diff --git a/arerules/lan_cors_scan.json b/arerules/lan_cors_scan.json index d0e9a0147..1f5d1c814 100644 --- a/arerules/lan_cors_scan.json +++ b/arerules/lan_cors_scan.json @@ -16,7 +16,8 @@ "options": { "ipRange":"<>", "ports":"80,8080", - "threads":"5" + "threads":"3", + "timeout":"15" } } ], diff --git a/modules/debug/test_cors_request/command.js b/modules/debug/test_cors_request/command.js index 23f366bbd..f827017e5 100644 --- a/modules/debug/test_cors_request/command.js +++ b/modules/debug/test_cors_request/command.js @@ -9,8 +9,9 @@ beef.execute(function() { var method = "<%= @method %>"; var url = "<%= @url %>"; var data = "<%= @data %>"; + var timeout = 15000; - beef.net.cors.request(method, url, data, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); }); + beef.net.cors.request(method, url, data, timeout, function(response) { beef.net.send("<%= @command_url %>", <%= @command_id %>, "response="+JSON.stringify(response)); }); }); diff --git a/modules/network/cross_origin_scanner_cors/command.js b/modules/network/cross_origin_scanner_cors/command.js index 723eb5a67..e13de990f 100644 --- a/modules/network/cross_origin_scanner_cors/command.js +++ b/modules/network/cross_origin_scanner_cors/command.js @@ -10,6 +10,7 @@ beef.execute(function() { var ipRange = "<%= @ipRange %>"; var ports = "<%= @ports %>"; var threads = "<%= @threads %>"; + var timeout = <%= @timeout %>*1000; var wait = 2; if(!beef.browser.hasCors()) { @@ -105,7 +106,7 @@ beef.execute(function() { for (var p=0; p < ports.length; p++) { var url = proto + '://' + ips[i] + ':' + ports[p]; worker.queue('beef.net.cors.request(' + - '"GET", "'+url+'", "", function(response) {' + + '"GET", "'+url+'", "", '+timeout+', function(response) {' + 'if (response != null && response["status"] != 0) {' + 'beef.debug("[Cross-Origin Scanner] Received response from '+url+': " + JSON.stringify(response));' + 'var title = response["body"].match("(.*?)<\\/title>"); if (title != null) title = title[1];' + diff --git a/modules/network/cross_origin_scanner_cors/module.rb b/modules/network/cross_origin_scanner_cors/module.rb index 932f97e0c..1ee93fb6a 100644 --- a/modules/network/cross_origin_scanner_cors/module.rb +++ b/modules/network/cross_origin_scanner_cors/module.rb @@ -34,7 +34,8 @@ class Cross_origin_scanner_cors < BeEF::Core::Command return [ {'name' => 'ipRange', 'ui_label' => 'Scan IP range (C class)', 'value' => '192.168.0.1-192.168.0.254'}, {'name' => 'ports', 'ui_label' => 'Ports', 'value' => '80,8080'}, - {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '5'} + {'name' => 'threads', 'ui_label' => 'Workers', 'value' => '3'}, + {'name' => 'timeout', 'ui_label' => 'Timeout for each request (s)', 'value' => '15'} ] end