From 4d0f1981c2c563773fe98815b42602a506625f9d Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Tue, 28 Jul 2015 11:41:46 +0200 Subject: [PATCH] Added RESTful API calls to delete and list rulesets. --- core/main/rest/handlers/autorun_engine.rb | 75 +++++++++++++++++++++-- core/main/server.rb | 2 +- 2 files changed, 71 insertions(+), 6 deletions(-) diff --git a/core/main/rest/handlers/autorun_engine.rb b/core/main/rest/handlers/autorun_engine.rb index 8e15b5dee..e94d087a9 100644 --- a/core/main/rest/handlers/autorun_engine.rb +++ b/core/main/rest/handlers/autorun_engine.rb @@ -28,14 +28,28 @@ module BeEF rloader = BeEF::Core::AutorunEngine::RuleLoader.instance rloader.load(data) rescue => e - err = 'Malformed JSON ruleset.' - print_error "[ARE] Ruleset ERROR. #{e.message}" - { 'success' => false, 'error' => err }.to_json + err = 'Malformed JSON ruleset.' + print_error "[ARE] ERROR: #{e.message}" + { 'success' => false, 'error' => err }.to_json + end + end + + # Delete a ruleset + get '/rule/delete/:rule_id' do + begin + rule_id = params[:rule_id] + rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id) + rule.destroy + { 'success' => true}.to_json + rescue => e + err = 'Error getting rule.' + print_error "[ARE] ERROR: #{e.message}" + { 'success' => false, 'error' => err }.to_json end end # Trigger a specified rule_id on online hooked browsers. Offline hooked browsers are ignored - post '/rule/trigger/:rule_id' do + get '/rule/trigger/:rule_id' do begin rule_id = params[:rule_id] @@ -53,12 +67,63 @@ module BeEF match_rules = are.match(browser_name, browser_version, os_name, os_version, rule_id) are.trigger(match_rules, hb.id) if match_rules.length > 0 end + { 'success' => true }.to_json else { 'success' => false, 'error' => 'There are currently no hooked browsers online.' }.to_json end rescue => e err = 'Malformed JSON ruleset.' - print_error "[ARE] Something went wrong #{e.message}" + print_error "[ARE] ERROR: #{e.message}" + { 'success' => false, 'error' => err }.to_json + end + end + + # Delete a ruleset + get '/rule/list/:rule_id' do + begin + rule_id = params[:rule_id] + if rule_id == 'all' + result = Array.new + rules = BeEF::Core::AutorunEngine::Models::Rule.all + rules.each do |rule| + { + 'id' => rule.id, + 'name'=> rule.name, + 'author'=> rule.author, + 'browser'=> rule.browser, + 'browser_version'=> rule.browser_version, + 'os'=> rule.os, + 'os_version'=> rule.os_version, + 'modules'=> rule.modules, + 'execution_order'=> rule.execution_order, + 'execution_delay'=> rule.execution_delay, + 'chain_mode'=> rule.chain_mode + } + result.push rule + end + else + result = nil + rule = BeEF::Core::AutorunEngine::Models::Rule.get(rule_id) + if rule != nil + result = { + 'id' => rule.id, + 'name'=> rule.name, + 'author'=> rule.author, + 'browser'=> rule.browser, + 'browser_version'=> rule.browser_version, + 'os'=> rule.os, + 'os_version'=> rule.os_version, + 'modules'=> rule.modules, + 'execution_order'=> rule.execution_order, + 'execution_delay'=> rule.execution_delay, + 'chain_mode'=> rule.chain_mode + } + end + end + { 'success' => true, 'rules' => result}.to_json + rescue => e + err = 'Error getting rule(s)' + print_error "[ARE] ERROR: #{e.message}" { 'success' => false, 'error' => err }.to_json end end diff --git a/core/main/server.rb b/core/main/server.rb index 5b5393a5a..1b418c4a1 100644 --- a/core/main/server.rb +++ b/core/main/server.rb @@ -127,7 +127,7 @@ module BeEF @http_server.start # starts the web server rescue RuntimeError => e if e.message =~ /no acceptor/ # the port is in use - print_error "Another process is already listening on port #{@configuration.get('beef.http.port')}, or you're trying to bind BeEF on an invalid IP." + print_error "Another process is already listening on port #{@configuration.get('beef.http.port')}, or you're trying to bind BeEF to an invalid IP." print_error "Is BeEF already running? Exiting..." exit 127 else