Added HEAD, OPTIONS, PUT and DELETE methods

Fixes issue 356 Added HTTP request validation to proxy extension Fixes issue 429 git-svn-id: https://beef.googlecode.com/svn/trunk@1212 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-08-19 09:24:31 +00:00
parent a0ba7fa7fc
commit b1de14dcf1
3 changed files with 26 additions and 5 deletions
--- a/extensions/admin_ui/controllers/requester/requester.rb
+++ b/extensions/admin_ui/controllers/requester/requester.rb
@@ -59,13 +59,13 @@ class Requester < BeEF::Extension::AdminUI::HttpController
    # validate that the raw request is correct and can be used
    req_parts = raw_request.split(/ |\n/) # break up the request
    verb = req_parts[0]
-    raise 'Only GET or POST requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
+    raise 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
    uri = req_parts[1]
    raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
    version = req_parts[2]
    raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
    host_str = req_parts[3]
-    raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
+    raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
    host = req_parts[4]
    host_parts = host.split(/:/)
    hostname = host_parts[0]
--- a/extensions/proxy/handlers/zombie/handler.rb
+++ b/extensions/proxy/handlers/zombie/handler.rb
@@ -30,6 +30,25 @@ module Zombie
    # will be sent back.
    def forward_request(hooked_browser_id, req, res)

+      # validate that the raw request is correct and can be used
+      req_parts = req.to_s.split(/ |\n/) # break up the request
+      verb = req_parts[0]
+      raise 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
+      uri = req_parts[1]
+      raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
+      version = req_parts[2]
+      raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
+      host_str = req_parts[3]
+      raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
+      host = req_parts[4]
+      host_parts = host.split(/:/)
+      hostname = host_parts[0]
+      raise 'Invalid hostname' if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
+      hostport = host_parts[1] || nil
+      if !hostport.nil?
+          raise 'Invalid hostport' if not BeEF::Filters.nums_only?(hostport) #check the target hostport
+      end
+
      # Append port to domain string if not 80 or 443
      if req.port != 80 or req.port != 443
        domain = req.host.to_s + ':' + req.port.to_s
@@ -104,4 +123,4 @@ end
 end
 end
 end
-end
+end
--- a/extensions/requester/filters.rb
+++ b/extensions/requester/filters.rb
@@ -18,17 +18,19 @@ module BeEF
  module Filters
    
    def self.is_valid_verb?(verb)
-      return true if verb.eql? 'GET' or verb.eql? 'POST'
+      ["HEAD", "GET", "POST", "OPTIONS", "PUT", "DELETE"].each {|v| return true if verb.eql? v }
      false
    end

    def self.is_valid_url?(uri)
+      # OPTIONS * is not yet supported
+      # return true if uri.eql? "*"
      return true if uri.eql? WEBrick::HTTPUtils.normalize_path(uri)
      false
    end

    def self.is_valid_http_version?(version)
-      return true if version.eql? "HTTP/1.1" or trailer.eql? "HTTP/1.0"
+      return true if version.eql? "HTTP/1.1" or version.eql? "HTTP/1.0"
      false
    end