From e22d262bbfb6d33693186e6d668082124afe6e6e Mon Sep 17 00:00:00 2001 From: bcoles Date: Wed, 26 Jan 2022 13:41:18 +1100 Subject: [PATCH] Core: Move web server imitation templates into Router class (#2289) --- core/bootstrap.rb | 1 - core/main/router/error_responses.rb | 66 --- core/main/router/router.rb | 506 ++++++++++-------- extensions/admin_ui/classes/httpcontroller.rb | 57 +- .../authentication/authentication.rb | 45 +- 5 files changed, 327 insertions(+), 348 deletions(-) delete mode 100644 core/main/router/error_responses.rb diff --git a/core/bootstrap.rb b/core/bootstrap.rb index 7c1202f73..d63482279 100644 --- a/core/bootstrap.rb +++ b/core/bootstrap.rb @@ -11,7 +11,6 @@ end ## @note Include the BeEF router require 'core/main/router/router' require 'core/main/router/api' -require 'core/main/router/error_responses' ## @note Include http server functions for beef require 'core/main/server' diff --git a/core/main/router/error_responses.rb b/core/main/router/error_responses.rb deleted file mode 100644 index 34c3d6631..000000000 --- a/core/main/router/error_responses.rb +++ /dev/null @@ -1,66 +0,0 @@ -module BeEF - module Core - module Router - config = BeEF::Core::Configuration.instance - - APACHE_HEADER = { 'Server' => 'Apache/2.2.3 (CentOS)', - 'Content-Type' => 'text/html; charset=UTF-8' }.freeze - APACHE_BODY = '' \ - '' \ - '404 Not Found' \ - '' \ - '

Not Found

' \ - '

The requested URL was not found on this server.

' \ - '
' \ - '
Apache/2.2.3 (CentOS)
' + - ("" if config.get('beef.http.web_server_imitation.hook_404')).to_s + - '' - IIS_HEADER = { 'Server' => 'Microsoft-IIS/6.0', - 'X-Powered-By' => 'ASP.NET', - 'Content-Type' => 'text/html; charset=UTF-8' }.freeze - IIS_BODY = '' \ - 'The page cannot be found' \ - '' \ - '' \ - '
' \ - '

The page cannot be found

' \ - 'The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.' \ - '
' \ - '

Please try the following:

' \ - '
    ' \ - '
  • Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
    • ' \ - '
  • If you reached this page by clicking a link, contact' \ - ' the Web site administrator to alert them that the link is incorrectly formatted.' \ - '
    • ' \ - '
  • Click the Back button to try another link.
    • ' \ - '
' \ - '

HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)

' \ - '
' \ - '

Technical Information (for support personnel)

' \ - '
    ' \ - '
  • Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
    • ' \ - '
  • Open IIS Help, which is accessible in IIS Manager (inetmgr),' \ - 'and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.
    • ' \ - '
' \ - '
' + - ("" if config.get('beef.http.web_server_imitation.hook_404')).to_s + - '' - NGINX_HEADER = { 'Server' => 'nginx', - 'Content-Type' => 'text/html' }.freeze - NGINX_BODY = "\n" \ - "404 Not Found\n" \ - "\n" \ - "

