Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed proxy: the new filters where causing problems. Removed all of them except the method and version checks.

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1240 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor
2011-08-29 09:18:24 +00:00
parent ed8a0a4ca2
commit b4cb58346e
3 changed files with 24 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extensions/admin_ui/controllers/requester/requester.rb
View File

@@ -120,7 +120,7 @@ class Requester < BeEF::Extension::AdminUI::HttpController
history << {
'id' => http.id,
'domain' => http.domain,
'port' => http.port,
'port' => http.port,
'path' => http.path,
'has_ran' => http.has_ran,
'method' => http.method,
@@ -128,7 +128,7 @@ class Requester < BeEF::Extension::AdminUI::HttpController
'response_date' => http.response_date,
'response_status_code' => http.response_status_code,
'response_status_text' => http.response_status_text,
'response_port_status' => http.response_port_status
'response_port_status' => http.response_port_status
}
}

29
extensions/proxy/handlers/zombie/handler.rb
View File

@@ -34,20 +34,23 @@ module Zombie
req_parts = req.to_s.split(/ |\n/) # break up the request
verb = req_parts[0]
raise 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
uri = req_parts[1]
raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
# antisnatchor: is_valid_url supposes that the uri is relative, while here we're passing an absolute one
#uri = req_parts[1]
#raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
version = req_parts[2]
raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
host_str = req_parts[3]
raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
host = req_parts[4]
host_parts = host.split(/:/)
hostname = host_parts[0]
raise 'Invalid hostname' if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
hostport = host_parts[1] || nil
if !hostport.nil?
raise 'Invalid hostport' if not BeEF::Filters.nums_only?(hostport) #check the target hostport
end
# antisnatchor: the following checks are wrong. the req_parts array can always contains elements at different postions.
# for example proxying Opera, the req_parts[3] is the User-Agent header...
# host_str = req_parts[3]
# raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
# host = req_parts[4]
# host_parts = host.split(/:/)
# hostname = host_parts[0]
# raise 'Invalid hostname' if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
# hostport = host_parts[1] || nil
# if !hostport.nil?
# raise 'Invalid hostport' if not BeEF::Filters.nums_only?(hostport) #check the target hostport
# end
# Saves the new HTTP request to the db for processing by browser.
# IDs are created and incremented automatically by DataMapper.
@@ -55,7 +58,7 @@ module Zombie
:request => req,
:method => req.request_method.to_s,
:domain => req.host,
:port => req.port,
:port => req.port,
:path => req.path.to_s,
:request_date => Time.now,
:hooked_browser_id => hooked_browser_id

8
extensions/requester/filters.rb
View File

@@ -30,12 +30,16 @@ module BeEF
end
def self.is_valid_http_version?(version)
return true if version.eql? "HTTP/1.1" or version.eql? "HTTP/1.0"
# from browsers the http version contains a space at the end ("HTTP/1.0\r")
version.gsub!(/[\r]+/,"")
return true if "HTTP/1.1".eql?(version) or "HTTP/1.0".eql?(version)
false
end
def self.is_valid_host_str?(host_str)
return true if host_str.eql? "Host:"
# from browsers the host header contains a space at the end
host_str.gsub!(/[\r]+/,"")
return true if "Host:".eql?(host_str)
false
end