Various fixes for the DNS extension code.

Gemfile

@@ -31,7 +31,7 @@ gem "parseconfig"
 gem "erubis"
 gem "dm-migrations"
 gem "msfrpc-client"
-gem "rubyzip", "~> 1.0.0"
+gem "rubyzip", ">= 1.0.0"
 gem "rubydns"
 gem "sourcify"
 

config.yaml

@@ -8,7 +8,7 @@
 beef:
     version: '0.4.5.0-alpha'
     # More verbose messages (server-side)
-    debug: false
+    debug: true
     # More verbose messages (client-side)
     client_debug: false
 
@@ -120,5 +120,6 @@ beef:
                 enable: false
         ipec:
             enable: true
+        # this is still experimental, we're working on it..
         dns:
             enable: false

extensions/dns/config.yaml

@@ -6,7 +6,7 @@
 beef:
     extension:
         dns:
-            enable: true
+            enable: false
             name: 'DNS Server'
             authors: ['soh_cah_toa']
             address: '127.0.0.1'

extensions/dns/extension.rb

@@ -18,8 +18,9 @@ module BeEF
   end
 end
 
-require 'extensions/dns/api'
-require 'extensions/dns/dns'
-require 'extensions/dns/model'
-require 'extensions/dns/rest/dns'
-require 'extensions/dns/ruby'
+#TODO antisnatchor: uncomment this when code will be stable
+#require 'extensions/dns/api'
+#require 'extensions/dns/dns'
+#require 'extensions/dns/model'
+#require 'extensions/dns/rest/dns'
+#require 'extensions/dns/ruby'

extensions/dns/rest/dns.rb

@@ -90,10 +90,10 @@ module BeEF
 
               if response.class == Array
                 if response.length == 0
-                  raise InvalidJsonError, 'Empty "reponse" key passed to endpoint /api/dns/rule'
+                  raise InvalidJsonError, 'Empty "response" key passed to endpoint /api/dns/rule'
                 end
               else
-                raise InvalidJsonError, 'Non-array "reponse" key passed to endpoint /api/dns/rule'
+                raise InvalidJsonError, 'Non-array "response" key passed to endpoint /api/dns/rule'
               end
 
               unless BeEF::Filters.is_non_empty_string?(pattern)

extensions/dns/ruby/rubydns.rb

@@ -60,6 +60,7 @@ module RubyDNS
       BeEF::Core::Models::Dns::Rule.each do |rule|
         id = rule.id
         pattern = [rule.pattern, rule.type]
+        #TODO antisnatchor: potentially unsafe (although input is from data already stored in the databse)
         block = eval rule.block
 
         regex = pattern[0]
@@ -98,6 +99,7 @@ module RubyDNS
 
           case block
             when String
+              #TODO antisnatchor: potentially unsafe (make sure block_src is safe or change this logic)
               @rules << Rule.new(id, pattern, eval(block_src))
             when Proc
               @rules << Rule.new(id, pattern, block)

test/integration/tc_dns_rest.rb

@@ -381,6 +381,7 @@ class TC_DnsRest < Test::Unit::TestCase
     address = @@config.get('beef.extension.dns.address')
     port = @@config.get('beef.extension.dns.port')
 
+    #TODO antisnatchor: dangerous, replace with IO.open([param_array]) as in web_cloner.rb
     dig_output = `dig @#{address} -p #{port} -t #{type} #{pattern}`
     assert_match(regex, dig_output)
   end

test/integration/ts_integration.rb

@@ -16,7 +16,7 @@ require './check_environment' # Basic log in and log out tests
 require './tc_debug_modules' # RESTful API tests (as well as debug modules)
 require './tc_login' # Basic log in and log out tests
 require './tc_jools' # Basic tests for jools
-require './tc_dns_rest' # Basic tests for DNS RESTful API interface
+                            #require './tc_dns_rest' # Basic tests for DNS RESTful API interface
 require './tc_social_engineering_rest' # Basic tests for social engineering RESTful API interface
 
 class TS_BeefIntegrationTests
@@ -27,7 +27,7 @@ class TS_BeefIntegrationTests
     suite << TC_login.suite
     suite << TC_DebugModules.suite
     suite << TC_Jools.suite
-    suite << TC_DnsRest.suite
+    #suite << TC_DnsRest.suite
     suite << TC_SocialEngineeringRest.suite
 
     return suite