Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

completely removed WebRick dependency and references in the code!! fuck yeah

Browse Source
This commit is contained in:
antisnatchor
2011-11-22 10:20:44 +01:00
parent 18d4b642fe
commit 4c1ed2ee2e
17 changed files with 0 additions and 419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/loader.rb
View File

@@ -15,7 +15,6 @@
# @note Include here all the gems we are using
require 'rubygems'
require 'webrick'
require 'thin'
require 'dm-core'
require 'dm-migrations'

8
core/ruby.rb
View File

@@ -24,14 +24,6 @@ require 'core/ruby/string'
require 'core/ruby/print'
require 'core/ruby/hash'
# @note Patching WebRick
require 'core/ruby/patches/webrick/httprequest'
require 'core/ruby/patches/webrick/cookie'
require 'core/ruby/patches/webrick/genericserver'
require 'core/ruby/patches/webrick/httpresponse'
require 'core/ruby/patches/webrick/httpservlet/filehandler.rb'
require 'core/ruby/patches/webrick/httputils.rb'
# @note Patching DataMapper Data Objects Adapter (dm-do-adapter)
require 'core/ruby/patches/dm-do-adapter/adapter.rb'

39
core/ruby/patches/webrick/cookie.rb
View File

@@ -1,39 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module WEBrick
class Cookie
attr_accessor :httponly
# Convert cookie object to a string representation
# @return [String] ret String of information about cookie
def to_s
ret = ""
ret << @name << "=" << @value
ret << "; " << "Version=" << @version.to_s if @version > 0
ret << "; " << "Domain=" << @domain if @domain
ret << "; " << "Expires=" << @expires if @expires
ret << "; " << "Max-Age=" << @max_age.to_s if @max_age
ret << "; " << "Comment=" << @comment if @comment
ret << "; " << "Path=" << @path if @path
ret << "; " << "Secure" if @secure
ret << "; " << "HttpOnly" if @httponly
ret
end
end
end

29
core/ruby/patches/webrick/genericserver.rb
View File

@@ -1,29 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module WEBrick
class HTTPServer < ::WEBrick::GenericServer
# @note I'm patching WEBrick so it does not log http requests anymore.
# The reason being that it seems to considerably slow down BeEF which receives
# numerous requests simultaneously. Additionally, it was also found to crash
# the thread when not being able to write to the log file (which happened when
# overloaded).
def access_log(config, req, res); return; end
end
end

