Fixed JSON parsing error to prevent DoS

2015-05-04 09:42:09 +02:00
parent 0657a3f1f9
commit 4db4354c24
1 changed files with 7 additions and 3 deletions
--- a/core/main/network_stack/websocket/websocket.rb
+++ b/core/main/network_stack/websocket/websocket.rb
@@ -168,8 +168,9 @@ module BeEF
                begin
                  secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.")
                  ws.onmessage { |msg|
-                    msg_hash = JSON.parse("#{msg}")
-                    #@note messageHash[result] is Base64 encoded
+                    begin
+                      msg_hash = JSON.parse("#{msg}")
+                      #@note messageHash[result] is Base64 encoded
                    if (msg_hash["cookie"]!= nil)
                      print_debug("WebSocket - Browser says helo! WebSocket is running")
                      #insert new connection in activesocket
@@ -202,9 +203,12 @@ module BeEF
                      #print_debug("Received from WebSocket #{messageHash}")
                      execute(msg_hash)
                    end
+                    rescue => e
+                      print_error "WebSocket - something wrong in msg handling - skipped: #{e}"
+                    end
                  }
                rescue => e
-                  print_error "WebSocket error: #{e}"
+                  print_error "WebSocket staring error: #{e}"
                end
              end
            }