From 4db4354c241c1db2a5a0fbcfc3de367108d81ae5 Mon Sep 17 00:00:00 2001
From: radoen <scream1988@gmail.com>
Date: Mon, 4 May 2015 09:42:09 +0200
Subject: [PATCH] Fixed JSON parsing error to prevent DoS

---
 core/main/network_stack/websocket/websocket.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/core/main/network_stack/websocket/websocket.rb b/core/main/network_stack/websocket/websocket.rb
index ac9cf8953..863707588 100644
--- a/core/main/network_stack/websocket/websocket.rb
+++ b/core/main/network_stack/websocket/websocket.rb
@@ -168,8 +168,9 @@ module BeEF
                 begin
                   secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.")
                   ws.onmessage { |msg|
-                    msg_hash = JSON.parse("#{msg}")
-                    #@note messageHash[result] is Base64 encoded
+                    begin
+                      msg_hash = JSON.parse("#{msg}")
+                      #@note messageHash[result] is Base64 encoded
                     if (msg_hash["cookie"]!= nil)
                       print_debug("WebSocket - Browser says helo! WebSocket is running")
                       #insert new connection in activesocket
@@ -202,9 +203,12 @@ module BeEF
                       #print_debug("Received from WebSocket #{messageHash}")
                       execute(msg_hash)
                     end
+                    rescue => e
+                      print_error "WebSocket - something wrong in msg handling - skipped: #{e}"
+                    end
                   }
                 rescue => e
-                  print_error "WebSocket error: #{e}"
+                  print_error "WebSocket staring error: #{e}"
                 end
               end
             }