@@ -74,7 +74,7 @@ beef.net = {
|
||||
this.status_text = null; // success, timeout, error, ...
|
||||
this.response_body = null; // "<html>…." if not a cross-origin request
|
||||
this.port_status = null; // tcp port is open, closed or not http
|
||||
this.was_cross_domain = null; // true or false
|
||||
this.was_cross_origin = null; // true or false
|
||||
this.was_timedout = null; // the user specified timeout was reached
|
||||
this.duration = null; // how long it took for the request to complete
|
||||
this.headers = null; // full response headers
|
||||
@@ -217,11 +217,11 @@ beef.net = {
|
||||
* @return {Object} this object contains the response details
|
||||
*/
|
||||
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
|
||||
//check if same domain or cross domain
|
||||
var cross_domain = true;
|
||||
//check if same origin or cross origin
|
||||
var cross_origin = true;
|
||||
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
|
||||
if (document.location.port == "" || document.location.port == null) {
|
||||
cross_domain = !(port == "80" || port == "443");
|
||||
cross_origin = !(port == "80" || port == "443");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -238,12 +238,12 @@ beef.net = {
|
||||
|
||||
//define response object
|
||||
var response = new this.response;
|
||||
response.was_cross_domain = cross_domain;
|
||||
response.was_cross_origin = cross_origin;
|
||||
var start_time = new Date().getTime();
|
||||
|
||||
/*
|
||||
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
|
||||
* This will turn POSTs into GETs for remote-domain requests.
|
||||
* This will turn POSTs into GETs for cross origin requests.
|
||||
*/
|
||||
if (method == "POST") {
|
||||
$j.ajaxSetup({
|
||||
@@ -310,7 +310,7 @@ beef.net = {
|
||||
/**
|
||||
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
|
||||
* - requestid: needed on the callback
|
||||
* - allowCrossDomain: set cross-domain requests as allowed or blocked
|
||||
* - allowCrossOrigin: set cross-origin requests as allowed or blocked
|
||||
*
|
||||
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
|
||||
* Example usage:
|
||||
@@ -318,20 +318,20 @@ beef.net = {
|
||||
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
|
||||
* alert(response.response_body)})
|
||||
*/
|
||||
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
|
||||
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
|
||||
|
||||
if (domain == "undefined" || path == "undefined") {
|
||||
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
|
||||
return;
|
||||
}
|
||||
|
||||
// check if same domain or cross domain
|
||||
var cross_domain = true;
|
||||
// check if same origin or cross origin
|
||||
var cross_origin = true;
|
||||
if (document.domain == domain && document.location.protocol == scheme + ':') {
|
||||
if (document.location.port == "" || document.location.port == null) {
|
||||
cross_domain = !(port == "80" || port == "443");
|
||||
cross_origin = !(port == "80" || port == "443");
|
||||
} else {
|
||||
if (document.location.port == port) cross_domain = false;
|
||||
if (document.location.port == port) cross_origin = false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -348,23 +348,23 @@ beef.net = {
|
||||
|
||||
// define response object
|
||||
var response = new this.response;
|
||||
response.was_cross_domain = cross_domain;
|
||||
response.was_cross_origin = cross_origin;
|
||||
var start_time = new Date().getTime();
|
||||
|
||||
// if cross-domain requests are not allowed and the request is cross-domain
|
||||
// if cross-origin requests are not allowed and the request is cross-origin
|
||||
// don't proceed and return
|
||||
if (allowCrossDomain == "false" && cross_domain) {
|
||||
if (allowCrossOrigin == "false" && cross_origin) {
|
||||
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
|
||||
response.status_code = -1;
|
||||
response.status_text = "crossdomain";
|
||||
response.port_status = "crossdomain";
|
||||
response.status_text = "crossorigin";
|
||||
response.port_status = "crossorigin";
|
||||
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
|
||||
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
|
||||
if (callback != null) callback(response, requestid);
|
||||
return response;
|
||||
}
|
||||
|
||||
// if the request was cross-domain from a HTTPS origin to HTTP
|
||||
// if the request was cross-origin from a HTTPS origin to HTTP
|
||||
// don't proceed and return
|
||||
if (document.location.protocol == 'https:' && scheme == 'http') {
|
||||
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
|
||||
@@ -379,7 +379,7 @@ beef.net = {
|
||||
|
||||
/*
|
||||
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
|
||||
* This will turn POSTs into GETs for remote-domain requests.
