From 26e1672227d3685905378c7d84284229208fa805 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 2 Apr 2016 06:14:35 +0000
Subject: [PATCH 1/3] Use default options

---
 arerules/lan_flash_scan.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arerules/lan_flash_scan.json b/arerules/lan_flash_scan.json
index 2f83aa1c5..668573d6e 100644
--- a/arerules/lan_flash_scan.json
+++ b/arerules/lan_flash_scan.json
@@ -16,8 +16,8 @@
       "options": {
         "ipRange":"<<mod_input>>",
         "ports":"80,8080",
-        "threads":"5",
-        "timeout":"10"
+        "threads":"3",
+        "timeout":"15"
       }
     }
   ],

From ffb15892a4448243f084475c25d93b1e9d88a714 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 2 Apr 2016 06:46:23 +0000
Subject: [PATCH 2/3] Add timeout option to beef.net.cors.request

---
 arerules/lan_cors_scan.json                          | 3 ++-
 modules/debug/test_cors_request/command.js           | 3 ++-
 modules/network/cross_origin_scanner_cors/command.js | 3 ++-
 modules/network/cross_origin_scanner_cors/module.rb  | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/arerules/lan_cors_scan.json b/arerules/lan_cors_scan.json
index d0e9a0147..1f5d1c814 100644
--- a/arerules/lan_cors_scan.json
+++ b/arerules/lan_cors_scan.json
@@ -16,7 +16,8 @@
       "options": {
         "ipRange":"<<mod_input>>",
         "ports":"80,8080",
-        "threads":"5"
+        "threads":"3",
+        "timeout":"15"
       }
     }
   ],
diff --git a/modules/debug/test_cors_request/command.js b/modules/debug/test_cors_request/command.js
index 23f366bbd..f827017e5 100644
--- a/modules/debug/test_cors_request/command.js
+++ b/modules/debug/test_cors_request/command.js
@@ -9,8 +9,9 @@ beef.execute(function() {
 	var method = "<%= @method %>";
 	var url    = "<%= @url %>";
 	var data   = "<%= @data %>";
+	var timeout = 15000;
 
-	beef.net.cors.request(method, url, data, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); });
+	beef.net.cors.request(method, url, data, timeout, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); });
 
 });
 
diff --git a/modules/network/cross_origin_scanner_cors/command.js b/modules/network/cross_origin_scanner_cors/command.js
index 723eb5a67..e13de990f 100644
--- a/modules/network/cross_origin_scanner_cors/command.js
+++ b/modules/network/cross_origin_scanner_cors/command.js
@@ -10,6 +10,7 @@ beef.execute(function() {
   var ipRange = "<%= @ipRange %>";
   var ports   = "<%= @ports %>";
   var threads = "<%= @threads %>";
+  var timeout = <%= @timeout %>*1000;
   var wait = 2;
 
   if(!beef.browser.hasCors()) {
@@ -105,7 +106,7 @@ beef.execute(function() {
     for (var p=0; p < ports.length; p++) {
       var url = proto + '://' + ips[i] + ':' + ports[p];
       worker.queue('beef.net.cors.request(' +
-      '"GET", "'+url+'", "", function(response) {' +
+      '"GET", "'+url+'", "", '+timeout+', function(response) {' +
        'if (response != null && response["status"] != 0) {' +
         'beef.debug("[Cross-Origin Scanner] Received response from '+url+': " + JSON.stringify(response));' +
         'var title = response["body"].match("<title>(.*?)<\\/title>"); if (title != null) title = title[1];' +
diff --git a/modules/network/cross_origin_scanner_cors/module.rb b/modules/network/cross_origin_scanner_cors/module.rb
index 932f97e0c..1ee93fb6a 100644
--- a/modules/network/cross_origin_scanner_cors/module.rb
+++ b/modules/network/cross_origin_scanner_cors/module.rb
@@ -34,7 +34,8 @@ class Cross_origin_scanner_cors < BeEF::Core::Command
     return [
         {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'},
         {'name' => 'ports',   'ui_label' => 'Ports', 'value' => '80,8080'},
-        {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '5'}
+        {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '3'},
+        {'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '15'}
     ]
   end
 

From d0255d6e9cc83716fbc0391fef6b491ddd8b0e75 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 2 Apr 2016 07:04:40 +0000
Subject: [PATCH 3/3] Add timeout option to beef.net.cors.request

---
 core/main/client/net/cors.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/main/client/net/cors.js b/core/main/client/net/cors.js
index cf12dcffe..7bb861d64 100644
--- a/core/main/client/net/cors.js
+++ b/core/main/client/net/cors.js
@@ -17,9 +17,10 @@ beef.net.cors = {
      * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
      * @param url {String} url
      * @param data {String} request body
+     * @param timeout {Integer} request timeout in milliseconds
      * @param callback {Function} function to callback on completion
      */
-    request: function(method, url, data, callback) {
+    request: function(method, url, data, timeout, callback) {
 
     var xhr;
     var response = new this.response;
@@ -29,6 +30,7 @@ beef.net.cors = {
 
         if ('withCredentials' in xhr) {
             xhr.open(method, url, true);
+            xhr.timeout = parseInt(timeout, 10);
             xhr.onerror = function() {
             };
             xhr.onreadystatechange = function() {