Improved proxy error handling. Fixes issue #92.

The proxy now dies somewhat gracefully when given a malformed request. The `Content-Length' header is now only matched by the parser if its value is an integer. A request with a null or missing HTTP version in the header now defaults to HTTP/1.0 A request with a null or missing `Host' header returns: `ERROR: CrossDomain Request. The request was not sent.' regardless of whether the host is specified in the URL.
2012-02-19 03:33:46 +10:30
parent d50b07ac56
commit cda1659356
2 changed files with 15 additions and 9 deletions
--- a/extensions/proxy/proxy.rb
+++ b/extensions/proxy/proxy.rb
@@ -37,13 +37,19 @@ module BeEF
        def handle_request socket
          request_line = socket.readline

+          # HTTP method # defaults to GET
          method = request_line[/^\w+/]
-          url = request_line[/^\w+\s+(\S+)/, 1]
+
+          # HTTP version # defaults to 1.0
          version = request_line[/HTTP\/(1\.\d)\s*$/, 1]
+          version = "1.0" if version.nil?
+
+          # url # host:port/path
+          url = request_line[/^\w+\s+(\S+)/, 1]

          # We're overwriting the URI::Parser UNRESERVED regex to prevent BAD URI errors when sending attack vectors (see tolerant_parser)
          tolerant_parser = URI::Parser.new(:UNRESERVED => BeEF::Core::Configuration.instance.get("beef.extension.requester.uri_unreserved_chars"))
-          uri = tolerant_parser.parse(url)
+          uri = tolerant_parser.parse(url.to_s)

          raw_request = request_line
          content_length = 0
--- a/extensions/requester/api/hook.rb
+++ b/extensions/requester/api/hook.rb
@@ -65,16 +65,16 @@ module BeEF

            #@note: retrieve HTTP headers values needed later, and the \r\n that indicates the start of the post-data (if any)
            req_parts.each_with_index do |value, index|
-              if value.match(/^Content-Length/)
-                 @content_length = Integer(req_parts[index].split(/: /)[1])
+              if value.match(/^Content-Length:\s+(\d+)/)
+                 @content_length = Integer(req_parts[index].split(/:\s+/)[1])
              end

              if value.match(/^Host/)
-                 @host = req_parts[index].split(/: /)[1].split(/:/)[0]
-                 @port = req_parts[index].split(/: /)[1].split(/:/)[1]
+                 @host = req_parts[index].split(/:\s+/)[1].split(/:/)[0]
+                 @port = req_parts[index].split(/:\s+/)[1].split(/:/)[1]
              end

-              if value.eql?("") or value.strip.empty?# this will be the CRLF (before HTTP request body)
+              if value.eql?("") or value.strip.empty? # this will be the CRLF (before HTTP request body)
                @post_data_index = index
              end
            end
@@ -111,7 +111,7 @@ module BeEF
              http_request_object = {
                  'id' => http_db_object.id,
                  'method' => verb,
-                  'host' => @host.strip,
+                  'host' => @host,
                  'port' => @port,
                  'data' => @post_data,
                  'uri' => uri,
@@ -123,7 +123,7 @@ module BeEF
              http_request_object = {
                  'id' => http_db_object.id,
                  'method' => verb,
-                  'host' => @host.strip,
+                  'host' => @host,
                  'port' => @port,
                  'uri' => uri,
                  'headers' => headers,