Add X-Frame-Options to admin UI

2018-02-10 06:24:24 +00:00
parent 67e3605e16
commit d1f114d103
2 changed files with 5 additions and 1 deletions
--- a/extensions/admin_ui/controllers/authentication/authentication.rb
+++ b/extensions/admin_ui/controllers/authentication/authentication.rb
@@ -31,6 +31,7 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
  # Function managing the index web page
  def index 
    @headers['Content-Type']='text/html; charset=UTF-8'
+    @headers['X-Frame-Options']='sameorigin'
  end
  
  #
@@ -42,6 +43,7 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
    password = @params['password-cfrm'] || ''
    config = BeEF::Core::Configuration.instance
    @headers['Content-Type']='application/json; charset=UTF-8'
+    @headers['X-Frame-Options']='sameorigin'
    ua_ip = @request.ip # get client ip address
    @body = '{ success : false }' # attempt to fail closed
          
@@ -87,6 +89,7 @@ class Authentication < BeEF::Extension::AdminUI::HttpController
    (print_error "invalid session";return @body = "{ success : true }") if not @session.valid_session?(@request)
    
    @headers['Content-Type']='application/json; charset=UTF-8'
+    @headers['X-Frame-Options']='sameorigin'
    
    # set the session to be log out
    @session.set_logged_out
--- a/extensions/admin_ui/controllers/panel/panel.rb
+++ b/extensions/admin_ui/controllers/panel/panel.rb
@@ -23,7 +23,8 @@ module BeEF
          end

          # default index page
-          def index;
+          def index
+            @headers['X-Frame-Options']='sameorigin'
          end

          # return a JSON object contains all the updates for the hooked browser trees