diff --git a/Gemfile b/Gemfile index fb726e14a..3a1682e41 100644 --- a/Gemfile +++ b/Gemfile @@ -6,59 +6,61 @@ # See the file 'doc/COPYING' for copying permission # -gem "eventmachine" -gem "thin" -gem "sinatra" -gem "rack" -gem "em-websocket", "~> 0.3.6" # WebSocket support -gem "uglifier", "~> 2.2.1" +gem 'eventmachine' +gem 'thin' +gem 'sinatra' +gem 'rack' +gem 'em-websocket', '~> 0.3.6' # WebSocket support +gem 'uglifier', '~> 2.2.1' +gem 'mime-types' + # Windows support -if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw") +if RUBY_PLATFORM.downcase.include?('mswin') || RUBY_PLATFORM.downcase.include?('mingw') # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows - gem "therubyracer", "~> 0.11.0beta1" - gem "execjs" - gem "win32console" -elsif !RUBY_PLATFORM.downcase.include?("darwin") - gem "therubyracer", "0.11.3" - gem "execjs" + gem 'therubyracer', '~> 0.11.0beta1' + gem 'execjs' + gem 'win32console' +elsif !RUBY_PLATFORM.downcase.include?('darwin') + gem 'therubyracer', '0.11.3' + gem 'execjs' end -gem "ansi" -gem "term-ansicolor", :require => "term/ansicolor" -gem "dm-core" -gem "json" -gem "data_objects" -gem "dm-sqlite-adapter" # SQLite support +gem 'ansi' +gem 'term-ansicolor', :require => 'term/ansicolor' +gem 'dm-core' +gem 'json' +gem 'data_objects' +gem 'dm-sqlite-adapter' # SQLite support #gem dm-postgres-adapter # PostgreSQL support #gem dm-mysql-adapter # MySQL support -gem "parseconfig" -gem "erubis" -gem "dm-migrations" -gem "msfrpc-client" # Metasploit Integration extension -#gem "twitter", ">= 5.0.0" # Twitter Notifications extension -gem "rubyzip", ">= 1.0.0" -gem "rubydns", "0.7.0" # DNS extension -gem "geoip" # geolocation support -gem "dm-serializer" # network extension -gem "qr4r" # QRcode extension +gem 'parseconfig' +gem 'erubis' +gem 'dm-migrations' +gem 'msfrpc-client' # Metasploit Integration extension +#gem 'twitter', '>= 5.0.0' # Twitter Notifications extension +gem 'rubyzip', '>= 1.0.0' +gem 'rubydns', '0.7.0' # DNS extension +gem 'geoip' # geolocation support +gem 'dm-serializer' # network extension +gem 'qr4r' # QRcode extension # For running unit tests if ENV['BEEF_TEST'] - gem "test-unit" - gem "test-unit-full" - gem "curb" - gem "test-unit" - gem "selenium" - gem "selenium-webdriver" - gem "rspec" + gem 'test-unit' + gem 'test-unit-full' + gem 'curb' + gem 'test-unit' + gem 'selenium' + gem 'selenium-webdriver' + gem 'rspec' # nokogirl is needed by capybara which may require one of the below commands # sudo apt-get install libxslt-dev libxml2-dev # sudo port install libxml2 libxslt - gem "capybara" + gem 'capybara' # RESTful API tests/generic command module tests - gem "rest-client", "~> 1.6.7" + gem 'rest-client', '~> 1.6.7' end -source "http://rubygems.org" +source 'http://rubygems.org' diff --git a/core/loader.rb b/core/loader.rb index 5efea4c44..c4779fefd 100644 --- a/core/loader.rb +++ b/core/loader.rb @@ -16,6 +16,7 @@ require 'base64' require 'xmlrpc/client' require 'openssl' require 'rubydns' +require 'mime/types' # @note Include the filters require 'core/filters' diff --git a/core/main/network_stack/assethandler.rb b/core/main/network_stack/assethandler.rb index 84832106c..c9750e5f3 100644 --- a/core/main/network_stack/assethandler.rb +++ b/core/main/network_stack/assethandler.rb @@ -59,7 +59,7 @@ module Handlers # Binds a file to a mount point # @param [String] file File path to asset # @param [String] path URL path to mount the asset to (can be nil for random path) - # @param [String] extension Extension to append to the URL path (can be nil for none) + # @param [String] extension File extension (.x). If == nil content-type is text/plain, otherwise use the right one via MIME::Types.type_for() # @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited) # @return [String] URL Path of mounted asset # @todo This function should accept a hooked browser session to limit the mounted file to a certain session @@ -71,13 +71,20 @@ module Handlers 'count' => count} resp_body = File.read("#{root_dir}#{file}") + + if extension.nil? || MIME::Types.type_for(extension).empty? + content_type = 'text/plain' + else + content_type = MIME::Types.type_for(extension).first.content_type + end + @http_server.mount( url, - BeEF::Core::NetworkStack::Handlers::Raw.new('200', {'Content-Type'=>'text/plain'}, resp_body) + BeEF::Core::NetworkStack::Handlers::Raw.new('200', {'Content-Type' => content_type}, resp_body) ) @http_server.remap - print_info "File [#{file}] bound to url [#{url}]" + print_info "File [#{file}] bound to Url [#{url}] using Content-type [#{content_type}]" url end diff --git a/core/main/rest/handlers/server.rb b/core/main/rest/handlers/server.rb index aa30853fc..1531cab24 100644 --- a/core/main/rest/handlers/server.rb +++ b/core/main/rest/handlers/server.rb @@ -38,7 +38,9 @@ module BeEF droppers_dir = File.expand_path('..', __FILE__) + "/../../../../extensions/social_engineering/droppers/" if File.exists?(droppers_dir + local_file) && Dir.entries(droppers_dir).include?(local_file) - BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind("/extensions/social_engineering/droppers/#{local_file}", mount) + f_ext = File.extname(local_file).gsub('.','') + f_ext = nil if f_ext.empty? + BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind("/extensions/social_engineering/droppers/#{local_file}", mount, f_ext) status 200 else halt 400 diff --git a/extensions/admin_ui/api/handler.rb b/extensions/admin_ui/api/handler.rb index 8b4c353bf..ee740eaa9 100644 --- a/extensions/admin_ui/api/handler.rb +++ b/extensions/admin_ui/api/handler.rb @@ -90,7 +90,7 @@ module API if !config.get("beef.http.web_server_imitation.enable") BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind( "/extensions/admin_ui/media#{config.get("beef.extension.admin_ui.favicon_dir")}/#{config.get("beef.extension.admin_ui.favicon_file_name")}", - '/favicon.ico') + '/favicon.ico', 'ico') end self.build_javascript_ui beef_server