diff --git a/config.yaml b/config.yaml index 01f82bc0c..33fa8497a 100644 --- a/config.yaml +++ b/config.yaml @@ -38,8 +38,8 @@ beef: hook_session_name: "BEEFHOOK" session_cookie_name: "BEEFSESSION" - # Allow one or multiple domains to access the RESTful API using CORS - # For multiple domains use: "http://browserhacker.com, http://domain2.com" + # Allow one or multiple origins to access the RESTful API using CORS + # For multiple origins use: "http://browserhacker.com, http://domain2.com" restful_api: allow_cors: false cors_allowed_domains: "http://browserhacker.com" diff --git a/core/main/client/browser.js b/core/main/client/browser.js index 58adfef3a..0945a53fe 100644 --- a/core/main/client/browser.js +++ b/core/main/client/browser.js @@ -1214,7 +1214,7 @@ beef.browser = { self.frames[i].document.body.appendChild(script); beef.debug("Hooked child frame [src:"+self.frames[i].window.location.href+"]"); } catch (e) { - // warn on cross-domain + // warn on cross-origin beef.debug("Hooking child frame failed: "+e.message); } } @@ -2054,7 +2054,7 @@ beef.browser = { /** * A function that gets the max number of simultaneous connections the - * browser can make per domain, or globally on all domains. + * browser can make per origin, or globally on all origin. * * This code is based on research from browserspy.dk * diff --git a/core/main/client/mitb.js b/core/main/client/mitb.js index e0071c98e..45d736849 100644 --- a/core/main/client/mitb.js +++ b/core/main/client/mitb.js @@ -33,11 +33,11 @@ beef.mitb = { //GET request if (method == "GET") { - //GET request -> cross-domain + //GET request -> cross-origin if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) { beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url); window.open(url); - }else { //GET request -> same-domain + }else { //GET request -> same-origin beef.mitb.sniff("GET [Ajax Request]: " + url); if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) { var title = ""; @@ -198,7 +198,7 @@ beef.mitb = { beef.mitb.sniff("GET: " + url); } catch (x) { - // the link is cross-domain, so load the resource in a different tab + // the link is cross-origin, so load the resource in a different tab window.open(url); beef.mitb.sniff("GET [New Window]: " + url); } diff --git a/core/main/client/net.js b/core/main/client/net.js index c037b63fc..45a284b76 100644 --- a/core/main/client/net.js +++ b/core/main/client/net.js @@ -71,7 +71,7 @@ beef.net = { response: function () { this.status_code = null; // 500, 404, 200, 302 this.status_text = null; // success, timeout, error, ... - this.response_body = null; // "…." if not a cross domain request + this.response_body = null; // "…." if not a cross-origin request this.port_status = null; // tcp port is open, closed or not http this.was_cross_domain = null; // true or false this.was_timedout = null; // the user specified timeout was reached diff --git a/test/integration/tc_debug_modules.rb b/test/integration/tc_debug_modules.rb index bcb46729a..064fd343b 100644 --- a/test/integration/tc_debug_modules.rb +++ b/test/integration/tc_debug_modules.rb @@ -141,7 +141,7 @@ class TC_DebugModules < Test::Unit::TestCase # Test debug module "Test_network_request" using the RESTful API def test_return_network_request - # Test same-domain request (response code and content of secret_page.html) + # Test same-origin request (response code and content of secret_page.html) response = RestClient.post "#{RESTAPI_MODULES}/#{@@hb_session}/#{@@mod_debug_test_network}?token=#{@@token}", #override only a few parameters, the other ones will have default values from modules's module.rb definition {"domain" => ATTACK_DOMAIN, "port" => "3000", "path" => "/demos/secret_page.html"}.to_json,