|
||||
* This will turn POSTs into GETs for cross origin requests.
|
||||
*/
|
||||
if (method == "POST") {
|
||||
$j.ajaxSetup({
|
||||
@@ -432,10 +432,10 @@ beef.net = {
|
||||
},
|
||||
|
||||
complete: function (xhr, textStatus) {
|
||||
// cross-domain request
|
||||
if (cross_domain) {
|
||||
// cross-origin request
|
||||
if (cross_origin) {
|
||||
|
||||
response.port_status = "crossdomain";
|
||||
response.port_status = "crossorigin";
|
||||
|
||||
if (xhr.status != 0) {
|
||||
response.status_code = xhr.status;
|
||||
@@ -446,7 +446,7 @@ beef.net = {
|
||||
if (textStatus) {
|
||||
response.status_text = textStatus;
|
||||
} else {
|
||||
response.status_text = "crossdomain";
|
||||
response.status_text = "crossorigin";
|
||||
}
|
||||
|
||||
if (xhr.getAllResponseHeaders()) {
|
||||
@@ -460,7 +460,7 @@ beef.net = {
|
||||
}
|
||||
|
||||
} else {
|
||||
// same-domain request
|
||||
// same-origin request
|
||||
response.status_code = xhr.status;
|
||||
response.status_text = textStatus;
|
||||
response.headers = xhr.getAllResponseHeaders();
|
||||
|
||||
@@ -25,7 +25,7 @@ beef.net.requester = {
|
||||
request = requests_array[i];
|
||||
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
|
||||
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
|
||||
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
|
||||
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
|
||||
function(res, requestid) { beef.net.send('/requester', requestid, {
|
||||
response_data: res.response_body,
|
||||
response_status_code: res.status_code,
|
||||
|
||||
@@ -171,7 +171,7 @@ beef.net.xssrays = {
|
||||
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
|
||||
search:url.search, type: 'url'});//scan each link & param
|
||||
} else {
|
||||
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString());
|
||||
beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
|
||||
beef.debug('\nlocation :' + location.hostname.toString());
|
||||
}
|
||||
}
|
||||
@@ -251,7 +251,7 @@ beef.net.xssrays = {
|
||||
continue;
|
||||
}
|
||||
if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
|
||||
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
|
||||
beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
|
||||
beef.debug('location :' + this.host(location));
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -256,7 +256,7 @@ module BeEF
|
||||
#
|
||||
def load_modules_config
|
||||
set('beef.module', {})
|
||||
# support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
|
||||
# support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
|
||||
module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
|
||||
Dir.glob(module_configs) do |cf|
|
||||
y = load(cf)
|
||||
|
||||
@@ -549,7 +549,7 @@ module BeEF
|
||||
end
|
||||
|
||||
# log a few info of newly hooked zombie in the console
|
||||
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]"
|
||||
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"
|
||||
|
||||
# add localhost as network host
|
||||
if config.get('beef.extension.network.enable')
|
||||
|
||||
@@ -27,9 +27,9 @@ module BeEF
|
||||
|
||||
# @note If CORS is enabled, expose the appropriate headers
|
||||
if config.get('beef.http.restful_api.allow_cors')
|
||||
allowed_domains = config.get('beef.http.restful_api.cors_allowed_domains')
|
||||
if allowed_domains
|
||||
headers 'Access-Control-Allow-Origin' => allowed_domains
|
||||
allowed_origins = config.get('beef.http.restful_api.cors_allowed_origins')
|
||||
if allowed_origins
|
||||
headers 'Access-Control-Allow-Origin' => allowed_origins
|
||||
end
|
||||
headers 'Access-Control-Allow-Methods' => 'POST, GET'
|
||||
|
||||
|
||||
@@ -558,7 +558,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -83,7 +83,7 @@ beef.regCmp("beef.are");
