Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use beef.debug for XSSrays debugging

Browse Source
This commit is contained in:
Brendan Coles
2019-02-17 09:33:53 +00:00
parent 3932d3dcc1
commit 4b3618528e
4 changed files with 58 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
extensions/xssrays/api/scan.rb
View File

@@ -35,7 +35,6 @@ module BeEF
beefurl = BeEF::Core::Server.instance.url
cross_domain = xs.cross_domain
timeout = xs.clean_timeout
debug = config.get("beef.extension.xssrays.js_console_logs")
ws = BeEF::Core::Websocket::Websocket.instance
@@ -51,7 +50,7 @@ module BeEF
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file \'doc/COPYING\' for copying permission
//', "")
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
@@ -62,19 +61,19 @@ module BeEF
# If we use XHR-polling, add the component to the main hook file
else
build_missing_beefjs_components 'beef.net.xssrays'
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout
end
print_debug("[XSSRAYS] Adding XssRays to the DOM. Scan id [#{xs.id}], started at [#{xs.scan_start}], cross domain [#{cross_domain}], clean timeout [#{timeout}], js console debug [#{debug}].")
print_debug("[XSSRAYS] Adding XssRays to the DOM. Scan id [#{xs.id}], started at [#{xs.scan_start}], cross domain [#{cross_domain}], clean timeout [#{timeout}].")
end
def add_to_body(id, session, beefurl, cross_domain, timeout, debug)
def add_to_body(id, session, beefurl, cross_domain, timeout)
config = BeEF::Core::Configuration.instance
req = %Q{
beef.execute(function() {
beef.net.xssrays.startScan('#{id}', '#{session}', '#{beefurl}', #{cross_domain}, #{timeout}, #{debug});
beef.net.xssrays.startScan('#{id}', '#{session}', '#{beefurl}', #{cross_domain}, #{timeout});
});
}

2
extensions/xssrays/config.yaml
View File

@@ -11,5 +11,3 @@ beef:
authors: ["antisnatchor"]
clean_timeout: 3000
cross_domain: true
# set js_console_logs to false when using BeEF in production (also because IE < 9 doesn't support the console object)
js_console_logs: true

30
extensions/xssrays/handler.rb
View File

@@ -17,22 +17,30 @@ module BeEF
# verify if the request contains the hook token
# raise an error if it's null or not found in the DB
beef_hook = params[:hbsess] || nil
(print_error "[XSSRAYS] Invalid beefhook id: the hooked browser cannot be found in the database";return) if beef_hook.nil? || HB.first(:session => beef_hook) == nil
if beef_hook.nil? || HB.first(:session => beef_hook).nil?
print_error "[XSSRAYS] Invalid beef hook ID: the hooked browser cannot be found in the database"
return
end
# verify the specified ray ID is valid
rays_scan_id = params[:raysid] || nil
(print_error "[XSSRAYS] Raysid is null";return) if rays_scan_id.nil?
if rays_scan_id.nil? || !BeEF::Filters::nums_only?(rays_scan_id)
print_error "[XSSRAYS] Invalid ray ID"
return
end
if params[:action] == 'ray'
case params[:action]
when 'ray'
# we received a ray
parse_rays(rays_scan_id)
when 'finish'
# we received a notification for finishing the scan
finalize_scan(rays_scan_id)
else
if params[:action] == 'finish'
# we received a notification for finishing the scan
finalize_scan(rays_scan_id)
else
#invalid action
print_error "[XSSRAYS] Invalid action";return
end
# invalid action
print_error "[XSSRAYS] Invalid action"
return
end
headers 'Pragma' => 'no-cache',
@@ -58,7 +66,7 @@ module BeEF
)
xssrays_detail.save
end
print_info("[XSSRAYS] Scan id [#{xssrays_scan.id}] received ray [ip:#{hooked_browser.ip.to_s}], hooked domain [#{hooked_browser.domain.to_s}]")
print_info("[XSSRAYS] Scan id [#{xssrays_scan.id}] received ray [ip:#{hooked_browser.ip}], hooked domain [#{hooked_browser.domain}]")
print_debug("[XSSRAYS] Ray info: \n #{request.query_string}")
end