113
core/ruby/patches/webrick/httprequest.rb
View File

@@ -1,113 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module WEBrick
class HTTPRequest
# @note I'm patching the HTTPRequest class so that it when it receives POST
# http requests, it parses the query present in the body even if the
# content type is not set.
# The reason for this patch is that when a zombie sends back data to
# BeEF, that data was not parsed because by default the content-type
# was not set directly. I prefer patching WEBrick rather than editing
# the BeEFJS library because cross domain http requests would be harder
# to implement at the server level.
# @note This function would need to be modified if we ever needed to use multipart POST requests.
def parse_query()
begin
if @request_method == "GET" || @request_method == "HEAD"
@query = HTTPUtils::parse_query(@query_string)
elsif @request_method == 'POST' || self['content-type'] =~ /^application\/x-www-form-urlencoded/
@query = HTTPUtils::parse_query(body)
elsif self['content-type'] =~ /^multipart\/form-data; boundary=(.+)/
boundary = HTTPUtils::dequote($1)
@query = HTTPUtils::parse_form_data(body, boundary)
else
@query = Hash.new
end
rescue => ex
raise HTTPStatus::BadRequest, ex.message
end
end
# Get cookie value
# @param [String] name Key name
# @return [String] Value stored against the key name or nil if not found
def get_cookie_value(name)
return nil if name.nil?
@cookies.each{|cookie|
c = WEBrick::Cookie.parse_set_cookie(cookie.to_s)
return c.value if (c.name.to_s.eql? name)
}
nil
end
# Get Referrer domain name
# @return [String] Domain name or nil
def get_referer_domain
referer = header['referer'][0]
if referer =~ /\:\/\/([0-9a-zA-A\.]*(\:[0-9]+)?)\//
return $1
end
nil
end
# Get hook session id
# @return [String] Hook session id or nil
def get_hook_session_id()
config = BeEF::Core::Configuration.instance
hook_session_name = config.get('beef.http.hook_session_name')
@query[hook_session_name] || nil
end
# Return the command module command_id value from the request
# @return [String] Command module id or nil
def get_command_id()
@query['command_id'] || nil
end
# @note Attack vectors send through the Requester/Proxy by default are parsed as Bad URIs, and not sent.
# For example: request like the following: http://192.168.10.128/dvwa/vulnerabilities/xss_r/?name=ciccioba83e<a>7918817a3ad is blocked (ERROR bad URI)
# We're overwriting the URI Parser UNRESERVED regex to prevent such behavior (see tolerant_parser)
def parse_uri(str, scheme="http")
if @config[:Escape8bitURI]
str = HTTPUtils::escape8bit(str)
end
tolerant_parser = URI::Parser.new(:UNRESERVED => BeEF::Core::Configuration.instance.get("beef.extension.requester.uri_unreserved_chars"))
uri = tolerant_parser.parse(str)
return uri if uri.absolute?
if @forwarded_host
host, port = @forwarded_host, @forwarded_port
elsif self["host"]
pattern = /\A(#{URI::REGEXP::PATTERN::HOST})(?::(\d+))?\z/n
host, port = *self['host'].scan(pattern)[0]
elsif @addr.size > 0
host, port = @addr[2], @addr[1]
else
host, port = @config[:ServerName], @config[:Port]
end
uri.scheme = @forwarded_proto || scheme
uri.host = host
uri.port = port ? port.to_i : nil
return tolerant_parser::parse(uri.to_s)
end
end
end

92
core/ruby/patches/webrick/httpresponse.rb
View File

@@ -1,92 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module WEBrick
class HTTPResponse
# Add/Update HTTP response headers with those contained in original_headers Hash
# @param [Hash] original_headers Hash of headers
def override_headers(original_headers)
original_headers.each{ |key, value| @header[key.downcase] = value }
end
# Set caching headers none
def set_no_cache()
@header['ETag'] = nil
@header['Last-Modified'] = Time.now + 100**4
@header['Expires'] = Time.now - 100**4
@header['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0'
@header['Pragma'] = 'no-cache'
end
# Set the cookie in the response
# @param [String] name Name of the cookie
# @param [String] value Value of the cookie
# @param [String] path Path of the cookie
# @param [Boolean] httponly If the cookie is HTTP only
# @param [Boolean] secure If the cookie is secure only
# @note Limit: only one set-cookie will be within the response
def set_cookie(name, value, path = '/', httponly = true, secure = true)
cookie = WEBrick::Cookie.new(name, value)
cookie.path = path
cookie.httponly = httponly
cookie.secure = secure
# add cookie to response header
@header['Set-Cookie'] = cookie.to_s
end
# @note This patch should prevent leakage of directory listing, access auth errors, etc.
def set_error(ex, backtrace=false)
# set repsonse headers
@status = 404;
@header['content-type'] = "text/html; charset=UTF-8"
# set response content
@body = ''
@body << <<-_end_of_html_
<HTML>
<HEAD>
<TITLE>No page for you!</TITLE>
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: black; text-decoration: none }
A:visited { color: black; text-decoration: none }
</STYLE>
</HEAD><BODY>
<TABLE width=500 border=0 cellspacing=10>
<TR>
<TD>
<h1><a href="http://beefproject.com/">These aren't the pages you're looking for</a></h1>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
_end_of_html_
end
end
end

51
core/ruby/patches/webrick/httpservlet/filehandler.rb
View File

@@ -1,51 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The following file contains patches for WEBrick.
module WEBrick
module HTTPServlet
class FileHandler
# Prevent directory traversal attacks
# @param [Object] req Request object
# @param [Object] res Response object
def prevent_directory_traversal(req, res)
raise WEBrick::HTTPStatus::BadRequest, "null character in path" if has_null?(req.path_info)
if trailing_pathsep?(req.path_info)
expanded = File.expand_path(req.path_info + "x")
expanded.chop! # remove trailing "x"
else
expanded = File.expand_path(req.path_info)
end
req.path_info = expanded
end
# Checks if a string contains null characters
# @param [String] str String to test for null characters
# @param [Boolean] Whether the string has null characters
def has_null? (str)
str.split(//).each {|c|
return true if c.eql?("\000")
}
false
end
end
end
end

