Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added allowCrossDomain functionality to beef.net.requester.send

Browse Source
This commit is contained in:
bcoles
2011-12-24 13:37:14 +10:30
parent 61a34c1c60
commit 4543d60570
2 changed files with 53 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
core/main/client/net.js
View File

@@ -222,63 +222,71 @@ beef.net = {
},
/*
* Similar to this.request, with one extra paramater needed when dealing with requester requests:
* - requestid parameter: needed on the callback
* Similar to this.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback
* - allowCrossDomain: set cross-domain requests as allowed or blocked
*/
forgerequest: function(scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, requestid, callback) {
//check if same domain or cross domain
forge_request: function(scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
// check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain){
if (document.domain == domain) {
if(document.location.port == "" || document.location.port == null){
cross_domain = !(port == "80" || port == "443");
}
}
//build the url
// build the url
var url = "";
if(path.indexOf("http://") != -1 || path.indexOf("https://") != -1){
if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
url = path;
}else{
} else {
url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
}
//define response object
// define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
// if the request is crossdomain, don't proceed and return
if (cross_domain && callback != null) {
// if cross-domain requests are not allowed and the request is cross-domain
// don't proceed and return
if (!allowCrossDomain && cross_domain && callback != null) {
response.status_code = -1;
response.status_text = "crossdomain";
response.response_body = "ERROR: Cross Domain Request\n";
response.port_status = "crossdomain";
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
callback(response, requestid);
return response;
}
if(method == "POST"){
// build and execute the request
if (method == "POST"){
$j.ajaxSetup({
data: data
});
}
//build and execute the request
$j.ajax({type: method,
dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
url: url,
headers: headers,
timeout: (timeout * 1000),
//needed otherwise jQuery always add Content-type: application/xml, even if data is populated
// needed otherwise jQuery always adds:
// Content-type: application/xml
// even if data is populated
beforeSend: function(xhr) {
if(method == "POST"){
if (method == "POST") {
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
}
},
// http server responded successfully
success: function(data, textStatus, xhr) {
var end_time = new Date().getTime();
response.status_code = xhr.status;
@@ -287,6 +295,9 @@ beef.net = {
response.was_timedout = false;
response.duration = (end_time - start_time);
},
// server responded with a http error (403, 404, 500, etc)
// or server is not a http server
error: function(xhr, textStatus, errorThrown) {
var end_time = new Date().getTime();
response.response_body = xhr.responseText;
@@ -294,119 +305,32 @@ beef.net = {
response.status_text = textStatus;
response.duration = (end_time - start_time);
},
complete: function(xhr, textStatus) {
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();
// determine if TCP port is open/closed/not-http
if (textStatus == "timeout") {
response.was_timedout = true;
response.response_body = "ERROR: Timed out\n";
response.port_status = "closed";
} else if (textStatus == "parsererror") {
response.port_status = "not-http";
// cross-domain request
if (cross_domain) {
response.status_code = -1;
response.status_text = "crossdomain";
response.port_status = "crossdomain";
response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
} else {
response.port_status = "open";
// same-domain request
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();
// determine if TCP port is open/closed/not-http
if (textStatus == "timeout") {
response.was_timedout = true;
response.response_body = "ERROR: Timed out\n";
response.port_status = "closed";
} else if (textStatus == "parsererror") {
response.port_status = "not-http";
} else {
response.port_status = "open";
}
}
callback(response, requestid);
}
});
return response;
},
/*
* Similar to this.request, except from a few things that are needed when dealing with proxy requests:
* - requestid parameter: needed on the callback,
* - crossdomain checks: if crossdomain requests are tunneled through the proxy, they must be not issued because
* they will always throw error for SoP. This can happen when tunneling a browser: for example
* Firefox and Chrome automatically requests /safebrowsing/downloads (XHR)
*/
proxyrequest: function(scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, requestid, callback) {
//check if same domain or cross domain
var cross_domain = true;
if (document.domain == domain){
if(document.location.port == "" || document.location.port == null){
cross_domain = !(port == "80" || port == "443");
}
}
//build the url
var url = "";
if(path.indexOf("http://") != -1 || path.indexOf("https://") != -1){
url = path;
}else{
url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
}
//define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
// if the request is crossdomain, don't proceed and return
if (cross_domain && callback != null) {
response.status_code = -1;
response.status_text = "crossdomain";
response.response_body = "ERROR: Cross Domain Request\n";
callback(response, requestid);
return response;
}
if(method == "POST"){
$j.ajaxSetup({
data: data
});
}
//build and execute the request
$j.ajax({type: method,
dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
url: url,
headers: headers,
timeout: (timeout * 1000),
//needed otherwise jQuery always add Content-type: application/xml, even if data is populated
beforeSend: function(xhr) {
if(method == "POST"){
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
}
},
success: function(data, textStatus, xhr) {
var end_time = new Date().getTime();
response.status_code = xhr.status;
response.status_text = textStatus;
response.response_body = data;
response.was_timedout = false;
response.duration = (end_time - start_time);
},
error: function(xhr, textStatus, errorThrown) {
var end_time = new Date().getTime();
response.response_body = xhr.responseText;
response.status_code = xhr.status;
response.status_text = textStatus;
response.duration = (end_time - start_time);
},
complete: function(xhr, textStatus) {
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();
// determine if TCP port is open/closed/not-http
if (textStatus == "timeout") {
response.was_timedout = true;
response.response_body = "ERROR: Timed out\n";
response.port_status = "closed";
} else if (textStatus == "parsererror") {
response.port_status = "not-http";
} else {
response.port_status = "open";
}
callback(response, requestid);
}
});

3
core/main/client/net/requester.js
View File

@@ -28,10 +28,11 @@ beef.net.requester = {
handler: "requester",
send: function(requests_array) {
for (i in requests_array) {
request = requests_array[i];
beef.net.forgerequest('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.id,
beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body,
response_status_code: res.status_code,