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -457,7 +457,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -634,7 +634,7 @@ Original author unknown.</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -30172,7 +30172,7 @@ Restricted by same-origin policy</p>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -214,7 +214,7 @@ Original author unknown.</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -3679,7 +3679,7 @@ http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html</p>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -731,7 +731,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -383,7 +383,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -569,7 +569,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -2077,7 +2077,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -477,7 +477,7 @@ the brwoser details. So sendback the browser details again.</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -126,7 +126,7 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -2159,7 +2159,7 @@ TODO: Cleanup this function</p>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -917,7 +917,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -360,7 +360,7 @@ https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -443,7 +443,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -316,7 +316,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -760,7 +760,7 @@ back to BeEF straight away.</p>
|
||||
<p>Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:</p>
|
||||
<ul>
|
||||
<li>requestid: needed on the callback</li>
|
||||
<li>allowCrossDomain: set cross-domain requests as allowed or blocked</li>
|
||||
<li>allowCrossOrigin: set cross-origin requests as allowed or blocked</li>
|
||||
</ul>
|
||||
<p>forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
|
||||
Example usage:
|
||||
@@ -2379,7 +2379,7 @@ even if WebSockets are enabled.</p>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -440,7 +440,7 @@ sock: new java.net.Socket();</p>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -495,7 +495,7 @@ homepage: 'http://www.gnucitizen.org'</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -268,7 +268,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -764,7 +764,7 @@ Other aspects of the original code have been simplified and improved.</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -4189,7 +4189,7 @@ http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/</p>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -391,7 +391,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -217,7 +217,7 @@ antisnatchor</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -722,7 +722,7 @@ websocket.js is used instead.</p></div>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -3062,7 +3062,7 @@ against the message directly</p>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -490,7 +490,7 @@ beef.websocket.send('{"handler" : "' + handler + '", "c
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -4680,7 +4680,7 @@ beef.regCmp('beef.browser');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -163,7 +163,7 @@ beef.regCmp('beef.browser.cookie');</code></pre>
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -70,7 +70,7 @@ beef.regCmp('beef.browser.popup');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -545,7 +545,7 @@ beef.regCmp('beef.dom');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -214,7 +214,7 @@ beef.regCmp('beef.encode.base64');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -182,7 +182,7 @@ beef.regCmp('beef.encode.json');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -150,7 +150,7 @@ beef.regCmp('beef.geolocation');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -192,7 +192,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -359,7 +359,7 @@ beef.regCmp('beef.hardware');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -102,7 +102,7 @@ See the file 'doc/COPYING' for copying permission
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -132,7 +132,7 @@ function beef_init() {
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -1302,7 +1302,7 @@
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -403,7 +403,7 @@ beef.regCmp('beef.logger');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -66,7 +66,7 @@ beef.mitb = {
|
||||
if (method == "GET") {
|
||||
//GET request -> cross-origin
|
||||
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
|
||||
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
|
||||
beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
|
||||
window.open(url);
|
||||
}else { //GET request -> same-origin
|
||||
beef.mitb.sniff("GET [Ajax Request]: " + url);
|
||||
@@ -288,7 +288,7 @@ beef.regCmp('beef.mitb');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -102,7 +102,7 @@ beef.net = {
|
||||
this.status_text = null; // success, timeout, error, ...