36
core/ruby/patches/webrick/httputils.rb
View File

@@ -1,36 +0,0 @@
#
# httputils.rb -- HTTPUtils Module
#
# Author: IPR -- Internet Programming with Ruby -- writers
# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
# reserved.
#
# $IPR: httputils.rb,v 1.34 2003/06/05 21:34:08 gotoyuzo Exp $
module WEBrick
module HTTPUtils
# Add support for additional mime types
# @param [String] filename Filename
# @param [Hash] mime_tab Mime Type Hash
#TODO: FIND A WAY TO DO THE SAME IN RACK (modify the default content type returned when requesting audio files - WAV)
def mime_type(filename, mime_tab)
suffix1 = (/\.(\w+)$/ =~ filename && $1.downcase)
suffix2 = (/\.(\w+)\.[\w\-]+$/ =~ filename && $1.downcase)
# @todo Add support for additional mime types
supported_mime_types = {
'wav' => 'audio/x-wav'
}
mime_tab.merge!(supported_mime_types)
mime_tab[suffix1] || mime_tab[suffix2] || "application/octet-stream"
end
module_function :mime_type
end
end

1
extensions/admin_ui/extension.rb
View File

@@ -38,7 +38,6 @@ require 'extensions/admin_ui/classes/httpcontroller'
require 'extensions/admin_ui/classes/session'
# Handlers
require 'extensions/admin_ui/handlers/media'
require 'extensions/admin_ui/handlers/ui'
# API Hooking

42
extensions/admin_ui/handlers/media.rb
View File

@@ -1,42 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module AdminUI
module Handlers
class MediaHandler < WEBrick::HTTPServlet::FileHandler
def do_GET(req, res)
super
# set content types
res.header['content-type']='text/html' # default content type for all pages
res.header['content-type']='text/javascript' if req.path =~ /.json$/
res.header['content-type']='text/javascript' if req.path =~ /.js$/
res.header['content-type']='text/css' if req.path =~ /.css$/
res.header['content-type']='image/png' if req.path =~ /.png$/
res.header['content-type']='image/gif' if req.path =~ /.gif$/
res.header['content-type']='text/xml' if req.path =~ /.xml$/
end
end
end
end
end
end

1
test/unit/core/filter/tc_base.rb
View File

@@ -14,7 +14,6 @@
# limitations under the License.
#
require 'test/unit'
require 'webrick'
require '../../core/filters/base'

1
test/unit/core/filter/tc_command.rb
View File

@@ -14,7 +14,6 @@
# limitations under the License.
#
require 'test/unit'
require 'webrick'
require '../../core/filters/base'
require '../../core/filters/command'

1
test/unit/core/tc_api.rb
View File

@@ -14,7 +14,6 @@
# limitations under the License.
#
require 'test/unit'
require 'webrick'
class TC_Api < Test::Unit::TestCase

1
test/unit/core/tc_core.rb
View File

@@ -14,7 +14,6 @@
# limitations under the License.
#
require 'test/unit'
require 'webrick'
class TC_Core < Test::Unit::TestCase

1
test/unit/core/tc_loader.rb
View File

@@ -14,7 +14,6 @@
# limitations under the License.
#
require 'test/unit'
require 'webrick'
class TC_Loader < Test::Unit::TestCase

1
test/unit/tc_filesystem.rb
View File

@@ -14,7 +14,6 @@
# limitations under the License.
#
require 'test/unit'
require 'webrick'
class TC_Filesystem < Test::Unit::TestCase

1
test/unit/tc_grep.rb
View File

@@ -14,7 +14,6 @@
# limitations under the License.
#
require 'test/unit'
require 'webrick'
class TC_Grep < Test::Unit::TestCase