404 Not Found

\n" \ - "
nginx
\n" + - ("" if config.get('beef.http.web_server_imitation.hook_404')).to_s + - "\n" \ - "\n" - end - end -end diff --git a/core/main/router/router.rb b/core/main/router/router.rb index 915221b99..bb0ebc0a7 100644 --- a/core/main/router/router.rb +++ b/core/main/router/router.rb @@ -11,243 +11,323 @@ module BeEF # @note All the HTTP handlers registered on BeEF will extend this class. class Router < Sinatra::Base config = BeEF::Core::Configuration.instance + configure do set :show_exceptions, false end # @note Override default 404 HTTP response not_found do - if config.get('beef.http.web_server_imitation.enable') - type = config.get('beef.http.web_server_imitation.type') - case type - when 'apache' - # response body - BeEF::Core::Router::APACHE_BODY - when 'iis' - # response body - BeEF::Core::Router::IIS_BODY - when 'nginx' - # response body - BeEF::Core::Router::NGINX_BODY - else - 'Not Found.' - end - else - 'Not Found.' - end + error_page_404 end before do # @note Override Server HTTP response header - if config.get('beef.http.web_server_imitation.enable') - type = config.get('beef.http.web_server_imitation.type') - case type - when 'apache' - headers BeEF::Core::Router::APACHE_HEADER - when 'iis' - headers BeEF::Core::Router::IIS_HEADER - when 'nginx' - headers BeEF::Core::Router::NGINX_HEADER - else - headers 'Server' => '', - 'Content-Type' => 'text/html' - print_error 'You have an error in beef.http.web_server_imitation.type!' - print_more 'Supported values are: apache, iis, nginx.' - end - end + headers response_headers # @note If CORS is enabled, expose the appropriate headers if config.get('beef.http.restful_api.allow_cors') allowed_domains = config.get('beef.http.restful_api.cors_allowed_domains') + if allowed_domains + headers 'Access-Control-Allow-Origin' => allowed_domains + end + headers 'Access-Control-Allow-Methods' => 'POST, GET' - # Responses to preflight OPTIONS requests need to respond with hTTP 200 + # Responses to preflight OPTIONS requests need to respond with HTTP 200 # and be able to handle requests with a JSON content-type if request.request_method == 'OPTIONS' - headers 'Access-Control-Allow-Origin' => allowed_domains, - 'Access-Control-Allow-Methods' => 'POST, GET', - 'Access-Control-Allow-Headers' => 'Content-Type' + headers 'Access-Control-Allow-Headers' => 'Content-Type' halt 200 end - - headers 'Access-Control-Allow-Origin' => allowed_domains, - 'Access-Control-Allow-Methods' => 'POST, GET' end end # @note Default root page get '/' do - if config.get('beef.http.web_server_imitation.enable') - bp = config.get 'beef.extension.admin_ui.base_path' - type = config.get('beef.http.web_server_imitation.type') - case type - when 'apache' - '' \ - '' \ - 'Apache HTTP Server Test Page powered by CentOS' \ - '' \ - ' ' \ - ' ' \ - ' ' \ - '

Apache 2 Test Page
powered by CentOS

' \ - '
' + '
' \ - '

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly.

' \ - '
' \ - '
' \ - '
' \ - '
' \ - '

If you are a member of the general public:

' \ - '

The fact that you are seeing this page indicates that the website you just visited is either experiencing problems or is undergoing routine maintenance.

' \ - "

If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name \"webmaster\" and directed to the website's domain should reach the appropriate person.

" \ - '

For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".

' \ - '
' \ - '
' \ - '

If you are the website administrator:

' \ - '

You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

' \ - '

You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!

' \ - "

\"[ \"[

" \ - '
' \ - '
' \ - '
' \ - '
' \ - '

About CentOS:

The Community ENTerprise Operating System (CentOS) is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) The CentOS Project is the organization that builds CentOS.

' \ - '

For information on CentOS please visit the CentOS website.

' \ - '

Note:

CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. If you have issues with the content of this site, contact the owner of the domain, not the CentOS project.' \ - "

Unless this server is on the CentOS.org domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.

" \ - '

For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:

' \ - '

http://www.internic.net/whois.html

' \ - '
' \ - '
' + - ("" if config.get('beef.http.web_server_imitation.hook_root')).to_s + - '' \ - '' - when 'iis' - '' \ - '' \ - '' \ - 'Under Construction' \ - '' \ - '' \ - '' \ - '' \ - '' \ - '' \ - '
' \ - "" \ - '' \ - '

' \ - '

Under Construction

' \ - '

' \ - 'The site you are trying to view does not currently have a default page. It may be in the process of being upgraded and configured.' \ - '

Please try this site again later. If you still experience the problem, try contacting the Web site administrator.' \ - '

' \ - '

If you are the Web site administrator and feel you have received this message in error, please see "Enabling and Disabling Dynamic Content" in IIS Help.' \ - '

To access IIS Help
' \ - '
    ' \ - '
  1. Click Start, and then click Run.' \ - '
  2. In the Open text box, type inetmgr. IIS Manager appears.' \ - '
  3. From the Help menu, click Help Topics.' \ - '
  4. Click Internet Information Services.
' \ - '
' + - ("" if config.get('beef.http.web_server_imitation.hook_root')).to_s + - '' \ - '' - when 'nginx' - "\n" \ - "\n" \ - "\n" \ - "Welcome to nginx!\n" \ - "\n" \ - "\n" \ - "\n" \ - "

Welcome to nginx!

\n" \ - "

If you see this page, the nginx web server is successfully installed and\n" \ - "working. Further configuration is required.

\n\n" \ - "

For online documentation and support please refer to\n" \ - "nginx.org.
\n" \ - "Commercial support is available at\n" \ - "nginx.com.

\n\n" \ - "

Thank you for using nginx.

