From 916828e131db409748ed6efa75e32dca9010c67a Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Sun, 28 Jun 2015 08:53:23 +0000 Subject: [PATCH] Add 'verify_ssl' option to social engineering config --- extensions/social_engineering/config.yaml | 4 +++- .../social_engineering/mass_mailer/mass_mailer.rb | 4 +++- extensions/social_engineering/web_cloner/web_cloner.rb | 10 ++++++++-- test/integration/tc_social_engineering_rest.rb | 2 +- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/extensions/social_engineering/config.yaml b/extensions/social_engineering/config.yaml index 892a2ccb9..62a98288f 100644 --- a/extensions/social_engineering/config.yaml +++ b/extensions/social_engineering/config.yaml @@ -13,6 +13,7 @@ beef: # NOTE: you must have 'wget' in your PATH add_beef_hook: true user_agent: "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2" + verify_ssl: true mass_mailer: # NOTE: you must have 'file' in your PATH user_agent: "Microsoft-MacOutlook/12.12.0.111556" @@ -20,6 +21,7 @@ beef: port: 587 use_auth: true use_tls: true + verify_ssl: true helo: "gmail.com" # this is usually the domain name auth: "youruser@gmail.com" password: "yourpass" @@ -50,4 +52,4 @@ beef: # the default payload being used is windows/meterpreter/reverse_https msf_reverse_handler_host: "127.0.0.1" msf_reverse_handler_port: "443" - powershell_handler_url: "/ps" \ No newline at end of file + powershell_handler_url: "/ps" diff --git a/extensions/social_engineering/mass_mailer/mass_mailer.rb b/extensions/social_engineering/mass_mailer/mass_mailer.rb index 973232594..300023836 100644 --- a/extensions/social_engineering/mass_mailer/mass_mailer.rb +++ b/extensions/social_engineering/mass_mailer/mass_mailer.rb @@ -31,7 +31,9 @@ module BeEF # create new SSL context and disable CA chain validation if @config.get("#{@config_prefix}.use_tls") @ctx = OpenSSL::SSL::SSLContext.new - @ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE # In case the SMTP server uses a self-signed cert, we proceed anyway + if not @config.get("#{@config_prefix}.verify_ssl") + @ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE # In case the SMTP server uses a self-signed cert, we proceed anyway + end @ctx.ssl_version = "TLSv1" end diff --git a/extensions/social_engineering/web_cloner/web_cloner.rb b/extensions/social_engineering/web_cloner/web_cloner.rb index 7fd7f234a..e56798820 100644 --- a/extensions/social_engineering/web_cloner/web_cloner.rb +++ b/extensions/social_engineering/web_cloner/web_cloner.rb @@ -39,7 +39,11 @@ module BeEF # if use_existing.nil? || use_existing == false begin #,"--background" - IO.popen(["wget", "#{url}", "-c", "-k", "-O", "#{@cloned_pages_dir + output}", "-U", "#{user_agent}", "--no-check-certificate"], 'r+') do |wget_io| + verify_ssl_arg = nil + if not @config.get('beef.extension.social_engineering.web_cloner.verify_ssl') + verify_ssl_arg = "--no-check-certificate" + end + IO.popen(["wget", "#{url}", "-c", "-k", "-O", "#{@cloned_pages_dir + output}", "-U", "#{user_agent}", verify_ssl_arg], 'r+') do |wget_io| end success = true rescue Errno::ENOENT => e @@ -170,7 +174,9 @@ module BeEF http = Net::HTTP.new(uri.host, uri.port) if uri.scheme == "https" http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_NONE + if not @config.get('beef.extension.social_engineering.web_cloner.verify_ssl') + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + end end request = Net::HTTP::Get.new(uri.request_uri) response = http.request(request) diff --git a/test/integration/tc_social_engineering_rest.rb b/test/integration/tc_social_engineering_rest.rb index 4a92933f0..824dbd32f 100644 --- a/test/integration/tc_social_engineering_rest.rb +++ b/test/integration/tc_social_engineering_rest.rb @@ -50,7 +50,7 @@ class TC_SocialEngineeringRest < Test::Unit::TestCase json = {:url => url, :mount => mount, :dns_spoof => dns_spoof}.to_json - domain = url.gsub(%r{^http://}, '') + domain = url.gsub(%r{^https?://}, '') response = RestClient.post("#{RESTAPI_SENG}/clone_page?token=#{@@token}", json,