From b4cb58346e69b610f3c53f7e2ee5b6d44f3c7ebc Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Mon, 29 Aug 2011 09:18:24 +0000
Subject: [PATCH] Fixed proxy: the new filters where causing problems. Removed
 all of them except the method and version checks.

git-svn-id: https://beef.googlecode.com/svn/trunk@1240 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 .../controllers/requester/requester.rb        |  4 +--
 extensions/proxy/handlers/zombie/handler.rb   | 29 ++++++++++---------
 extensions/requester/filters.rb               |  8 +++--
 3 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/extensions/admin_ui/controllers/requester/requester.rb b/extensions/admin_ui/controllers/requester/requester.rb
index 8f8475a5b..3c9ed06de 100644
--- a/extensions/admin_ui/controllers/requester/requester.rb
+++ b/extensions/admin_ui/controllers/requester/requester.rb
@@ -120,7 +120,7 @@ class Requester < BeEF::Extension::AdminUI::HttpController
       history << {
         'id'      => http.id,
         'domain'  => http.domain,
-	'port'    => http.port,
+	      'port'    => http.port,
         'path'    => http.path,
         'has_ran' => http.has_ran,
         'method'  => http.method,
@@ -128,7 +128,7 @@ class Requester < BeEF::Extension::AdminUI::HttpController
         'response_date'    => http.response_date,
         'response_status_code'    => http.response_status_code,
         'response_status_text'    => http.response_status_text,
-	'response_port_status'    => http.response_port_status
+	      'response_port_status'    => http.response_port_status
       }
     }
     
diff --git a/extensions/proxy/handlers/zombie/handler.rb b/extensions/proxy/handlers/zombie/handler.rb
index ef0e95fbb..006a3b821 100644
--- a/extensions/proxy/handlers/zombie/handler.rb
+++ b/extensions/proxy/handlers/zombie/handler.rb
@@ -34,20 +34,23 @@ module Zombie
       req_parts = req.to_s.split(/ |\n/) # break up the request
       verb = req_parts[0]
       raise 'Only HEAD, GET, POST, OPTIONS, PUT or DELETE requests are supported' if not BeEF::Filters.is_valid_verb?(verb) #check verb
-      uri = req_parts[1]
-      raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
+      # antisnatchor: is_valid_url supposes that the uri is relative, while here we're passing an absolute one
+      #uri = req_parts[1]
+      #raise 'Invalid URI' if not BeEF::Filters.is_valid_url?(uri) #check uri
       version = req_parts[2]
       raise 'Invalid HTTP version' if not BeEF::Filters.is_valid_http_version?(version) # check http version - HTTP/1.0
-      host_str = req_parts[3]
-      raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
-      host = req_parts[4]
-      host_parts = host.split(/:/)
-      hostname = host_parts[0]
-      raise 'Invalid hostname' if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
-      hostport = host_parts[1] || nil
-      if !hostport.nil?
-          raise 'Invalid hostport' if not BeEF::Filters.nums_only?(hostport) #check the target hostport
-      end
+      # antisnatchor: the following checks are wrong. the req_parts array can always contains elements at different postions.
+      # for example proxying Opera, the req_parts[3] is the User-Agent header...
+#      host_str = req_parts[3]
+#      raise 'Invalid HTTP host header' if not BeEF::Filters.is_valid_host_str?(host_str) # check host string - Host:
+#      host = req_parts[4]
+#      host_parts = host.split(/:/)
+#      hostname = host_parts[0]
+#      raise 'Invalid hostname' if not BeEF::Filters.is_valid_hostname?(hostname) #check the target hostname
+#      hostport = host_parts[1] || nil
+#      if !hostport.nil?
+#          raise 'Invalid hostport' if not BeEF::Filters.nums_only?(hostport) #check the target hostport
+#      end
 
       # Saves the new HTTP request to the db for processing by browser.
       # IDs are created and incremented automatically by DataMapper.
@@ -55,7 +58,7 @@ module Zombie
         :request => req,
         :method => req.request_method.to_s,
         :domain => req.host,
-	:port => req.port,
+	      :port => req.port,
         :path => req.path.to_s,
         :request_date => Time.now,
         :hooked_browser_id => hooked_browser_id
diff --git a/extensions/requester/filters.rb b/extensions/requester/filters.rb
index b0498ae4d..12ffb4916 100644
--- a/extensions/requester/filters.rb
+++ b/extensions/requester/filters.rb
@@ -30,12 +30,16 @@ module BeEF
     end
 
     def self.is_valid_http_version?(version)
-      return true if version.eql? "HTTP/1.1" or version.eql? "HTTP/1.0"
+      # from browsers the http version contains a space at the end ("HTTP/1.0\r")
+      version.gsub!(/[\r]+/,"")
+      return true if "HTTP/1.1".eql?(version) or "HTTP/1.0".eql?(version)
       false
     end
 
     def self.is_valid_host_str?(host_str)
-      return true if host_str.eql? "Host:"
+      # from browsers the host header contains a space at the end
+      host_str.gsub!(/[\r]+/,"")
+      return true if "Host:".eql?(host_str)
       false
     end