From f4ff606cbf61a4f17d54f18009741b02edf926f7 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Tue, 2 Feb 2016 21:50:08 +0000 Subject: [PATCH] Change /api/modules/multi_browser to accept 'ALL' for 'hb_ids' --- core/main/rest/handlers/modules.rb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/core/main/rest/handlers/modules.rb b/core/main/rest/handlers/modules.rb index 3aa720474..50b782bc2 100644 --- a/core/main/rest/handlers/modules.rb +++ b/core/main/rest/handlers/modules.rb @@ -158,6 +158,7 @@ module BeEF # #@note Fire a new command module to multiple hooked browsers. # Returns the command IDs of the launched module, or 0 if firing got issues. + # Use "hb_ids":["ALL"] to run on all hooked browsers # # POST request body example (for modules that don't need parameters, just remove "mod_params") # { @@ -173,7 +174,7 @@ module BeEF # curl example (alert module with custom text, 2 hooked browsers)): # #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}' - #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633 + #-X POST http://127.0.0.1:3000/api/modules/multi_browser?token=2316d82702b83a293e2d46a0886a003a6be0a633 # post '/multi_browser' do request.body.rewind @@ -192,6 +193,14 @@ module BeEF hb_ids = body["hb_ids"] results = Hash.new + + # run on all hooked browsers? + if hb_ids.first =~ /\Aall\z/i + hb_ids = [] + BeEF::Core::Models::HookedBrowser.all.each {|hb| hb_ids << hb.id } + end + + # run modules hb_ids.each do |hb_id| hb = BeEF::Core::Models::HookedBrowser.first(:id => hb_id) if hb == nil @@ -204,7 +213,7 @@ module BeEF end results.to_json rescue => e - print_error "Invalid JSON input passed to endpoint /api/modules/multi" + print_error "Invalid JSON input passed to endpoint /api/modules/multi_browser" error 400 # Bad Request end end