\n" + - ("" if config.get('beef.http.web_server_imitation.hook_root')).to_s + - "\n" \ - "\n" - else - '' - end + index_page + end + + private + + def response_headers + config = BeEF::Core::Configuration.instance + + default_headers = { + 'Server' => '', + 'Content-Type' => 'text/html' + } + + return default_headers unless config.get('beef.http.web_server_imitation.enable') + + case config.get('beef.http.web_server_imitation.type') + when 'apache' + { + 'Server' => 'Apache/2.2.3 (CentOS)', + 'Content-Type' => 'text/html; charset=UTF-8' + } + when 'iis' + { + 'Server' => 'Microsoft-IIS/6.0', + 'X-Powered-By' => 'ASP.NET', + 'Content-Type' => 'text/html; charset=UTF-8' + } + when 'nginx' + { + 'Server' => 'nginx', + 'Content-Type' => 'text/html' + } + else + print_error 'Configuration error in beef.http.web_server_imitation.type!' + print_more 'Supported values are: apache, iis, nginx.' + default_headers + end + end + + def index_page + config = BeEF::Core::Configuration.instance + + return '' unless config.get('beef.http.web_server_imitation.enable') + + bp = config.get 'beef.extension.admin_ui.base_path' + case config.get('beef.http.web_server_imitation.type') + when 'apache' + '' \ + '' \ + 'Apache HTTP Server Test Page powered by CentOS' \ + '' \ + ' ' \ + ' ' \ + ' ' \ + '

Apache 2 Test Page
powered by CentOS

' \ + '
' \ + '

This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly.

' \ + '
' \ + '
' \ + '
' \ + '
' \ + '

If you are a member of the general public:

' \ + '

The fact that you are seeing this page indicates that the website you just visited is either experiencing problems or is undergoing routine maintenance.

' \ + "

If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name \"webmaster\" and directed to the website's domain should reach the appropriate person.

" \ + '

For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".

' \ + '
' \ + '
' \ + '

If you are the website administrator:

' \ + '

You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

' \ + '

You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!

' \ + "

\"[ \"[

" \ + '
' \ + '
' \ + '
' \ + '
' \ + '

About CentOS:

The Community ENTerprise Operating System (CentOS) is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) The CentOS Project is the organization that builds CentOS.

' \ + '

For information on CentOS please visit the CentOS website.

' \ + '

Note:

CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. If you have issues with the content of this site, contact the owner of the domain, not the CentOS project.' \ + "

Unless this server is on the CentOS.org domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.

" \ + '

For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:

' \ + '

http://www.internic.net/whois.html

' \ + '
' \ + '
' + + ("" if config.get('beef.http.web_server_imitation.hook_root')).to_s + + '' \ + '' + when 'iis' + '' \ + '' \ + '' \ + 'Under Construction' \ + '' \ + '' \ + '' \ + '' \ + '' \ + '' \ + '
' \ + "" \ + '' \ + '

' \ + '

Under Construction

' \ + '

' \ + 'The site you are trying to view does not currently have a default page. It may be in the process of being upgraded and configured.' \ + '

Please try this site again later. If you still experience the problem, try contacting the Web site administrator.' \ + '

' \ + '

If you are the Web site administrator and feel you have received this message in error, please see "Enabling and Disabling Dynamic Content" in IIS Help.' \ + '

To access IIS Help
' \ + '
    ' \ + '
  1. Click Start, and then click Run.' \ + '
  2. In the Open text box, type inetmgr. IIS Manager appears.' \ + '
  3. From the Help menu, click Help Topics.' \ + '
  4. Click Internet Information Services.
' \ + '
' + + ("" if config.get('beef.http.web_server_imitation.hook_root')).to_s + + '' \ + '' + when 'nginx' + "\n" \ + "\n" \ + "\n" \ + "Welcome to nginx!\n" \ + "\n" \ + "\n" \ + "\n" \ + "

Welcome to nginx!

\n" \ + "

If you see this page, the nginx web server is successfully installed and\n" \ + "working. Further configuration is required.

\n\n" \ + "

For online documentation and support please refer to\n" \ + "nginx.org.
\n" \ + "Commercial support is available at\n" \ + "nginx.com.

\n\n" \ + "

Thank you for using nginx.

\n" + + ("" if config.get('beef.http.web_server_imitation.hook_root')).to_s + + "\n" \ + "\n" + else + print_error 'Configuration error in beef.http.web_server_imitation.type!' + print_more 'Supported values are: apache, iis, nginx.' + '' + end + end + + def error_page_404 + config = BeEF::Core::Configuration.instance + + return 'Not Found.' unless config.get('beef.http.web_server_imitation.enable') + + case config.get('beef.http.web_server_imitation.type') + when 'apache' + return <<-EOF + + +404 Not Found + +

Not Found

+

The requested URL was not found on this server.