|
||||
this.response_body = null; // "<html>…." if not a cross-origin request
|
||||
this.port_status = null; // tcp port is open, closed or not http
|
||||
this.was_cross_domain = null; // true or false
|
||||
this.was_cross_origin = null; // true or false
|
||||
this.was_timedout = null; // the user specified timeout was reached
|
||||
this.duration = null; // how long it took for the request to complete
|
||||
this.headers = null; // full response headers
|
||||
@@ -245,11 +245,11 @@ beef.net = {
|
||||
* @return {Object} this object contains the response details
|
||||
*/
|
||||
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
|
||||
//check if same domain or cross domain
|
||||
var cross_domain = true;
|
||||
//check if same origin or cross origin
|
||||
var cross_origin = true;
|
||||
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
|
||||
if (document.location.port == "" || document.location.port == null) {
|
||||
cross_domain = !(port == "80" || port == "443");
|
||||
cross_origin = !(port == "80" || port == "443");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -266,12 +266,12 @@ beef.net = {
|
||||
|
||||
//define response object
|
||||
var response = new this.response;
|
||||
response.was_cross_domain = cross_domain;
|
||||
response.was_cross_origin = cross_origin;
|
||||
var start_time = new Date().getTime();
|
||||
|
||||
/*
|
||||
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
|
||||
* This will turn POSTs into GETs for remote-domain requests.
|
||||
* This will turn POSTs into GETs for cross origin requests.
|
||||
*/
|
||||
if (method == "POST") {
|
||||
$j.ajaxSetup({
|
||||
@@ -338,7 +338,7 @@ beef.net = {
|
||||
/**
|
||||
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
|
||||
* - requestid: needed on the callback
|
||||
* - allowCrossDomain: set cross-domain requests as allowed or blocked
|
||||
* - allowCrossOrigin: set cross-origin requests as allowed or blocked
|
||||
*
|
||||
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
|
||||
* Example usage:
|
||||
@@ -346,20 +346,20 @@ beef.net = {
|
||||
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
|
||||
* alert(response.response_body)})
|
||||
*/
|
||||
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
|
||||
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
|
||||
|
||||
if (domain == "undefined" || path == "undefined") {
|
||||
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
|
||||
return;
|
||||
}
|
||||
|
||||
// check if same domain or cross domain
|
||||
var cross_domain = true;
|
||||
// check if same origin or cross origin
|
||||
var cross_origin = true;
|
||||
if (document.domain == domain && document.location.protocol == scheme + ':') {
|
||||
if (document.location.port == "" || document.location.port == null) {
|
||||
cross_domain = !(port == "80" || port == "443");
|
||||
cross_origin = !(port == "80" || port == "443");
|
||||
} else {
|
||||
if (document.location.port == port) cross_domain = false;
|
||||
if (document.location.port == port) cross_origin = false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -376,23 +376,23 @@ beef.net = {
|
||||
|
||||
// define response object
|
||||
var response = new this.response;
|
||||
response.was_cross_domain = cross_domain;
|
||||
response.was_cross_origin = cross_origin;
|
||||
var start_time = new Date().getTime();
|
||||
|
||||
// if cross-domain requests are not allowed and the request is cross-domain
|
||||
// if cross-origin requests are not allowed and the request is cross-origin
|
||||
// don't proceed and return
|
||||
if (allowCrossDomain == "false" && cross_domain) {
|
||||
if (allowCrossOrigin == "false" && cross_origin) {
|
||||
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
|
||||
response.status_code = -1;
|
||||
response.status_text = "crossdomain";
|
||||
response.port_status = "crossdomain";
|
||||
response.status_text = "crossorigin";
|
||||
response.port_status = "crossorigin";
|
||||
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
|
||||
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
|
||||
if (callback != null) callback(response, requestid);
|
||||
return response;
|
||||
}
|
||||
|
||||
// if the request was cross-domain from a HTTPS origin to HTTP
|
||||
// if the request was cross-origin from a HTTPS origin to HTTP
|
||||
// don't proceed and return
|
||||
if (document.location.protocol == 'https:' && scheme == 'http') {
|
||||
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
|
||||
@@ -407,7 +407,7 @@ beef.net = {
|
||||
|
||||
/*
|
||||
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
|
||||
* This will turn POSTs into GETs for remote-domain requests.
|
||||
* This will turn POSTs into GETs for cross origin requests.
