Fixed a bug in the tunneling proxy (missing \r\n in some specific conditions when HTTP version is HTTP/1.1)

2015-02-08 13:39:04 +01:00
parent add6059a8c
commit bf0f59e5d0
3 changed files with 8 additions and 9 deletions
--- a/config.yaml
+++ b/config.yaml
@@ -10,7 +10,7 @@ beef:
    # More verbose messages (server-side)
    debug: false
    # More verbose messages (client-side)
-    client_debug: true
+    client_debug: false
    # Used for generating secure tokens
    crypto_default_value_length: 80

--- a/extensions/proxy/proxy.rb
+++ b/extensions/proxy/proxy.rb
@@ -61,19 +61,20 @@ module BeEF

          # HTTP version # defaults to 1.0
          version = request_line[/HTTP\/(1\.\d)\s*$/, 1]
-          version = "1.0" if version.nil?
+          version = "HTTP/1.0" if version.nil?

          # url # host:port/path
          url = url_prefix + request_line[/^\w+\s+(\S+)/, 1]

          # We're overwriting the URI::Parser UNRESERVED regex to prevent BAD URI errors when sending attack vectors (see tolerant_parser)
+          # anti: somehow the config below was removed, have a look into this
          tolerant_parser = URI::Parser.new(:UNRESERVED => BeEF::Core::Configuration.instance.get("beef.extension.requester.uri_unreserved_chars"))
          uri = tolerant_parser.parse(url.to_s)

          method, path, version = request_line.split(" ")
          path = url_prefix + path
          # extensions/requester/api/hook.rb parses raw_request to find port and path
-          raw_request = [method, path, version].join(" ")
+          raw_request = [method, path, version].join(" ") + "\r\n"
          content_length = 0

          loop do
@@ -158,7 +159,7 @@ module BeEF
            end
          end

-          res = "HTTP/#{version} #{response_status}\r\n#{response_headers}\r\n\r\n#{response_body}"
+          res = "#{version} #{response_status}\r\n#{response_headers}\r\n\r\n#{response_body}"
          socket.write(res)
          socket.close
        end
--- a/extensions/requester/api/hook.rb
+++ b/extensions/requester/api/hook.rb
@@ -71,17 +71,15 @@ module BeEF

            req_parts = http_db_object.request.split(/  |\n/)

+            @host = http_db_object.domain
+            @port = http_db_object.port
+
            #@note: retrieve HTTP headers values needed later, and the \r\n that indicates the start of the post-data (if any)
            req_parts.each_with_index do |value, index|
              if value.match(/^Content-Length:\s+(\d+)/)
                 @content_length = Integer(req_parts[index].split(/:\s+/)[1])
              end

-              if value.match(/^Host/)
-                 @host = req_parts[index].split(/:\s+/)[1].split(/:/)[0]
-                 @port = req_parts[index].split(/:\s+/)[1].split(/:/)[1]
-              end
-
              if value.eql?("") or value.strip.empty? # this will be the CRLF (before HTTP request body)
                @post_data_index = index
              end