+
+
Apache/2.2.3 (CentOS)
+#{("" if config.get('beef.http.web_server_imitation.hook_404'))} + +EOF + when 'iis' + return <<-EOF + +The page cannot be found + +
+

The page cannot be found

+The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. +
+

Please try the following:

+
    +
  • Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
    • +
  • If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted.
    • +
  • Click the Back button to try another link.
    • +
+

HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)

+
+

Technical Information (for support personnel)

+
    +
  • Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
    • +
  • Open IIS Help, which is accessible in IIS Manager (inetmgr),and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messa +
+
+#{("" if config.get('beef.http.web_server_imitation.hook_404'))} + +EOF + when 'nginx' + return <<-EOF + +404 Not Found + +

404 Not Found

+
nginx
+#{("" if config.get('beef.http.web_server_imitation.hook_404'))} + + +EOF + else + print_error 'Configuration error in beef.http.web_server_imitation.type!' + print_more 'Supported values are: apache, iis, nginx.' + 'Not Found.' end end end diff --git a/extensions/admin_ui/classes/httpcontroller.rb b/extensions/admin_ui/classes/httpcontroller.rb index 450ec070a..25c6e3a2f 100644 --- a/extensions/admin_ui/classes/httpcontroller.rb +++ b/extensions/admin_ui/classes/httpcontroller.rb @@ -29,8 +29,7 @@ module BeEF @headers = { 'Content-Type' => 'text/html; charset=UTF-8' } if data['headers'].nil? - # @todo what if paths is nil and methods does not include 'index' ? - @paths = if data['paths'].nil? and methods.include? 'index' + @paths = if data['paths'].nil? && methods.include?('index') { 'index' => '/' } else data['paths'] @@ -42,37 +41,8 @@ module BeEF # def authenticate_request(ip) auth = BeEF::Extension::AdminUI::Controllers::Authentication.new - return true if auth.permitted_source?(ip) - - unless @config.get('beef.http.web_server_imitation.enable') - @body = 'Not Found.' - @status = 404 - @headers = { 'Content-Type' => 'text/html' } - return false - end - - type = @config.get('beef.http.web_server_imitation.type') - case type - when 'apache' - @body = BeEF::Core::Router::APACHE_BODY - @status = 404 - @headers = BeEF::Core::Router::APACHE_HEADER - when 'iis' - @body = BeEF::Core::Router::IIS_BODY - @status = 404 - @headers = BeEF::Core::Router::IIS_HEADER - when 'nginx' - @body = BeEF::Core::Router::APACHE_BODY - @status = 404 - @headers = BeEF::Core::Router::APACHE_HEADER - else - @body = 'Not Found.' - @status = 404 - @headers = { 'Content-Type' => 'text/html' } - end - - false - rescue StandardError + auth.permitted_source?(ip) + rescue StandardError => e print_error "authenticate_request failed: #{e.message}" false end @@ -95,17 +65,18 @@ module BeEF @request = request @params = request.params - # Web UI base path, like http://beef_domain//panel - auth_url = "#{@bp}/authentication" + @body = '' # If access to the UI is not permitted for the request IP address return a 404 - return unless authenticate_request(get_ip(@request)) + unless authenticate_request(get_ip(@request)) + @status = 404 + return + end # test if session is unauth'd and whether the auth functionality is requested - if !@session.valid_session?(@request) and !instance_of?(BeEF::Extension::AdminUI::Controllers::Authentication) - @body = '' + if !@session.valid_session?(@request) && !instance_of?(BeEF::Extension::AdminUI::Controllers::Authentication) @status = 302 - @headers = { 'Location' => auth_url } + @headers = { 'Location' => "#{@bp}/authentication" } return end @@ -129,11 +100,13 @@ module BeEF function_name = function.name # used for filename class_s = self.class.to_s.sub('BeEF::Extension::AdminUI::Controllers::', '').downcase # used for directory name template_ui = "#{$root_dir}/extensions/admin_ui/controllers/#{class_s}/#{function_name}.html" - @eruby = Erubis::FastEruby.new(File.read(template_ui)) if File.exist? template_ui # load the template file - @body = @eruby.result(binding) unless @eruby.nil? # apply template and set the response + if File.exist?(template_ui) + @eruby = Erubis::FastEruby.new(File.read(template_ui)) + @body = @eruby.result(binding) unless @eruby.nil? # apply template and set the response + end # set appropriate content-type 'application/json' for .json files - @headers['Content-Type'] = 'application/json; charset=UTF-8' if request.path =~ /\.json$/ + @headers['Content-Type'] = 'application/json; charset=UTF-8' if request.path.to_s.end_with?