|
||||
*/
|
||||
if (method == "POST") {
|
||||
$j.ajaxSetup({
|
||||
@@ -460,10 +460,10 @@ beef.net = {
|
||||
},
|
||||
|
||||
complete: function (xhr, textStatus) {
|
||||
// cross-domain request
|
||||
if (cross_domain) {
|
||||
// cross-origin request
|
||||
if (cross_origin) {
|
||||
|
||||
response.port_status = "crossdomain";
|
||||
response.port_status = "crossorigin";
|
||||
|
||||
if (xhr.status != 0) {
|
||||
response.status_code = xhr.status;
|
||||
@@ -474,7 +474,7 @@ beef.net = {
|
||||
if (textStatus) {
|
||||
response.status_text = textStatus;
|
||||
} else {
|
||||
response.status_text = "crossdomain";
|
||||
response.status_text = "crossorigin";
|
||||
}
|
||||
|
||||
if (xhr.getAllResponseHeaders()) {
|
||||
@@ -488,7 +488,7 @@ beef.net = {
|
||||
}
|
||||
|
||||
} else {
|
||||
// same-domain request
|
||||
// same-origin request
|
||||
response.status_code = xhr.status;
|
||||
response.status_text = textStatus;
|
||||
response.headers = xhr.getAllResponseHeaders();
|
||||
@@ -606,7 +606,7 @@ beef.regCmp('beef.net');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -92,7 +92,7 @@ beef.regCmp('beef.net.connection');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -125,7 +125,7 @@ beef.regCmp('beef.net.cors');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -139,7 +139,7 @@ beef.regCmp('beef.net.dns');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -129,7 +129,7 @@ beef.regCmp('beef.net.local');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -108,7 +108,7 @@ beef.regCmp('beef.net.portscanner');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -53,7 +53,7 @@ beef.net.requester = {
|
||||
request = requests_array[i];
|
||||
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
|
||||
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
|
||||
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
|
||||
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
|
||||
function(res, requestid) { beef.net.send('/requester', requestid, {
|
||||
response_data: res.response_body,
|
||||
response_status_code: res.status_code,
|
||||
@@ -83,7 +83,7 @@ beef.regCmp('beef.net.requester');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -199,7 +199,7 @@ beef.net.xssrays = {
|
||||
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
|
||||
search:url.search, type: 'url'});//scan each link & param
|
||||
} else {
|
||||
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString());
|
||||
beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
|
||||
beef.debug('\nlocation :' + location.hostname.toString());
|
||||
}
|
||||
}
|
||||
@@ -279,7 +279,7 @@ beef.net.xssrays = {
|
||||
continue;
|
||||
}
|
||||
if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
|
||||
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
|
||||
beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
|
||||
beef.debug('location :' + this.host(location));
|
||||
continue;
|
||||
}
|
||||
@@ -541,7 +541,7 @@ beef.regCmp('beef.net.xssrays');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -403,7 +403,7 @@ beef.regCmp('beef.net.os');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -116,7 +116,7 @@ beef.regCmp('beef.session');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -65,7 +65,7 @@ setTimeout(beef_init, 1000);
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -135,7 +135,7 @@ beef.regCmp('beef.updater');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -758,7 +758,7 @@ beef.regCmp('beef.webrtc');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -142,7 +142,7 @@ beef.regCmp('beef.websocket');
