From dadbf5d88f982299d1d66e9a5a450150c19caa6f Mon Sep 17 00:00:00 2001 From: "wade@bindshell.net" Date: Tue, 16 Nov 2010 12:16:42 +0000 Subject: [PATCH] Add explicit filters to inithandler git-svn-id: https://beef.googlecode.com/svn/trunk@535 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- lib/server/inithandler.rb | 44 ++++++++++++++++++++++++++------------- modules/beefjs/browser.js | 2 +- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/lib/server/inithandler.rb b/lib/server/inithandler.rb index 9e852d10d..cfe34a144 100644 --- a/lib/server/inithandler.rb +++ b/lib/server/inithandler.rb @@ -26,26 +26,30 @@ module BeEF # validate hook session value session_id = request.query['BEEFHOOK'] || nil - raise WEBrick::HTTPStatus::BadRequest, "session_id is nil" if session_id.nil? + raise WEBrick::HTTPStatus::BadRequest, "session id is invalid" if not Filter.is_valid_hook_session_id?(session_id) hooked_browser = HB.first(:session => session_id, :has_init => false) raise WEBrick::HTTPStatus::BadRequest, "Invalid beef session id: the hooked browser cannot be found in the database" if hooked_browser.nil? - request.query.keys.each{|key| - next if key.eql? "command_id" or key.eql? "BEEFHOOK" # ignore these params + # get and store browser name + browser_name = get_param(request.query, 'BrowserName') + raise WEBrick::HTTPStatus::BadRequest, "Invalid browser name" if not Filter.is_valid_browsername?(browser_name) + BD.set(session_id, 'BrowserName', browser_name) - # keys and values from the request - raise WEBrick::HTTPStatus::BadRequest, "Invalid init key" if Filter.has_non_printable_char?(key) - b64_param = request.query[key] - raise WEBrick::HTTPStatus::BadRequest, "Invalid init base64 value" if Filter.has_non_printable_char?(b64_param) - escaped_param = CGI.unescapeHTML(b64_param) - raise WEBrick::HTTPStatus::BadRequest, "Invalid init escaped value" if Filter.has_non_printable_char?(escaped_param) - param = Base64.decode64(escaped_param) - raise WEBrick::HTTPStatus::BadRequest, "Invalid init value" if Filter.has_non_printable_char?(param) - - # store the returned browser details - BD.set(session_id, key, param) - } + # get and store browser version + browser_version = get_param(request.query, 'BrowserVersion') + raise WEBrick::HTTPStatus::BadRequest, "Invalid browser version" if not Filter.is_valid_browserversion?(browser_version) + BD.set(session_id, 'BrowserVersion', browser_version) + # get and store browser string + browser_string = get_param(request.query, 'BrowserReportedName') + raise WEBrick::HTTPStatus::BadRequest, "Invalid browser browser string" if not Filter.is_valid_browserstring?(browser_string) + BD.set(session_id, 'BrowserReportedName', browser_string) + + # get and store page title + page_title = get_param(request.query, 'PageTitle') + raise WEBrick::HTTPStatus::BadRequest, "Invalid page title name" if not Filter.is_valid_pagetitle?(page_title) + BD.set(session_id, 'PageTitle', page_title) + # init details have been returned so set flag and save hooked_browser.has_init = true @guard.synchronize { @@ -55,6 +59,16 @@ module BeEF response.body = '' end + def get_param(query, key) + b64_param = query[key] + raise WEBrick::HTTPStatus::BadRequest, "Invalid init base64 value" if Filter.has_non_printable_char?(b64_param) + escaped_param = CGI.unescapeHTML(b64_param) + raise WEBrick::HTTPStatus::BadRequest, "Invalid init escaped value" if Filter.has_non_printable_char?(escaped_param) + param = Base64.decode64(escaped_param) + raise WEBrick::HTTPStatus::BadRequest, "Invalid init value" if Filter.has_non_printable_char?(param) + param + end + end end \ No newline at end of file diff --git a/modules/beefjs/browser.js b/modules/beefjs/browser.js index fd95796f5..a84322695 100644 --- a/modules/beefjs/browser.js +++ b/modules/beefjs/browser.js @@ -336,8 +336,8 @@ beef.browser = { details["BrowserName"] = beef.browser.getBrowserName(); details["BrowserVersion"] = beef.browser.getBrowserVersion(); details["BrowserReportedName"] = beef.browser.getBrowserReportedName(); - details["BrowserLocation"] = beef.dom.getLocation(); details["PageTitle"] = document.title; + details["HostName"] = document.location.hostname; return details; }