Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix origin / domain terminology (#1688)

Browse Source
This commit is contained in:
zinduolis
2024-10-23 16:07:17 +10:00
parent 89ed6cce8e
commit a5a8196792
173 changed files with 571 additions and 643 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/main/ar-migrations/015_create_http.rb
View File

@@ -4,8 +4,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :hooked_browser_id
# The http request to perform. In clear text.
t.text :request
# Boolean value as string to say whether cross-domain requests are allowed
t.boolean :allow_cross_domain, default: true
# Boolean value as string to say whether cross-origin requests are allowed
t.boolean :allow_cross_origin, default: true
# The http response body received. In clear text.
t.text :response_data
# The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :domain
# The port on which perform the request.
t.text :port
# Boolean value to say if the request was cross-domain
# Boolean value to say if the request was cross-origin
t.text :has_ran, default: 'waiting'
# The path of the request.
# Example: /secret.html

2
core/main/ar-migrations/025_create_xssrays_scan.rb
View File

@@ -5,7 +5,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
t.datetime :scan_start
t.datetime :scan_finish
t.text :domain
t.text :cross_domain
t.text :cross_origin
t.integer :clean_timeout
t.boolean :is_started
t.boolean :is_finished

4
core/main/client/lib/evercookie.js
View File

@@ -31,7 +31,7 @@
* for example, if someone deletes all but one type of cookie, once
* that cookie is re-discovered, all of the other cookie types get reset
*
* !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
* !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
* OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
*
* USAGE:
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};

2
core/main/client/mitb.js
View File

@@ -38,7 +38,7 @@ beef.mitb = {
if (method == "GET") {
//GET request -> cross-origin
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
window.open(url);
}else { //GET request -> same-origin
beef.mitb.sniff("GET [Ajax Request]: " + url);

48
core/main/client/net.js
View File

@@ -74,7 +74,7 @@ beef.net = {
this.status_text = null; // success, timeout, error, ...
this.response_body = null; // "<html>…." if not a cross-origin request
this.port_status = null; // tcp port is open, closed or not http
this.was_cross_domain = null; // true or false
this.was_cross_origin = null; // true or false
this.was_timedout = null; // the user specified timeout was reached
this.duration = null; // how long it took for the request to complete
this.headers = null; // full response headers
@@ -217,11 +217,11 @@ beef.net = {
* @return {Object} this object contains the response details
*/
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain
var cross_domain = true;
//check if same origin or cross origin
var cross_origin = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443");
cross_origin = !(port == "80" || port == "443");
}
}
@@ -238,12 +238,12 @@ beef.net = {
//define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
response.was_cross_origin = cross_origin;
var start_time = new Date().getTime();
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
* This will turn POSTs into GETs for cross origin requests.
*/
if (method == "POST") {
$j.ajaxSetup({
@@ -310,7 +310,7 @@ beef.net = {
/**
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback
* - allowCrossDomain: set cross-domain requests as allowed or blocked
* - allowCrossOrigin: set cross-origin requests as allowed or blocked
*
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
* Example usage:
@@ -318,20 +318,20 @@ beef.net = {
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
* alert(response.response_body)})
*/
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
if (domain == "undefined" || path == "undefined") {
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
return;
}
// check if same domain or cross domain
var cross_domain = true;
// check if same origin or cross origin
var cross_origin = true;
if (document.domain == domain && document.location.protocol == scheme + ':') {
if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443");
cross_origin = !(port == "80" || port == "443");
} else {
if (document.location.port == port) cross_domain = false;
if (document.location.port == port) cross_origin = false;
}
}
@@ -348,23 +348,23 @@ beef.net = {
// define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
response.was_cross_origin = cross_origin;
var start_time = new Date().getTime();
// if cross-domain requests are not allowed and the request is cross-domain
// if cross-origin requests are not allowed and the request is cross-origin
// don't proceed and return
if (allowCrossDomain == "false" && cross_domain) {
if (allowCrossOrigin == "false" && cross_origin) {
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
response.status_code = -1;
response.status_text = "crossdomain";
response.port_status = "crossdomain";
response.status_text = "crossorigin";
response.port_status = "crossorigin";
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
if (callback != null) callback(response, requestid);
return response;
}
// if the request was cross-domain from a HTTPS origin to HTTP
// if the request was cross-origin from a HTTPS origin to HTTP
// don't proceed and return
if (document.location.protocol == 'https:' && scheme == 'http') {
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -379,7 +379,7 @@ beef.net = {
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
* This will turn POSTs into GETs for cross origin requests.
*/
if (method == "POST") {
$j.ajaxSetup({
@@ -432,10 +432,10 @@ beef.net = {
},
complete: function (xhr, textStatus) {
// cross-domain request
if (cross_domain) {
// cross-origin request
if (cross_origin) {
response.port_status = "crossdomain";
response.port_status = "crossorigin";
if (xhr.status != 0) {
response.status_code = xhr.status;
@@ -446,7 +446,7 @@ beef.net = {
if (textStatus) {
response.status_text = textStatus;
} else {
response.status_text = "crossdomain";
response.status_text = "crossorigin";
}
if (xhr.getAllResponseHeaders()) {
@@ -460,7 +460,7 @@ beef.net = {
}
} else {
// same-domain request
// same-origin request
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();

2
core/main/client/net/requester.js
View File

@@ -25,7 +25,7 @@ beef.net.requester = {
request = requests_array[i];
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body,
response_status_code: res.status_code,

4
core/main/client/net/xssrays.js
View File

@@ -171,7 +171,7 @@ beef.net.xssrays = {
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
search:url.search, type: 'url'});//scan each link & param
} else {
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString());
beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
beef.debug('\nlocation :' + location.hostname.toString());
}
}
@@ -251,7 +251,7 @@ beef.net.xssrays = {
continue;
}
if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
beef.debug('location :' + this.host(location));
continue;
}

2
core/main/configuration.rb
View File

@@ -256,7 +256,7 @@ module BeEF
#
def load_modules_config
set('beef.module', {})
# support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
# support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
Dir.glob(module_configs) do |cf|
y = load(cf)

2
core/main/handlers/browserdetails.rb
View File

@@ -547,7 +547,7 @@ module BeEF
end
# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]"
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"
# add localhost as network host
if config.get('beef.extension.network.enable')

6
core/main/router/router.rb
View File

@@ -27,9 +27,9 @@ module BeEF
# @note If CORS is enabled, expose the appropriate headers
if config.get('beef.http.restful_api.allow_cors')
allowed_domains = config.get('beef.http.restful_api.cors_allowed_domains')
if allowed_domains
headers 'Access-Control-Allow-Origin' => allowed_domains
allowed_origins = config.get('beef.http.restful_api.cors_allowed_origins')
if allowed_origins
headers 'Access-Control-Allow-Origin' => allowed_origins
end
headers 'Access-Control-Allow-Methods' => 'POST, GET'