|
||||
<br class="clear">
|
||||
|
||||
<footer>
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
|
||||
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
|
||||
</footer>
|
||||
|
||||
<script> prettyPrint(); </script>
|
||||
|
||||
@@ -187,7 +187,7 @@ ZombieDataGrid = function(url, page, base) {
|
||||
end
|
||||
if (BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable"))
|
||||
context_menu << {
|
||||
id: 'zombie_grid_xssrays_hooked_domain',
|
||||
id: 'zombie_grid_xssrays_hooked_origin',
|
||||
text: 'Launch XssRays on Hooked Domain',
|
||||
iconCls: 'zombie-tree-ctxMenu-xssrays'
|
||||
}
|
||||
@@ -230,7 +230,7 @@ ZombieDataGrid = function(url, page, base) {
|
||||
jsonData: {'hb_id': escape(hb_id)}
|
||||
});
|
||||
break;
|
||||
case 'zombie_grid_xssrays_hooked_domain':
|
||||
case 'zombie_grid_xssrays_hooked_origin':
|
||||
Ext.Ajax.request({
|
||||
url: '/api/xssrays/scan/' + escape(hb_id) + '?token=' + beefwui.get_rest_token(),
|
||||
method: 'POST'
|
||||
|
||||
@@ -106,9 +106,9 @@ ZombieTab_XssRaysTab = function(zombie) {
|
||||
padding: '10px 5px 0 5px'
|
||||
},{
|
||||
xtype:'checkbox',
|
||||
id:'cross_domain',
|
||||
fieldLabel: 'Cross-domain (check for XSS on cross-domain resources)',
|
||||
name: 'cross_domain',
|
||||
id:'cross_origin',
|
||||
fieldLabel: 'Cross-origin (check for XSS on cross-origin resources)',
|
||||
name: 'cross_origin',
|
||||
checked: true
|
||||
}],
|
||||
|
||||
@@ -120,7 +120,7 @@ ZombieTab_XssRaysTab = function(zombie) {
|
||||
bar.update_sending('Starting XssRays on ' + zombie.ip + ' ...');
|
||||
form.submit({
|
||||
params: {
|
||||
cross_domain: document.getElementById('cross_domain').checked
|
||||
cross_origin: document.getElementById('cross_origin').checked
|
||||
},
|
||||
success: function() {
|
||||
bar.update_sent("Scan settings saved for hooked browser [" + zombie.ip + "]. XssRays will be added to victim DOM on next polling.");
|
||||
|
||||
@@ -79,7 +79,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
|
||||
end
|
||||
if (BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable"))
|
||||
context_menu << {
|
||||
id: 'xssrays_hooked_domain',
|
||||
id: 'xssrays_hooked_origin',
|
||||
text: 'Launch XssRays on Hooked Domain',
|
||||
iconCls: 'zombie-tree-ctxMenu-xssrays'
|
||||
}
|
||||
@@ -121,7 +121,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
|
||||
jsonData: {'hb_id': escape(hb_id)}
|
||||
});
|
||||
break;
|
||||
case 'xssrays_hooked_domain':
|
||||
case 'xssrays_hooked_origin':
|
||||
Ext.Ajax.request({
|
||||
url: '/api/xssrays/scan/' + escape(hb_id) + '?token=' + beefwui.get_rest_token(),
|
||||
method: 'POST'
|
||||
|
||||
@@ -10,7 +10,7 @@ module BeEF
|
||||
|
||||
@short_name = 'proxy'
|
||||
@full_name = 'proxy'
|
||||
@description = 'The tunneling proxy allows HTTP requests to the hooked domain to be tunneled through the victim browser'
|
||||
@description = 'The tunneling proxy allows HTTP requests to the hooked origin to be tunneled through the victim browser'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -125,7 +125,7 @@ module BeEF
|
||||
path: uri_path_and_qs,
|
||||
request_date: Time.now,
|
||||
hooked_browser_id: get_tunneling_proxy,
|
||||
allow_cross_domain: 'true'
|
||||
allow_cross_origin: 'true'
|
||||
)
|
||||
http.save
|
||||
print_debug(
|
||||
@@ -133,7 +133,7 @@ module BeEF
|
||||
"domain[#{http.domain}:#{http.port}], " \
|
||||
"method[#{http.method}], " \
|
||||
"path[#{http.path}], " \
|
||||
"cross domain[#{http.allow_cross_domain}]"
|
||||
"cross origin[#{http.allow_cross_origin}]"
|
||||
)
