From b89fbd9268f08abbaec580ee37cbae7fdf38b0f5 Mon Sep 17 00:00:00 2001 From: Ben Passmore Date: Sat, 30 Nov 2019 15:21:11 +1000 Subject: [PATCH] Updated requester for AR --- extensions/requester/api/hook.rb | 2 +- extensions/requester/handler.rb | 4 +- extensions/requester/models/http.rb | 60 ++------------------------ extensions/requester/rest/requester.rb | 10 ++--- 4 files changed, 12 insertions(+), 64 deletions(-) diff --git a/extensions/requester/api/hook.rb b/extensions/requester/api/hook.rb index 2e6d45fbd..1a6757420 100644 --- a/extensions/requester/api/hook.rb +++ b/extensions/requester/api/hook.rb @@ -20,7 +20,7 @@ module BeEF @body = body # Generate all the requests and output them to the hooked browser output = [] - BeEF::Core::Models::Http.all(:hooked_browser_id => hb.session, :has_ran => "waiting").each { |h| + BeEF::Core::Models::Http.where(:hooked_browser_id => hb.session, :has_ran => "waiting").each { |h| output << self.requester_parse_db_request(h) } diff --git a/extensions/requester/handler.rb b/extensions/requester/handler.rb index 88a822273..696899f74 100644 --- a/extensions/requester/handler.rb +++ b/extensions/requester/handler.rb @@ -41,11 +41,11 @@ module BeEF end # validates that a hooked browser with the beef_hook token exists in the db - zombie_db = Z.first(:session => beef_hook) || nil + zombie_db = Z.where(:session => beef_hook).first || nil (print_error "Invalid beefhook id: the hooked browser cannot be found in the database";return) if zombie_db.nil? # validates that we have such a http request saved in the db - http_db = H.first(:id => request_id.to_i, :hooked_browser_id => zombie_db.session) || nil + http_db = H.where(:id => request_id.to_i, :hooked_browser_id => zombie_db.session).first || nil if http_db.nil? print_error "Invalid http_db: no such request found in the database" return diff --git a/extensions/requester/models/http.rb b/extensions/requester/models/http.rb index 127c97f34..4df745abf 100644 --- a/extensions/requester/models/http.rb +++ b/extensions/requester/models/http.rb @@ -9,66 +9,14 @@ module Models # # Table stores the http requests and responses from the requester. # - class Http < ActiveRecord::Base - attribute :id, :Serial - - # The hooked browser id - attribute :hooked_browser_id, :Text, :lazy => false - - # The http request to perform. In clear text. - attribute :request, :Text, :lazy => true - - # Boolean value as string to say whether cross-domain requests are allowed - attribute :allow_cross_domain, :Text, :lazy => false, :default => "true" - - # The http response body received. In clear text. - attribute :response_data, :Binary, :lazy => true, :length => 2097152 - - # The http response code. Useful to handle cases like 404, 500, 302, ... - attribute :response_status_code, :Integer, :lazy => true - - # The http response code. Human-readable code: success, error, ecc.. - attribute :response_status_text, :Text, :lazy => true - - # The port status. closed, open or not http - attribute :response_port_status, :Text, :lazy => true - - # The XHR Http response raw headers - attribute :response_headers, :Text, :lazy => true - - # The http response method. GET or POST. - attribute :method, :Text, :lazy => false - - # The content length for the request. - attribute :content_length, :Text, :lazy => false, :default => 0 - - # The request protocol/scheme (http/https) - attribute :proto, :Text, :lazy => false - - # The domain on which perform the request. - attribute :domain, :Text, :lazy => false - - # The port on which perform the request. - attribute :port, :Text, :lazy => false - - # Boolean value to say if the request was cross-domain - attribute :has_ran, :Text, :lazy => false, :default => "waiting" - - # The path of the request. - # Example: /secret.html - attribute :path, :Text, :lazy => false - - # The date at which the http response has been saved. - attribute :response_date, :DateTime, :lazy => false - - # The date at which the http request has been saved. - attribute :request_date, :DateTime, :lazy => false - + class Http < BeEF::Core::Model + + # # Removes a request/response from the data store # def self.delete(id) (print_error "Failed to remove response. Invalid response ID."; return) if id.to_s !~ /\A\d+\z/ - r = BeEF::Core::Models::Http.get(id.to_i) + r = BeEF::Core::Models::Http.find(id.to_i) (print_error "Failed to remove response [id: #{id}]. Response does not exist."; return) if r.nil? r.destroy end diff --git a/extensions/requester/rest/requester.rb b/extensions/requester/rest/requester.rb index 8d3fb5601..6343ed8b9 100644 --- a/extensions/requester/rest/requester.rb +++ b/extensions/requester/rest/requester.rb @@ -33,7 +33,7 @@ module BeEF id = params[:id] raise InvalidParamError, 'id' unless BeEF::Filters::nums_only?(id) - requests = H.all(:id => id) + requests = H.find(id) halt 404 if requests.nil? result = {} @@ -59,7 +59,7 @@ module BeEF id = params[:id] raise InvalidParamError, 'id' unless BeEF::Filters.is_valid_hook_session_id?(id) - requests = H.all(:hooked_browser_id => id) + requests = H.where(:hooked_browser_id => id) halt 404 if requests.nil? result = {} @@ -85,7 +85,7 @@ module BeEF id = params[:id] raise InvalidParamError, 'id' unless BeEF::Filters::nums_only?(id) - responses = H.first(:id => id) || nil + responses = H.find(id) || nil halt 404 if responses.nil? result = {} @@ -108,7 +108,7 @@ module BeEF id = params[:id] raise InvalidParamError, 'id' unless BeEF::Filters::nums_only?(id) - responses = H.first(:id => id) || nil + responses = H.find(id) || nil halt 404 if responses.nil? result = {} @@ -130,7 +130,7 @@ module BeEF proto = params[:proto].to_s || 'http' raw_request = params['raw_request'].to_s - zombie = HB.first(:session => id) || nil + zombie = HB.where(:session => id).first || nil halt 404 if zombie.nil?