Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,031 Commits 14 Branches 34 Tags
4e3f0366bf4ebe0532012dc2d73d2e2e04e38ca1
Commit Graph

22 Commits

Author SHA1 Message Date
antisnatchor
8f4f51874d Fixed issues with the DNS server RESTful API. Now it works. 2014-03-06 17:11:27 +00:00
antisnatchor
91fa8f4e63 Various fixes for the DNS extension code. 2014-03-02 16:05:57 +00:00
antisnatchor
39e672f420 Fixed 2 RCE bugs in the DNS extension code (unsafe eval calls). 2014-03-02 15:43:36 +00:00
antisnatchor
ec9cf4d460 Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:56:33 +00:00
soh_cah_toa
e775748603 Added more tests for GET /api/dns/rule/:id with invalid input. 
Also changed handler to return 404 when rule isn't found.
 2013-06-08 21:58:28 -04:00
soh_cah_toa
eccbdd6958 Added tests for AAAA, CNAME, HINFO, MINFO, and MX RR types. 
Also fixed #format_response to properly format MS records.
 2013-06-07 18:32:29 -04:00
soh_cah_toa
6901581ae7 Moved #format_response call to before when RR type is evaled. 
Since #format_response throws an exception for unknown RR types,
calling it first will ensure bad Resolv::DNS::Resource names will
never be evaled.
 2013-06-06 22:59:54 -04:00
soh_cah_toa
09ec09601e Changed hash key syntax from previous commit. 
Besides being consistent, Sinatra actually requires the string
syntax.
 2013-06-05 18:33:08 -04:00
soh_cah_toa
fc6f0aface Changed DELETE handler to return JSON "success" key. 
Prior to this, nothing was returned. This will allow users to
determine whether or not a rule was removed as expected.
 2013-06-05 18:29:18 -04:00
soh_cah_toa
6c61b39d81 Changed 401 status to 403 in filter for non-permitted IP's. 
403 Forbidden is more appropriate since 401 Unauthorized only
indicates that authentication is needed. In the case of a bad IP,
authentication will make no difference which is exactly what 403 is
meant for.
 2013-06-05 17:09:09 -04:00
soh_cah_toa
80ab665054 Added new InvalidParamError class for handling bad named parameters. 
Previously, InvalidJsonError was being used mistakenly for this which
is misleading considering no JSON was involved.
 2013-06-05 16:56:05 -04:00
soh_cah_toa
e56494d486 Renamed /rules GET route to /ruleset for the sake of consistency. 
Also added new "count" key to result that lists the number of rules.
 2013-06-05 16:30:24 -04:00
soh_cah_toa
2f5133e11a Changed GET handlers to return recently fixed rule data. 
Also wrapped all handlers in a begin/end block that catches
internal StandardError exceptions.
 2013-06-05 15:56:33 -04:00
soh_cah_toa
44622345d0 s/DNS/Dns/g since that is the BeEF style convention. 2013-06-03 17:55:58 -04:00
soh_cah_toa
0f8221918b Improved coding style (a la ruby-style-guide and rubocop). 
Because I'm too tired to start testing and need a little victory. ;)
 2013-06-03 00:11:41 -04:00
soh_cah_toa
c8c9e1e139 Reimplemented POST handler to avoid unsafe use of #eval. 
Now the desired response is passed an array. Each RR type is handled
specially to craft the necessary response.
 2013-06-02 22:40:58 -04:00
soh_cah_toa
7f4562945a Added new InvalidJsonError class for handling errors in JSON input. 
This is better practice than just (ab)using StandardError.
 2013-05-26 23:46:37 -04:00
soh_cah_toa
38284d5eaa Implemented DELETE handler for removing DNS rules. 2013-05-26 23:26:58 -04:00
soh_cah_toa
27b1b530ef Implemented POST handler for /api/dns/rule which adds a new rule. 
A host of other changes got roped into this as well. #match now
silently handles blocks passed as a String in order to handle
the 'block' JSON parameter. This is because sourcify doesn't
work with eval'd data.

Rule id's are no longer incremental integers. It's now a 7-character
"token" generated from #secure_token and is managed by the RubyDNS
module.
 2013-05-26 22:44:11 -04:00
soh_cah_toa
c6f38324d1 Refactored #get_ruleset to be part of RubyDNS. 
All database logic should be inside RubyDNS since BeEF's DNS class
is mostly just a wrapper around it.
 2013-05-18 21:00:22 -04:00
soh_cah_toa
054767c898 Added RESTful API route for /api/dns/rule/:id. 
This will return a single rule given its unique id.
 2013-05-17 23:02:40 -04:00
soh_cah_toa
c70037f9f4 Began adding support for RESTful API beginning with /api/dns/rules. 2013-05-17 18:25:22 -04:00