Fixed issue with latest Rack. Now using mime/types to return the right content-type based on file extension when using AssetHandler.bind.

Gemfile

@@ -6,59 +6,61 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-gem "eventmachine"
-gem "thin"
-gem "sinatra"
-gem "rack"
-gem "em-websocket", "~> 0.3.6" # WebSocket support
-gem "uglifier", "~> 2.2.1"
+gem 'eventmachine'
+gem 'thin'
+gem 'sinatra'
+gem 'rack'
+gem 'em-websocket', '~> 0.3.6' # WebSocket support
+gem 'uglifier', '~> 2.2.1'
+gem 'mime-types'
+
 
 # Windows support
-if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
+if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw')
   # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
-  gem "therubyracer", "~> 0.11.0beta1"
-  gem "execjs"
-  gem "win32console"
-elsif !RUBY_PLATFORM.downcase.include?("darwin")
-  gem "therubyracer", "0.11.3"
-  gem "execjs"
+  gem 'therubyracer', '~> 0.11.0beta1'
+  gem 'execjs'
+  gem 'win32console'
+elsif !RUBY_PLATFORM.downcase.include?('darwin')
+  gem 'therubyracer', '0.11.3'
+  gem 'execjs'
 end
  
 
-gem "ansi"
-gem "term-ansicolor", :require => "term/ansicolor"
-gem "dm-core"
-gem "json"
-gem "data_objects"
-gem "dm-sqlite-adapter"  # SQLite support
+gem 'ansi'
+gem 'term-ansicolor', :require => 'term/ansicolor'
+gem 'dm-core'
+gem 'json'
+gem 'data_objects'
+gem 'dm-sqlite-adapter'  # SQLite support
 #gem dm-postgres-adapter # PostgreSQL support
 #gem dm-mysql-adapter    # MySQL support
-gem "parseconfig"
-gem "erubis"
-gem "dm-migrations"
-gem "msfrpc-client"        # Metasploit Integration extension
-#gem "twitter", ">= 5.0.0" # Twitter Notifications extension
-gem "rubyzip", ">= 1.0.0"
-gem "rubydns", "0.7.0"     # DNS extension
-gem "geoip"                # geolocation support
-gem "dm-serializer"        # network extension
-gem "qr4r"                 # QRcode extension
+gem 'parseconfig'
+gem 'erubis'
+gem 'dm-migrations'
+gem 'msfrpc-client'        # Metasploit Integration extension
+#gem 'twitter', '>= 5.0.0' # Twitter Notifications extension
+gem 'rubyzip', '>= 1.0.0'
+gem 'rubydns', '0.7.0'     # DNS extension
+gem 'geoip'                # geolocation support
+gem 'dm-serializer'        # network extension
+gem 'qr4r'                 # QRcode extension
 
 # For running unit tests
 if ENV['BEEF_TEST']
-  gem "test-unit"
-  gem "test-unit-full"
-  gem "curb"
-  gem "test-unit"
-  gem "selenium"
-  gem "selenium-webdriver"
-  gem "rspec"
+  gem 'test-unit'
+  gem 'test-unit-full'
+  gem 'curb'
+  gem 'test-unit'
+  gem 'selenium'
+  gem 'selenium-webdriver'
+  gem 'rspec'
   # nokogirl is needed by capybara which may require one of the below commands
   # sudo apt-get install libxslt-dev libxml2-dev
   # sudo port install libxml2 libxslt
-  gem "capybara"
+  gem 'capybara'
   # RESTful API tests/generic command module tests
-  gem "rest-client", "~> 1.6.7"
+  gem 'rest-client', '~> 1.6.7'
 end
 
-source "http://rubygems.org"
+source 'http://rubygems.org'

core/loader.rb

@@ -16,6 +16,7 @@ require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
 require 'rubydns'
+require 'mime/types'
 
 # @note Include the filters
 require 'core/filters'

core/main/network_stack/assethandler.rb

@@ -59,7 +59,7 @@ module Handlers
     # Binds a file to a mount point
     # @param [String] file File path to asset
     # @param [String] path URL path to mount the asset to (can be nil for random path)
-    # @param [String] extension Extension to append to the URL path (can be nil for none)
+    # @param [String] extension File extension (.x). If == nil content-type is text/plain, otherwise use the right one via MIME::Types.type_for()
     # @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
     # @return [String] URL Path of mounted asset
     # @todo This function should accept a hooked browser session to limit the mounted file to a certain session
@@ -71,13 +71,20 @@ module Handlers
                              'count' => count}
 
         resp_body = File.read("#{root_dir}#{file}")
+
+        if extension.nil? || MIME::Types.type_for(extension).empty?
+          content_type = 'text/plain'
+        else
+          content_type = MIME::Types.type_for(extension).first.content_type
+        end
+
         @http_server.mount(
             url,
-            BeEF::Core::NetworkStack::Handlers::Raw.new('200', {'Content-Type'=>'text/plain'}, resp_body)
+            BeEF::Core::NetworkStack::Handlers::Raw.new('200', {'Content-Type' => content_type}, resp_body)
         )
 
         @http_server.remap
-        print_info "File [#{file}] bound to url [#{url}]"
+        print_info "File [#{file}] bound to Url [#{url}] using Content-type [#{content_type}]"
 
         url
     end

core/main/rest/handlers/server.rb

@@ -38,7 +38,9 @@ module BeEF
             droppers_dir = File.expand_path('..', __FILE__) + "/../../../../extensions/social_engineering/droppers/"
 
             if File.exists?(droppers_dir + local_file) && Dir.entries(droppers_dir).include?(local_file)
-              BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind("/extensions/social_engineering/droppers/#{local_file}", mount)
+              f_ext = File.extname(local_file).gsub('.','')
+              f_ext = nil if f_ext.empty?
+              BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind("/extensions/social_engineering/droppers/#{local_file}", mount, f_ext)
               status 200
             else
               halt 400

extensions/admin_ui/api/handler.rb

@@ -90,7 +90,7 @@ module API
       if !config.get("beef.http.web_server_imitation.enable")
         BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(
             "/extensions/admin_ui/media#{config.get("beef.extension.admin_ui.favicon_dir")}/#{config.get("beef.extension.admin_ui.favicon_file_name")}",
-            '/favicon.ico')
+            '/favicon.ico', 'ico')
       end
 
       self.build_javascript_ui beef_server