Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,384 Commits 14 Branches 34 Tags
6f56f00a18da2217bcae1082cdcd920481fab13d
Commit Graph

26 Commits

Author SHA1 Message Date
Wade Alcorn
2fbca61368 Updated copyright dates 2014-12-30 07:44:58 +10:00
soh_cah_toa
1d5afbb81e Added Dns::Server attribute to DNS REST router. 
This is primarily intended to add clarity by reducing clutter. Moreover,
it also has the side effect of improving performance very slightly by
removing the overhead of calling #instance numerous times.
 2014-04-25 10:14:05 -04:00
soh_cah_toa
acc6114541 Re-implemented DELETE /rule/:id handler for new API. 
Removed old #format_response method since this is now handled by the
Rule model.
 2014-04-24 23:35:21 -04:00
soh_cah_toa
bca9eccdf0 Implemented GET ruleset, rule, and POST rule handlers. 
Many filter checks were removed because the new DNS extension performs
validation before performing any database operation.

Modified message for InvalidParamError to be more modular.
 2014-04-24 16:40:19 -04:00
antisnatchor
8f4f51874d Fixed issues with the DNS server RESTful API. Now it works. 2014-03-06 17:11:27 +00:00
antisnatchor
91fa8f4e63 Various fixes for the DNS extension code. 2014-03-02 16:05:57 +00:00
antisnatchor
39e672f420 Fixed 2 RCE bugs in the DNS extension code (unsafe eval calls). 2014-03-02 15:43:36 +00:00
antisnatchor
ec9cf4d460 Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:56:33 +00:00
soh_cah_toa
e775748603 Added more tests for GET /api/dns/rule/:id with invalid input. 
Also changed handler to return 404 when rule isn't found.
 2013-06-08 21:58:28 -04:00
soh_cah_toa
eccbdd6958 Added tests for AAAA, CNAME, HINFO, MINFO, and MX RR types. 
Also fixed #format_response to properly format MS records.
 2013-06-07 18:32:29 -04:00
soh_cah_toa
6901581ae7 Moved #format_response call to before when RR type is evaled. 
Since #format_response throws an exception for unknown RR types,
calling it first will ensure bad Resolv::DNS::Resource names will
never be evaled.
 2013-06-06 22:59:54 -04:00
soh_cah_toa
09ec09601e Changed hash key syntax from previous commit. 
Besides being consistent, Sinatra actually requires the string
syntax.
 2013-06-05 18:33:08 -04:00
soh_cah_toa
fc6f0aface Changed DELETE handler to return JSON "success" key. 
Prior to this, nothing was returned. This will allow users to
determine whether or not a rule was removed as expected.
 2013-06-05 18:29:18 -04:00
soh_cah_toa
6c61b39d81 Changed 401 status to 403 in filter for non-permitted IP's. 
403 Forbidden is more appropriate since 401 Unauthorized only
indicates that authentication is needed. In the case of a bad IP,
authentication will make no difference which is exactly what 403 is
meant for.
 2013-06-05 17:09:09 -04:00
soh_cah_toa
80ab665054 Added new InvalidParamError class for handling bad named parameters. 
Previously, InvalidJsonError was being used mistakenly for this which
is misleading considering no JSON was involved.
 2013-06-05 16:56:05 -04:00
soh_cah_toa
e56494d486 Renamed /rules GET route to /ruleset for the sake of consistency. 
Also added new "count" key to result that lists the number of rules.
 2013-06-05 16:30:24 -04:00
soh_cah_toa
2f5133e11a Changed GET handlers to return recently fixed rule data. 
Also wrapped all handlers in a begin/end block that catches
internal StandardError exceptions.
 2013-06-05 15:56:33 -04:00
soh_cah_toa
44622345d0 s/DNS/Dns/g since that is the BeEF style convention. 2013-06-03 17:55:58 -04:00
soh_cah_toa
0f8221918b Improved coding style (a la ruby-style-guide and rubocop). 
Because I'm too tired to start testing and need a little victory. ;)
 2013-06-03 00:11:41 -04:00
soh_cah_toa
c8c9e1e139 Reimplemented POST handler to avoid unsafe use of #eval. 
Now the desired response is passed an array. Each RR type is handled
specially to craft the necessary response.
 2013-06-02 22:40:58 -04:00
soh_cah_toa
7f4562945a Added new InvalidJsonError class for handling errors in JSON input. 
This is better practice than just (ab)using StandardError.
 2013-05-26 23:46:37 -04:00
soh_cah_toa
38284d5eaa Implemented DELETE handler for removing DNS rules. 2013-05-26 23:26:58 -04:00
soh_cah_toa
27b1b530ef Implemented POST handler for /api/dns/rule which adds a new rule. 
A host of other changes got roped into this as well. #match now
silently handles blocks passed as a String in order to handle
the 'block' JSON parameter. This is because sourcify doesn't
work with eval'd data.

Rule id's are no longer incremental integers. It's now a 7-character
"token" generated from #secure_token and is managed by the RubyDNS
module.
 2013-05-26 22:44:11 -04:00
soh_cah_toa
c6f38324d1 Refactored #get_ruleset to be part of RubyDNS. 
All database logic should be inside RubyDNS since BeEF's DNS class
is mostly just a wrapper around it.
 2013-05-18 21:00:22 -04:00
soh_cah_toa
054767c898 Added RESTful API route for /api/dns/rule/:id. 
This will return a single rule given its unique id.
 2013-05-17 23:02:40 -04:00
soh_cah_toa
c70037f9f4 Began adding support for RESTful API beginning with /api/dns/rules. 2013-05-17 18:25:22 -04:00