From 4e741a067b141dc833d4a513af5335113ea82e85 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sat, 28 May 2016 05:44:04 +0000
Subject: [PATCH] Add bind_cached

---
 core/main/network_stack/assethandler.rb       | 39 ++++++++++++++++++-
 .../cross_origin_scanner_flash/module.rb      |  4 +-
 2 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/core/main/network_stack/assethandler.rb b/core/main/network_stack/assethandler.rb
index 2d8aee00f..cb542cc07 100644
--- a/core/main/network_stack/assethandler.rb
+++ b/core/main/network_stack/assethandler.rb
@@ -88,7 +88,44 @@ module Handlers
 
         url
     end
-    
+
+    # Binds a file to a mount point (cached for 1 year)
+    # @param [String] file File path to asset
+    # @param [String] path URL path to mount the asset to (can be nil for random path)
+    # @param [String] extension File extension (.x). If == nil content-type is text/plain, otherwise use the right one via MIME::Types.type_for()
+    # @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
+    # @return [String] URL Path of mounted asset
+    # @todo This function should accept a hooked browser session to limit the mounted file to a certain session
+    def bind_cached(file, path=nil, extension=nil, count=-1)
+        url = build_url(path, extension)
+        @allocations[url] = {'file' => "#{root_dir}"+file,
+                             'path' => path,
+                             'extension' => extension,
+                             'count' => count}
+
+        resp_body = File.read("#{root_dir}#{file}")
+
+        if extension.nil? || MIME::Types.type_for(extension).empty?
+          content_type = 'text/plain'
+        else
+          content_type = MIME::Types.type_for(extension).first.content_type
+        end
+
+        @http_server.mount(
+            url,
+            BeEF::Core::NetworkStack::Handlers::Raw.new(
+              '200', {
+                'Content-Type' => content_type,
+                'Expires' => CGI.rfc1123_date(Time.now+(60*60*24*365)) },
+              resp_body)
+        )
+
+        @http_server.remap
+        print_info "File [#{file}] bound to Url [#{url}] using Content-type [#{content_type}]"
+
+        url
+    end
+
     # Unbinds a file from a mount point
     # @param [String] url URL path of asset to be unbinded
     #TODO: check why is throwing exception
diff --git a/modules/network/cross_origin_scanner_flash/module.rb b/modules/network/cross_origin_scanner_flash/module.rb
index 34e6db75c..a2485a591 100644
--- a/modules/network/cross_origin_scanner_flash/module.rb
+++ b/modules/network/cross_origin_scanner_flash/module.rb
@@ -6,8 +6,8 @@
 class Cross_origin_scanner_flash < BeEF::Core::Command
 
   def pre_send
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/cross_origin_scanner_flash/ContentHijacking.swf','/objects/ContentHijacking','swf')
-    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/cross_origin_scanner_flash/swfobject.js', '/swfobject', 'js')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_cached('/modules/network/cross_origin_scanner_flash/ContentHijacking.swf','/objects/ContentHijacking','swf')
+    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind_cached('/modules/network/cross_origin_scanner_flash/swfobject.js', '/swfobject', 'js')
   end
 
   def post_execute