|
||||
|
||||
# Wait for the HTTP response to be stored in the db.
|
||||
|
||||
@@ -81,7 +81,7 @@ module BeEF
|
||||
# The Hash will then be converted into JSON, given as input to beef.net.requester.send Javascript API function
|
||||
# and finally sent to and executed by the hooked browser.
|
||||
def requester_parse_db_request(http_db_object)
|
||||
allow_cross_domain = http_db_object.allow_cross_domain.to_s
|
||||
allow_cross_origin = http_db_object.allow_cross_origin.to_s
|
||||
verb = http_db_object.method.upcase
|
||||
proto = http_db_object.proto.downcase
|
||||
uri = http_db_object.request.split(/\s+/)[1]
|
||||
@@ -137,7 +137,7 @@ module BeEF
|
||||
'port' => @port,
|
||||
'uri' => uri,
|
||||
'headers' => headers,
|
||||
'allowCrossDomain' => allow_cross_domain
|
||||
'allowCrossOrigin' => allow_cross_origin
|
||||
}
|
||||
|
||||
# Add POST request data
|
||||
|
||||
@@ -181,7 +181,7 @@ module BeEF
|
||||
port: host_port,
|
||||
path: uri,
|
||||
request_date: Time.now,
|
||||
allow_cross_domain: 'true'
|
||||
allow_cross_origin: 'true'
|
||||
)
|
||||
|
||||
print_debug "added new http request for #{zombie.session}"
|
||||
|
||||
@@ -31,7 +31,7 @@ module BeEF
|
||||
|
||||
# the URI of the XssRays handler where rays should come back if the vulnerability is verified
|
||||
beefurl = BeEF::Core::Server.instance.url
|
||||
cross_domain = xs.cross_domain
|
||||
cross_origin = xs.cross_origin
|
||||
timeout = xs.clean_timeout
|
||||
|
||||
ws = BeEF::Core::Websocket::Websocket.instance
|
||||
@@ -47,7 +47,7 @@ module BeEF
|
||||
// Browser Exploitation Framework (BeEF) - https://beefproject.com
|
||||
// See the file \'doc/COPYING\' for copying permission
|
||||
//', '')
|
||||
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout
|
||||
add_to_body xs.id, hb.session, beefurl, cross_origin, timeout
|
||||
|
||||
if config.get('beef.extension.evasion.enable')
|
||||
evasion = BeEF::Extension::Evasion::Evasion.instance
|
||||
@@ -58,18 +58,18 @@ module BeEF
|
||||
# If we use XHR-polling, add the component to the main hook file
|
||||
else
|
||||
build_missing_beefjs_components 'beef.net.xssrays'
|
||||
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout
|
||||
add_to_body xs.id, hb.session, beefurl, cross_origin, timeout
|
||||
end
|
||||
|
||||
print_debug("[XSSRAYS] Adding XssRays to the DOM. Scan id [#{xs.id}], started at [#{xs.scan_start}], cross domain [#{cross_domain}], clean timeout [#{timeout}].")
|
||||
print_debug("[XSSRAYS] Adding XssRays to the DOM. Scan id [#{xs.id}], started at [#{xs.scan_start}], cross origin [#{cross_origin}], clean timeout [#{timeout}].")
