From 4c1ed2ee2e41a44af9b21bdc1b9d774c580d94ed Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Tue, 22 Nov 2011 10:20:44 +0100 Subject: [PATCH] completely removed WebRick dependency and references in the code!! fuck yeah --- core/loader.rb | 1 - core/ruby.rb | 8 -- core/ruby/patches/webrick/cookie.rb | 39 ------ core/ruby/patches/webrick/genericserver.rb | 29 ----- core/ruby/patches/webrick/httprequest.rb | 113 ------------------ core/ruby/patches/webrick/httpresponse.rb | 92 -------------- .../webrick/httpservlet/filehandler.rb | 51 -------- core/ruby/patches/webrick/httputils.rb | 36 ------ extensions/admin_ui/extension.rb | 1 - extensions/admin_ui/handlers/media.rb | 42 ------- test/unit/core/filter/tc_base.rb | 1 - test/unit/core/filter/tc_command.rb | 1 - test/unit/core/tc_api.rb | 1 - test/unit/core/tc_core.rb | 1 - test/unit/core/tc_loader.rb | 1 - test/unit/tc_filesystem.rb | 1 - test/unit/tc_grep.rb | 1 - 17 files changed, 419 deletions(-) delete mode 100644 core/ruby/patches/webrick/cookie.rb delete mode 100644 core/ruby/patches/webrick/genericserver.rb delete mode 100644 core/ruby/patches/webrick/httprequest.rb delete mode 100644 core/ruby/patches/webrick/httpresponse.rb delete mode 100644 core/ruby/patches/webrick/httpservlet/filehandler.rb delete mode 100644 core/ruby/patches/webrick/httputils.rb delete mode 100644 extensions/admin_ui/handlers/media.rb diff --git a/core/loader.rb b/core/loader.rb index ad9b9763b..f811d54f9 100644 --- a/core/loader.rb +++ b/core/loader.rb @@ -15,7 +15,6 @@ # @note Include here all the gems we are using require 'rubygems' -require 'webrick' require 'thin' require 'dm-core' require 'dm-migrations' diff --git a/core/ruby.rb b/core/ruby.rb index 6b2b175ae..3ad0f7360 100644 --- a/core/ruby.rb +++ b/core/ruby.rb @@ -24,14 +24,6 @@ require 'core/ruby/string' require 'core/ruby/print' require 'core/ruby/hash' -# @note Patching WebRick -require 'core/ruby/patches/webrick/httprequest' -require 'core/ruby/patches/webrick/cookie' -require 'core/ruby/patches/webrick/genericserver' -require 'core/ruby/patches/webrick/httpresponse' -require 'core/ruby/patches/webrick/httpservlet/filehandler.rb' -require 'core/ruby/patches/webrick/httputils.rb' - # @note Patching DataMapper Data Objects Adapter (dm-do-adapter) require 'core/ruby/patches/dm-do-adapter/adapter.rb' diff --git a/core/ruby/patches/webrick/cookie.rb b/core/ruby/patches/webrick/cookie.rb deleted file mode 100644 index 4217628fb..000000000 --- a/core/ruby/patches/webrick/cookie.rb +++ /dev/null @@ -1,39 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module WEBrick - - class Cookie - attr_accessor :httponly - - # Convert cookie object to a string representation - # @return [String] ret String of information about cookie - def to_s - ret = "" - ret << @name << "=" << @value - ret << "; " << "Version=" << @version.to_s if @version > 0 - ret << "; " << "Domain=" << @domain if @domain - ret << "; " << "Expires=" << @expires if @expires - ret << "; " << "Max-Age=" << @max_age.to_s if @max_age - ret << "; " << "Comment=" << @comment if @comment - ret << "; " << "Path=" << @path if @path - ret << "; " << "Secure" if @secure - ret << "; " << "HttpOnly" if @httponly - ret - end - - end - -end diff --git a/core/ruby/patches/webrick/genericserver.rb b/core/ruby/patches/webrick/genericserver.rb deleted file mode 100644 index 1e12898db..000000000 --- a/core/ruby/patches/webrick/genericserver.rb +++ /dev/null @@ -1,29 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module WEBrick - - class HTTPServer < ::WEBrick::GenericServer - - # @note I'm patching WEBrick so it does not log http requests anymore. - # The reason being that it seems to considerably slow down BeEF which receives - # numerous requests simultaneously. Additionally, it was also found to crash - # the thread when not being able to