From 71a67defd48a2da48ebc3048b6172d26bbf58014 Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Tue, 8 Oct 2013 14:08:52 +0100 Subject: [PATCH] Added new RESTful API method to bind a local file to a url. Also added "dropper" directory into Social Engineering extension. --- core/bootstrap.rb | 1 + core/main/rest/api.rb | 7 ++++ core/main/rest/handlers/server.rb | 41 +++++++++++++++++++ .../social_engineering/droppers/readme.txt | 9 ++++ 4 files changed, 58 insertions(+) create mode 100644 core/main/rest/handlers/server.rb create mode 100644 extensions/social_engineering/droppers/readme.txt diff --git a/core/bootstrap.rb b/core/bootstrap.rb index 71dcfb88c..372ce86d9 100644 --- a/core/bootstrap.rb +++ b/core/bootstrap.rb @@ -45,6 +45,7 @@ require 'core/main/rest/handlers/modules' require 'core/main/rest/handlers/categories' require 'core/main/rest/handlers/logs' require 'core/main/rest/handlers/admin' +require 'core/main/rest/handlers/server' require 'core/main/rest/api' ## @note Include Websocket diff --git a/core/main/rest/api.rb b/core/main/rest/api.rb index 12a26614c..109aa4ff5 100644 --- a/core/main/rest/api.rb +++ b/core/main/rest/api.rb @@ -37,12 +37,19 @@ module BeEF end end + module RegisterServerHandler + def self.mount_handler(server) + server.mount('/api/server', BeEF::Core::Rest::Server.new) + end + end + BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler') + BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler') # # Check the source IP is within the permitted subnet diff --git a/core/main/rest/handlers/server.rb b/core/main/rest/handlers/server.rb new file mode 100644 index 000000000..361359acf --- /dev/null +++ b/core/main/rest/handlers/server.rb @@ -0,0 +1,41 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# + +module BeEF + module Core + module Rest + class Server < BeEF::Core::Router::Router + + config = BeEF::Core::Configuration.instance + http_server = BeEF::Core::Server.instance + + before do + error 401 unless params[:token] == config.get('beef.api_token') + halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip) + headers 'Content-Type' => 'application/json; charset=UTF-8', + 'Pragma' => 'no-cache', + 'Cache-Control' => 'no-cache', + 'Expires' => '0' + end + + + # @note Binds a local file to a specified path in BeEF's web server + post '/bind' do + request.body.rewind + begin + data = JSON.parse request.body.read + mount = data['mount'] + local_file = data['local_file'] + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount) + status 200 + rescue Exception => e + error 400 + end + end + end + end + end +end \ No newline at end of file diff --git a/extensions/social_engineering/droppers/readme.txt b/extensions/social_engineering/droppers/readme.txt new file mode 100644 index 000000000..320ba710f --- /dev/null +++ b/extensions/social_engineering/droppers/readme.txt @@ -0,0 +1,9 @@ +This directory will contain the droppers (executables, JARs, browser extensions, etc..) +that you want to have available on the BeEF server. + +For example, if you want to have bin.exe available at http://beefserver/bin.exe, +use the following RESTful API call: + +curl -H "Content-Type: application/json; charset=UTF-8" -d +'{"mount":"/bin.exe", "local_file":"/extensions/social_engineering/droppers/bin.exe"}' + -X POST http://beefserver/api/server/bind?token= \ No newline at end of file