('.json') # set content type if @headers['Content-Type'].nil? diff --git a/extensions/admin_ui/controllers/authentication/authentication.rb b/extensions/admin_ui/controllers/authentication/authentication.rb index 9b0cf2224..9ed1f8c93 100644 --- a/extensions/admin_ui/controllers/authentication/authentication.rb +++ b/extensions/admin_ui/controllers/authentication/authentication.rb @@ -38,18 +38,16 @@ module BeEF def login username = @params['username-cfrm'] || '' password = @params['password-cfrm'] || '' - config = BeEF::Core::Configuration.instance @headers['Content-Type'] = 'application/json; charset=UTF-8' @headers['X-Frame-Options'] = 'sameorigin' - ua_ip = if config.get('beef.http.allow_reverse_proxy') - @request.ip # get client ip address - else - @request.get_header('REMOTE_ADDR') - end - @body = '{ success : false }' # attempt to fail closed + @body = { success: false }.to_json + + config = BeEF::Core::Configuration.instance + ua_ip = config.get('beef.http.allow_reverse_proxy') ? @request.ip : @request.get_header('REMOTE_ADDR') + # check if source IP address is permitted to authenticate unless permitted_source?(ua_ip) - BeEF::Core::Logger.instance.register('Authentication', "IP source address (#{@request.ip}) attempted to authenticate but is not within permitted subnet.") + BeEF::Core::Logger.instance.register('Authentication', "IP source address (#{ua_ip}) attempted to authenticate but is not within permitted subnet.") return end @@ -59,36 +57,34 @@ module BeEF ->(time) { @session.set_auth_timestamp(time) }) # check username and password - unless username.eql? config.get('beef.credentials.user') and password.eql? config.get('beef.credentials.passwd') - BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has failed to authenticate in the application.") + unless username.eql?(config.get('beef.credentials.user')) && password.eql?(config.get('beef.credentials.passwd')) + BeEF::Core::Logger.instance.register('Authentication', "User with ip #{ua_ip} has failed to authenticate in the application.") return end # establish an authenticated session - - # set up session and set it logged in @session.set_logged_in(ua_ip) - - # create session cookie session_cookie_name = config.get('beef.extension.admin_ui.session_cookie_name') # get session cookie name Rack::Utils.set_cookie_header!(@headers, session_cookie_name, { value: @session.get_id, path: '/', httponly: true }) - BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has successfully authenticated in the application.") - @body = '{ success : true }' + BeEF::Core::Logger.instance.register('Authentication', "User with ip #{ua_ip} has successfully authenticated in the application.") + @body = { success: true }.to_json end # # Function managing the logout # def logout - # test if session is unauth'd + @body = { success: true }.to_json + unless @session.valid_nonce?(@request) - (print_error 'invalid nonce' - return @body = '{ success : true }') + print_error 'invalid nonce' + return end + unless @session.valid_session?(@request) - (print_error 'invalid session' - return @body = '{ success : true }') + print_error 'invalid session' + return end @headers['Content-Type'] = 'application/json; charset=UTF-8' @@ -102,23 +98,20 @@ module BeEF session_cookie_name = config.get('beef.extension.admin_ui.session_cookie_name') # get session cookie name Rack::Utils.set_cookie_header!(@headers, session_cookie_name, { value: '', path: '/', httponly: true, expires: Time.now }) - BeEF::Core::Logger.instance.register('Authentication', "User with ip #{@request.ip} has successfully logged out.") - @body = '{ success : true }' + ua_ip = config.get('beef.http.allow_reverse_proxy') ? @request.ip : @request.get_header('REMOTE_ADDR') + BeEF::Core::Logger.instance.register('Authentication', "User with ip #{ua_ip} has successfully logged out.") end # # Check the UI browser source IP is within the permitted subnet # def permitted_source?(ip) - # test if supplied IP address is valid return false unless BeEF::Filters.is_valid_ip?(ip) - # get permitted subnets permitted_ui_subnet = BeEF::Core::Configuration.instance.get('beef.restrictions.permitted_ui_subnet') return false if permitted_ui_subnet.nil? return false if permitted_ui_subnet.empty? - # test if ip within subnets permitted_ui_subnet.each do |subnet| return true if IPAddr.new(subnet).include?(ip) end