write to the log file (which happened when - # overloaded). - def access_log(config, req, res); return; end - - end - -end diff --git a/core/ruby/patches/webrick/httprequest.rb b/core/ruby/patches/webrick/httprequest.rb deleted file mode 100644 index 031344adb..000000000 --- a/core/ruby/patches/webrick/httprequest.rb +++ /dev/null @@ -1,113 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module WEBrick - - class HTTPRequest - - # @note I'm patching the HTTPRequest class so that it when it receives POST - # http requests, it parses the query present in the body even if the - # content type is not set. - # The reason for this patch is that when a zombie sends back data to - # BeEF, that data was not parsed because by default the content-type - # was not set directly. I prefer patching WEBrick rather than editing - # the BeEFJS library because cross domain http requests would be harder - # to implement at the server level. - # @note This function would need to be modified if we ever needed to use multipart POST requests. - def parse_query() - begin - if @request_method == "GET" || @request_method == "HEAD" - @query = HTTPUtils::parse_query(@query_string) - elsif @request_method == 'POST' || self['content-type'] =~ /^application\/x-www-form-urlencoded/ - @query = HTTPUtils::parse_query(body) - elsif self['content-type'] =~ /^multipart\/form-data; boundary=(.+)/ - boundary = HTTPUtils::dequote($1) - @query = HTTPUtils::parse_form_data(body, boundary) - else - @query = Hash.new - end - rescue => ex - raise HTTPStatus::BadRequest, ex.message - end - end - - # Get cookie value - # @param [String] name Key name - # @return [String] Value stored against the key name or nil if not found - def get_cookie_value(name) - return nil if name.nil? - @cookies.each{|cookie| - c = WEBrick::Cookie.parse_set_cookie(cookie.to_s) - return c.value if (c.name.to_s.eql? name) - } - nil - end - - # Get Referrer domain name - # @return [String] Domain name or nil - def get_referer_domain - referer = header['referer'][0] - if referer =~ /\:\/\/([0-9a-zA-A\.]*(\:[0-9]+)?)\// - return $1 - end - nil - end - - # Get hook session id - # @return [String] Hook session id or nil - def get_hook_session_id() - config = BeEF::Core::Configuration.instance - hook_session_name = config.get('beef.http.hook_session_name') - @query[hook_session_name] || nil - end - - # Return the command module command_id value from the request - # @return [String] Command module id or nil - def get_command_id() - @query['command_id'] || nil - end - - # @note Attack vectors send through the Requester/Proxy by default are parsed as Bad URIs, and not sent. - # For example: request like the following: http://192.168.10.128/dvwa/vulnerabilities/xss_r/?name=ciccioba83e7918817a3ad is blocked (ERROR bad URI) - # We're overwriting the URI Parser UNRESERVED regex to prevent such behavior (see tolerant_parser) - def parse_uri(str, scheme="http") - if @config[:Escape8bitURI] - str = HTTPUtils::escape8bit(str) - end - - tolerant_parser = URI::Parser.new(:UNRESERVED => BeEF::Core::Configuration.instance.get("beef.extension.requester.uri_unreserved_chars")) - uri = tolerant_parser.parse(str) - return uri if uri.absolute? - if @forwarded_host - host, port = @forwarded_host, @forwarded_port - elsif self["host"] - pattern = /\A(#{URI::REGEXP::PATTERN::HOST})(?::(\d+))?