Change /api/modules/multi_browser to accept 'ALL' for 'hb_ids'

2016-02-02 21:50:08 +00:00
parent efe8961dfa
commit f4ff606cbf
1 changed files with 11 additions and 2 deletions
--- a/core/main/rest/handlers/modules.rb
+++ b/core/main/rest/handlers/modules.rb
@@ -158,6 +158,7 @@ module BeEF
        #
        #@note Fire a new command module to multiple hooked browsers.
        # Returns the command IDs of the launched module, or 0 if firing got issues.
+        # Use "hb_ids":["ALL"] to run on all hooked browsers
        #
        # POST request body example (for modules that don't need parameters, just remove "mod_params")
        #  {
@@ -173,7 +174,7 @@ module BeEF
        # curl example (alert module with custom text, 2 hooked browsers)):
        #
        #curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}'
-        #-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633
+        #-X POST http://127.0.0.1:3000/api/modules/multi_browser?token=2316d82702b83a293e2d46a0886a003a6be0a633
        #
        post '/multi_browser' do
          request.body.rewind
@@ -192,6 +193,14 @@ module BeEF

            hb_ids = body["hb_ids"]
            results = Hash.new
+
+            # run on all hooked browsers?
+            if hb_ids.first =~ /\Aall\z/i
+              hb_ids = []
+              BeEF::Core::Models::HookedBrowser.all.each {|hb| hb_ids << hb.id }
+            end
+
+            # run modules
            hb_ids.each do |hb_id|
              hb = BeEF::Core::Models::HookedBrowser.first(:id => hb_id)
              if hb == nil
@@ -204,7 +213,7 @@ module BeEF
            end
            results.to_json
          rescue => e
-            print_error "Invalid JSON input passed to endpoint /api/modules/multi"
+            print_error "Invalid JSON input passed to endpoint /api/modules/multi_browser"
            error 400 # Bad Request
          end
        end