Merge pull request #1973 from beefproject/excluded_hooking_subnet

Excluded hooking subnet

config.yaml

@@ -27,6 +27,8 @@ beef:
         # subnet of IP addresses that can connect to the admin UI
         #permitted_ui_subnet: ["127.0.0.1/32", "::1/128"]
         permitted_ui_subnet: ["0.0.0.0/0", "::/0"]
+        # subnet of IP addresses that cannot be hooked by the framework
+        excluded_hooking_subnet: []
         # slow API calls to 1 every  api_attempt_delay  seconds
         api_attempt_delay: "0.05"
 

core/main/handlers/hookedbrowsers.rb

@@ -33,7 +33,7 @@ module Handlers
       permitted_hooking_subnet = config.get('beef.restrictions.permitted_hooking_subnet')
       if permitted_hooking_subnet.nil? || permitted_hooking_subnet.empty?
         BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from outside of permitted hooking subnet (#{request.ip}) rejected.")
-	error 404
+	      error 404
       end
 
       found = false
@@ -46,6 +46,20 @@ module Handlers
         error 404
       end
 
+      excluded_hooking_subnet = config.get('beef.restrictions.excluded_hooking_subnet')
+      unless excluded_hooking_subnet.nil? || excluded_hooking_subnet.empty?
+        excluded_ip_hooked = false
+
+        excluded_hooking_subnet.each do |subnet|
+          excluded_ip_hooked = true if IPAddr.new(subnet).include?(request.ip)
+        end
+
+        if excluded_ip_hooked
+          BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from excluded hooking subnet (#{request.ip}) rejected.")
+          error 404 
+        end
+      end
+
       # @note get zombie if already hooked the framework
       hook_session_name = config.get('beef.http.hook_session_name')
       hook_session_id = request[hook_session_name]