\z/n - host, port = *self['host'].scan(pattern)[0] - elsif @addr.size > 0 - host, port = @addr[2], @addr[1] - else - host, port = @config[:ServerName], @config[:Port] - end - uri.scheme = @forwarded_proto || scheme - uri.host = host - uri.port = port ? port.to_i : nil - - return tolerant_parser::parse(uri.to_s) - end - - - end - -end diff --git a/core/ruby/patches/webrick/httpresponse.rb b/core/ruby/patches/webrick/httpresponse.rb deleted file mode 100644 index 006766e5b..000000000 --- a/core/ruby/patches/webrick/httpresponse.rb +++ /dev/null @@ -1,92 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module WEBrick - - class HTTPResponse - - # Add/Update HTTP response headers with those contained in original_headers Hash - # @param [Hash] original_headers Hash of headers - def override_headers(original_headers) - original_headers.each{ |key, value| @header[key.downcase] = value } - end - - # Set caching headers none - def set_no_cache() - @header['ETag'] = nil - @header['Last-Modified'] = Time.now + 100**4 - @header['Expires'] = Time.now - 100**4 - @header['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0' - @header['Pragma'] = 'no-cache' - end - - # Set the cookie in the response - # @param [String] name Name of the cookie - # @param [String] value Value of the cookie - # @param [String] path Path of the cookie - # @param [Boolean] httponly If the cookie is HTTP only - # @param [Boolean] secure If the cookie is secure only - # @note Limit: only one set-cookie will be within the response - def set_cookie(name, value, path = '/', httponly = true, secure = true) - cookie = WEBrick::Cookie.new(name, value) - cookie.path = path - cookie.httponly = httponly - cookie.secure = secure - - # add cookie to response header - @header['Set-Cookie'] = cookie.to_s - end - - # @note This patch should prevent leakage of directory listing, access auth errors, etc. - def set_error(ex, backtrace=false) - - # set repsonse headers - @status = 404; - @header['content-type'] = "text/html; charset=UTF-8" - - # set response content - @body = '' - @body << <<-_end_of_html_ - - - - No page for you! - - - - - - - - -
- -

These aren't the pages you're looking for

- -
- - - - _end_of_html_ - - end - end -end diff --git a/core/ruby/patches/webrick/httpservlet/filehandler.rb b/core/ruby/patches/webrick/httpservlet/filehandler.rb deleted file mode 100644 index 74b4eb252..000000000 --- a/core/ruby/patches/webrick/httpservlet/filehandler.rb +++ /dev/null @@ -1,51 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# The following file contains patches for WEBrick. - -module WEBrick -module HTTPServlet - - class FileHandler - - # Prevent directory traversal attacks - # @param [Object] req Request object - # @param [Object] res Response object - def prevent_directory_traversal(req, res) - raise WEBrick::HTTPStatus::BadRequest, "null character in path" if has_null?(req.path_info) - - if trailing_pathsep?(req.path_info) - expanded = File.expand_path(req.path_info + "x") - expanded.chop! # remove trailing "x" - else - expanded = File.expand_path(req.path_info) - end - req.path_info = expanded - end - - # Checks if a string contains null characters - # @param [String] str String to test for null characters - # @param [Boolean] Whether the string has null characters - def has_null? (str) - str.split(//).each {|c| - return true if c.eql?("\000") - } - false - end - - end - -end -end diff --git a/core/ruby/patches/webrick/httputils.rb b/core/ruby/patches/webrick/httputils.rb deleted file mode 100644 index 99f617531..000000000 --- a/core/ruby/patches/webrick/httputils.rb +++ /dev/null @@ -1,36 +0,0 @@ -# -# httputils.rb -- HTTPUtils Module -# -# Author: IPR -- Internet Programming with Ruby -- writers -# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou -# Copyright (c) 2002 Internet Programming with Ruby writers. All rights -# reserved. -# -# $IPR: httputils.rb,v 1.34 2003/06/05 21:34:08 gotoyuzo Exp $ - - -module WEBrick - - module HTTPUtils - - # Add support for additional mime types - # @param [String] filename Filename - # @param [Hash] mime_tab Mime Type Hash - #TODO: FIND A WAY TO DO THE SAME IN RACK (modify the default content type returned when requesting audio files - WAV) - def mime_type(filename, mime_tab) - suffix1 = (/\.(\w+)$/ =~ filename && $1.downcase) - suffix2 = (/\.(\w+)\.