|
||||
end
|
||||
|
||||
def add_to_body(id, session, beefurl, cross_domain, timeout)
|
||||
def add_to_body(id, session, beefurl, cross_origin, timeout)
|
||||
config = BeEF::Core::Configuration.instance
|
||||
|
||||
req = %{
|
||||
beef.execute(function() {
|
||||
beef.net.xssrays.startScan('#{id}', '#{session}', '#{beefurl}', #{cross_domain}, #{timeout});
|
||||
beef.net.xssrays.startScan('#{id}', '#{session}', '#{beefurl}', #{cross_origin}, #{timeout});
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -10,4 +10,4 @@ beef:
|
||||
name: 'XSSRays'
|
||||
authors: ["antisnatchor"]
|
||||
clean_timeout: 3000
|
||||
cross_domain: true
|
||||
cross_origin: true
|
||||
|
||||
@@ -67,7 +67,7 @@ module BeEF
|
||||
)
|
||||
xssrays_detail.save
|
||||
|
||||
print_info("[XSSRAYS] Scan id [#{xssrays_scan.id}] received ray [ip:#{hooked_browser.ip}], hooked domain [#{hooked_browser.domain}]")
|
||||
print_info("[XSSRAYS] Scan id [#{xssrays_scan.id}] received ray [ip:#{hooked_browser.ip}], hooked origin [#{hooked_browser.domain}]")
|
||||
print_debug("[XSSRAYS] Ray info: \n #{request.query_string}")
|
||||
end
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ module BeEF
|
||||
halt 403 unless BeEF::Core::Rest.permitted_source?(request.ip)
|
||||
|
||||
CLEAN_TIMEOUT = config.get('beef.extension.xssrays.clean_timeout') || 3_000
|
||||
CROSS_DOMAIN = config.get('beef.extension.xssrays.cross_domain') || true
|
||||
CROSS_ORIGIN = config.get('beef.extension.xssrays.cross_origin') || true
|
||||
|
||||
HB = BeEF::Core::Models::HookedBrowser
|
||||
XS = BeEF::Core::Models::Xssraysscan
|
||||
@@ -118,12 +118,12 @@ module BeEF
|
||||
return
|
||||
end
|
||||
|
||||
# set Cross-domain settings
|
||||
cross_domain = params[:cross_domain].to_s
|
||||
cross_domain = if cross_domain == ''
|
||||
CROSS_DOMAIN
|
||||
# set Cross-origin settings
|
||||
cross_origin = params[:cross_origin].to_s
|
||||
cross_origin = if cross_origin == ''
|
||||
CROSS_ORIGIN
|
||||
else
|
||||
cross_domain != 'false'
|
||||
cross_origin != 'false'
|
||||
end
|
||||
|
||||
# set clean timeout settings
|
||||
@@ -134,8 +134,8 @@ module BeEF
|
||||
hooked_browser_id: hooked_browser.id,
|
||||
scan_start: Time.now,
|
||||
domain: hooked_browser.domain,
|
||||
# check also cross-domain URIs found by the crawler
|
||||
cross_domain: cross_domain,
|
||||
# check also cross-origin URIs found by the crawler
|
||||
cross_origin: cross_origin,
|
||||
# how long to wait before removing the iFrames from the DOM (5000ms default)
|
||||
clean_timeout: clean_timeout
|
||||
)
|
||||
@@ -143,8 +143,8 @@ module BeEF
|
||||
|
||||
print_info(
|
||||
"[XSSRays] Starting XSSRays [ip:#{hooked_browser.ip}], " \
|
||||
"hooked domain [#{hooked_browser.domain}], " \
|
||||
"cross-domain: #{cross_domain}, " \
|
||||
"hooked origin [#{hooked_browser.domain}], " \
|
||||
"cross-origin: #{cross_origin}, " \
|
||||
"clean timeout: #{clean_timeout}"
|
||||
)
|
||||
|
||||
@@ -181,7 +181,7 @@ module BeEF
|
||||
scan_start: scan.scan_start,
|
||||
scan_finish: scan.scan_finish,
|
||||
domain: scan.domain,
|
||||
cross_domain: scan.cross_domain,
|
||||
cross_origin: scan.cross_origin,
|
||||
clean_timeout: scan.clean_timeout,
|
||||
is_started: scan.is_started,
|
||||
is_finished: scan.is_finished
|
||||
|
||||
@@ -9,7 +9,7 @@ beef:
|
||||
enable: true
|
||||
category: ["Browser", "Hooked Domain"]
|
||||
name: "Cisco ASA Plaintext Passwords"
|
||||
description: "Recover Username, password, and second password (MFA) used for a Cisco ASA WebVPN session. The hooked domain needs to be the domain authenticated against."
|
||||
description: "Recover Username, password, and second password (MFA) used for a Cisco ASA WebVPN session. The hooked origin needs to be the origin authenticated against."
|
||||
authors: ["catatonicprime"]
|
||||
target:
|
||||
working: ["All"]
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user