From 83697ece40276015edda297a0367ed80b4865f07 Mon Sep 17 00:00:00 2001
From: "wade@bindshell.net"
 <wade@bindshell.net@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Sat, 4 Dec 2010 02:25:51 +0000
Subject: [PATCH] Requester filters updated

git-svn-id: https://beef.googlecode.com/svn/trunk@595 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 lib/filter/base.rb            |  9 +++++++++
 lib/filter/requester.rb       | 37 +++++++++++++++++-----------------
 lib/ui/requester/requester.rb | 38 +++++++++++++++++++++--------------
 3 files changed, 50 insertions(+), 34 deletions(-)

diff --git a/lib/filter/base.rb b/lib/filter/base.rb
index c2505328c..2723cf352 100644
--- a/lib/filter/base.rb
+++ b/lib/filter/base.rb
@@ -71,6 +71,15 @@ module BeEF
       only?("a-zA-Z0-9", str)
     end
           
+    # check if valid ip address string
+    # TODO add unit tests
+    def self.is_valid_ip?(ip)
+      return true if ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
+      false
+    end
+
+          
+          
 
   end
   
diff --git a/lib/filter/requester.rb b/lib/filter/requester.rb
index 47822f615..094c0fe64 100644
--- a/lib/filter/requester.rb
+++ b/lib/filter/requester.rb
@@ -1,26 +1,25 @@
 module BeEF
   
   module Filter
+    
+    def self.is_valid_verb?(verb)
+      return true if verb.eql? 'GET' or verb.eql? 'POST'
+      false
+    end
 
-    # check if request is valid
-    # @param: {WEBrick::HTTPUtils::FormData} request object
-    def self.is_valid_request?(request)
-      #check a webrick object is sent
-      raise 'your request is of invalid type' if not request.is_a? WEBrick::HTTPRequest
-      
-      #check http method
-      raise 'only GET or POST requests are supported for http requests' if not request.request_method.eql? 'GET' or request.request_method.eql? 'POST'
-      
-      #check uri
-      raise 'the uri is missing' if not request.unparsed_uri
-      
-      #check host
-      raise 'http host missing' if request.host.nil?
-      
-      #check domain
-      raise 'invalid http domain' if not URI.parse(request.host)
-      
-      true
+    def self.is_valid_url?(uri)
+      return true if uri.eql? WEBrick::HTTPUtils.normalize_path(uri)
+      false
+    end
+
+    def self.is_valid_http_version?(version)
+      return true if version.eql? "HTTP/1.1" or trailer.eql? "HTTP/1.0"
+      false
+    end
+
+    def self.is_valid_host_str?(host_str)
+      return true if host_str.eql? "Host:"
+      false
     end
 
   end
diff --git a/lib/ui/requester/requester.rb b/lib/ui/requester/requester.rb
index 154392704..59ae83aad 100644
--- a/lib/ui/requester/requester.rb
+++ b/lib/ui/requester/requester.rb
@@ -23,7 +23,7 @@ class Requester < BeEF::HttpController
   def send_request
     # validate that the hooked browser's session has been sent
     zombie_session = @params['zombie_session'] || nil
-    raise WEBrick::HTTPStatus::BadRequest, "Zombie session is nil" if zombie_session.nil?
+    raise WEBrick::HTTPStatus::BadRequest, "Invalid session id" if not Filter.is_valid_hook_session_id?(zombie_session)
     
     # validate that the hooked browser exists in the db
     zombie = Z.first(:session => zombie_session) || nil
@@ -39,28 +39,36 @@ class Requester < BeEF::HttpController
     raise WEBrick::HTTPStatus::BadRequest, "nonce is nil" if nonce.nil?
     raise WEBrick::HTTPStatus::BadRequest, "nonce incorrect" if @session.get_nonce != nonce
     
-    webrick = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
-    
     # validate that the raw request is correct and can be used
-    # will raise an exception on failure
-    s = StringIO.new raw_request
-    webrick.parse(s)
-    
-    # if the request is invalide, an exception will be raised
-    Filter.is_valid_request?(webrick)
-    
+    req_parts = raw_request.split(/ |\n/) # break up the request
+    verb = req_parts[0]
+    raise 'Only GET or POST requests are supported' if not Filter.is_valid_verb?(verb) #check verb
+    uri = req_parts[1]
+    raise 'Invalid URI' if not Filter.is_valid_url?(uri) #check uri
+    version = req_parts[2]
+    raise 'Invalid HTTP version' if not Filter.is_valid_http_version?(version) # check http version - HTTP/1.0
+    host_str = req_parts[3]
+    raise 'Invalid HTTP version' if not Filter.is_valid_host_str?(host_str) # check host string - Host:
+    host = req_parts[4]
+    raise 'Invalid hostname' if not Filter.is_valid_hostname?(host) # check the target hostname
+
+    # (re)build the request
+    green_request = StringIO.new(verb + " " + uri + " " +  version + "\n" + host_str + " " + host)
+    request = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
+    request.parse(green_request)
+        
     # Saves the new HTTP request.
     http = H.new(
       :request => raw_request,
-      :method => webrick.request_method,
-      :domain => webrick.host,
-      :path => webrick.unparsed_uri,
+      :method => request.request_method,
+      :domain => request.host,
+      :path => request.unparsed_uri,
       :date => Time.now,
       :zombie_id => zombie.id
     )
     
-    if webrick.request_method.eql? 'POST'
-      http.content_length = webrick.content_length
+    if request.request_method.eql? 'POST'
+      http.content_length = request.content_length
     end
     
     http.save