From b1de14dcf12d69c150b13a781da68f13eb4af3d1 Mon Sep 17 00:00:00 2001
From: "bcoles@gmail.com"
 <bcoles@gmail.com@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Fri, 19 Aug 2011 09:24:31 +0000
Subject: [PATCH] Added HEAD, OPTIONS, PUT and DELETE methods

	Fixes issue 356

Added HTTP request validation to proxy extension

	Fixes issue 429



git-svn-id: https://beef.googlecode.com/svn/trunk@1212 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 .../controllers/requester/requester.rb        |  4 ++--
 extensions/proxy/handlers/zombie/handler.rb   | 21 ++++++++++++++++++-
 extensions/requester/filters.rb               |  6 ++++--
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/extensions/admin_ui/controllers/requester/requester.rb b/extensions/admin_ui/controllers/requester/requester.rb
index 4af1e7138..7158a86f3 100644
--- a/extensions/admin_ui/controllers/requester/requester.rb
+++ b/extensions/admin_ui/controllers/requester/requester.rb
@@ -59,13 +59,13 @@ class Requester < BeEF::Extension::AdminUI::HttpController
     # validate that the raw request is correct and can be used
     req_parts = raw_request.split(/ |\n/) # break up the request
     verb = req_parts[0]
-    raise 'Only GET or POST requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
+    raise 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
     uri = req_parts[1]
     raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
     version = req_parts[2]
     raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
     host_str = req_parts[3]
-    raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
+    raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
     host = req_parts[4]
     host_parts = host.split(/:/)
     hostname = host_parts[0]
diff --git a/extensions/proxy/handlers/zombie/handler.rb b/extensions/proxy/handlers/zombie/handler.rb
index 279d38125..acb48675d 100644
--- a/extensions/proxy/handlers/zombie/handler.rb
+++ b/extensions/proxy/handlers/zombie/handler.rb
@@ -30,6 +30,25 @@ module Zombie
     # will be sent back.
     def forward_request(hooked_browser_id, req, res)
 
+      # validate that the raw request is correct and can be used
+      req_parts = req.to_s.split(/ |\n/) # break up the request
+      verb = req_parts[0]
+      raise 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
+      uri = req_parts[1]
+      raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
+      version = req_parts[2]
+      raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
+      host_str = req_parts[3]
+      raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
+      host = req_parts[4]
+      host_parts = host.split(/:/)
+      hostname = host_parts[0]
+      raise 'Invalid hostname' if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
+      hostport = host_parts[1] || nil
+      if !hostport.nil?
+          raise 'Invalid hostport' if not BeEF::Filters.nums_only?(hostport) #check the target hostport
+      end
+
       # Append port to domain string if not 80 or 443
       if req.port != 80 or req.port != 443
         domain = req.host.to_s + ':' + req.port.to_s
@@ -104,4 +123,4 @@ end
 end
 end
 end
-end
\ No newline at end of file
+end
diff --git a/extensions/requester/filters.rb b/extensions/requester/filters.rb
index 240d7aa84..b0498ae4d 100644
--- a/extensions/requester/filters.rb
+++ b/extensions/requester/filters.rb
@@ -18,17 +18,19 @@ module BeEF
   module Filters
     
     def self.is_valid_verb?(verb)
-      return true if verb.eql? 'GET' or verb.eql? 'POST'
+      ["HEAD", "GET", "POST", "OPTIONS", "PUT", "DELETE"].each {|v| return true if verb.eql? v }
       false
     end
 
     def self.is_valid_url?(uri)
+      # OPTIONS * is not yet supported
+      # return true if uri.eql? "*"
       return true if uri.eql? WEBrick::HTTPUtils.normalize_path(uri)
       false
     end
 
     def self.is_valid_http_version?(version)
-      return true if version.eql? "HTTP/1.1" or trailer.eql? "HTTP/1.0"
+      return true if version.eql? "HTTP/1.1" or version.eql? "HTTP/1.0"
       false
     end