[\w\-]+$/ =~ filename && $1.downcase) - - # @todo Add support for additional mime types - supported_mime_types = { - 'wav' => 'audio/x-wav' - } - - mime_tab.merge!(supported_mime_types) - - mime_tab[suffix1] || mime_tab[suffix2] || "application/octet-stream" - end - module_function :mime_type - - end -end diff --git a/extensions/admin_ui/extension.rb b/extensions/admin_ui/extension.rb index 1c2371bdf..d10ab26bb 100644 --- a/extensions/admin_ui/extension.rb +++ b/extensions/admin_ui/extension.rb @@ -38,7 +38,6 @@ require 'extensions/admin_ui/classes/httpcontroller' require 'extensions/admin_ui/classes/session' # Handlers -require 'extensions/admin_ui/handlers/media' require 'extensions/admin_ui/handlers/ui' # API Hooking diff --git a/extensions/admin_ui/handlers/media.rb b/extensions/admin_ui/handlers/media.rb deleted file mode 100644 index e661446a9..000000000 --- a/extensions/admin_ui/handlers/media.rb +++ /dev/null @@ -1,42 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module BeEF -module Extension -module AdminUI -module Handlers - -class MediaHandler < WEBrick::HTTPServlet::FileHandler - - def do_GET(req, res) - super - - # set content types - res.header['content-type']='text/html' # default content type for all pages - res.header['content-type']='text/javascript' if req.path =~ /.json$/ - res.header['content-type']='text/javascript' if req.path =~ /.js$/ - res.header['content-type']='text/css' if req.path =~ /.css$/ - res.header['content-type']='image/png' if req.path =~ /.png$/ - res.header['content-type']='image/gif' if req.path =~ /.gif$/ - res.header['content-type']='text/xml' if req.path =~ /.xml$/ - - end - -end - -end -end -end -end \ No newline at end of file diff --git a/test/unit/core/filter/tc_base.rb b/test/unit/core/filter/tc_base.rb index fe8cf94a8..92c18a722 100644 --- a/test/unit/core/filter/tc_base.rb +++ b/test/unit/core/filter/tc_base.rb @@ -14,7 +14,6 @@ # limitations under the License. # require 'test/unit' -require 'webrick' require '../../core/filters/base' diff --git a/test/unit/core/filter/tc_command.rb b/test/unit/core/filter/tc_command.rb index a7b520b3b..a92ef534b 100644 --- a/test/unit/core/filter/tc_command.rb +++ b/test/unit/core/filter/tc_command.rb @@ -14,7 +14,6 @@ # limitations under the License. # require 'test/unit' -require 'webrick' require '../../core/filters/base' require '../../core/filters/command' diff --git a/test/unit/core/tc_api.rb b/test/unit/core/tc_api.rb index 01981a2d2..7ce063074 100644 --- a/test/unit/core/tc_api.rb +++ b/test/unit/core/tc_api.rb @@ -14,7 +14,6 @@ # limitations under the License. # require 'test/unit' -require 'webrick' class TC_Api < Test::Unit::TestCase diff --git a/test/unit/core/tc_core.rb b/test/unit/core/tc_core.rb index 71cb42b96..8b3d00b0c 100644 --- a/test/unit/core/tc_core.rb +++ b/test/unit/core/tc_core.rb @@ -14,7 +14,6 @@ # limitations under the License. # require 'test/unit' -require 'webrick' class TC_Core < Test::Unit::TestCase diff --git a/test/unit/core/tc_loader.rb b/test/unit/core/tc_loader.rb index 711e7b368..9fed8fc4e 100644 --- a/test/unit/core/tc_loader.rb +++ b/test/unit/core/tc_loader.rb @@ -14,7 +14,6 @@ # limitations under the License. # require 'test/unit' -require 'webrick' class TC_Loader < Test::Unit::TestCase diff --git a/test/unit/tc_filesystem.rb b/test/unit/tc_filesystem.rb index 72e5e4463..b821af153 100644 --- a/test/unit/tc_filesystem.rb +++ b/test/unit/tc_filesystem.rb @@ -14,7 +14,6 @@ # limitations under the License. # require 'test/unit' -require 'webrick' class TC_Filesystem < Test::Unit::TestCase diff --git a/test/unit/tc_grep.rb b/test/unit/tc_grep.rb index b6a4011dc..805f2c023 100644 --- a/test/unit/tc_grep.rb +++ b/test/unit/tc_grep.rb @@ -14,7 +14,6 @@ # limitations under the License. # require 'test/unit' -require 'webrick' class TC_Grep < Test::Unit::TestCase