Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,072 Commits 14 Branches 34 Tags
bca9eccdf03520d738e976d4474a48bb3ffeadd9
Commit Graph

73 Commits

Author SHA1 Message Date
soh_cah_toa
bca9eccdf0 Implemented GET ruleset, rule, and POST rule handlers. 
Many filter checks were removed because the new DNS extension performs
validation before performing any database operation.

Modified message for InvalidParamError to be more modular.
 2014-04-24 16:40:19 -04:00
soh_cah_toa
94fc2805d1 Added ID filter checks to #get_rule. 
This is ensures that ID validation occurs when using either the Ruby API
or the RESTful API. Previously, validation was only done for the
RESTful API.
 2014-04-24 16:36:44 -04:00
soh_cah_toa
7b229a2a20 Added new #validate_pattern method. 
Uses BeEF::Filters to ensure that empty, null, and non-printable
patterns are tossed out. Added new InvalidDnsPatternError exception
class to handle these cases.

Renamed #validate_response to #format_callback since the name is more
appropriate.
 2014-04-24 14:26:37 -04:00
soh_cah_toa
ad25c49b2d Refactored IP filters into parameterized #is_valid_ip?. 
Using parameterized methods is better structured coding style rather
than defining multiple similarly-behaved methods.

annex_region('crimea') # good
vs.
annex_crimea # bad
 2014-04-24 13:11:00 -04:00
soh_cah_toa
e791fca8a9 Updated #validate_response to use BeEF::Filters. 2014-04-23 18:07:27 -04:00
soh_cah_toa
6385ddf85b Changed data type of :callback property to Object. 
Using String was sufficient but this way is more consistent.
 2014-04-23 16:50:47 -04:00
soh_cah_toa
bd9891dc4d Implemented #validate_response method in Dns::Rule. 
Perhaps the ugliest part of the DNS extension, it is also the most
crucial. This method ensures that a given resource and response are
appropriate for each other. It must also prevent RCE vulns since the
input is eval'd later on.

However, HINFO, MINFO, and especially TXT validation is not strict
enough. These three need to be reviewed scrupulously since a 100%
anti-RCE solution may prove to be difficult.
 2014-04-23 16:39:26 -04:00
soh_cah_toa
53a54de5fe Added @database to Dns::Server as a model reference. 2014-04-23 16:36:16 -04:00
soh_cah_toa
3029d3cea8 Implemented #process method that handles requests. 
The DNS server now searches for matching rules and sends its response
when handling incoming requests. However, all rules are still assigned
the same callback for the moment.
 2014-04-23 13:28:34 -04:00
soh_cah_toa
0dd9c193ec Appended ! to #remove_rule and #remove_ruleset. 
Adhering to the Ruby convention, this indicates that these methods
mutate the receiver and, therefore, should be considered dangerous.
 2014-04-23 12:53:41 -04:00
soh_cah_toa
2303851498 Implemented #remove_ruleset method. 2014-04-23 12:50:42 -04:00
soh_cah_toa
56c686de64 Implemented #get_ruleset method. 
Also refactored #get_rule to use new #to_hash helper method since
 2014-04-23 12:42:39 -04:00
soh_cah_toa
ed986e4ed5 Implemented #remove_rule method. 2014-04-23 12:07:59 -04:00
soh_cah_toa
b345da0203 Implemented #get_rule method. 2014-04-23 12:00:23 -04:00
soh_cah_toa
007f6302df Re-implemented #generate_id in Core::Main::Crypto. 
This is a better home for it since that is where other OpenSSL
crypto/token generator methods reside.
 2014-04-23 11:41:11 -04:00
soh_cah_toa
861d66207d Implemented new Rule model and #add_rule method. 2014-04-23 11:27:49 -04:00
soh_cah_toa
7386a7708b Changed Dns::Server to use RubyDNS 0.7.x API. 
At this point, it is just a prototype that resolves any request to
1.1.1.1.
 2014-04-23 11:14:35 -04:00
soh_cah_toa
f4d3858af6 Removed unneeded files in ruby/ subdirectory. 
Changed Logger overrides to disable logging instead of using BeEF's
print_* methods. RubyDNS logging is too verbose. The DNS extension will
perform debug logging on its own.
 2014-04-22 22:56:21 -04:00
soh_cah_toa
d4ba3ec98c Re-enabled DNS extension in config files. 2014-04-22 22:50:31 -04:00
antisnatchor
8f4f51874d Fixed issues with the DNS server RESTful API. Now it works. 2014-03-06 17:11:27 +00:00
bcoles
3494542b54 Make upstream DNS server configurable 2014-03-04 00:56:41 +10:30
antisnatchor
91fa8f4e63 Various fixes for the DNS extension code. 2014-03-02 16:05:57 +00:00
antisnatchor
39e672f420 Fixed 2 RCE bugs in the DNS extension code (unsafe eval calls). 2014-03-02 15:43:36 +00:00
antisnatchor
ec9cf4d460 Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:56:33 +00:00
soh_cah_toa
9d4ea6c224 Fixed issue mentioned in FIXME comment in RubyDNS::Server#match. 
Changed 'block.class.name' to just 'block' in case/when clause.
 2013-07-22 22:42:27 -04:00
soh_cah_toa
b2aed14234 Added regex support to #add_rule (tests included). 
Due to strange behavior in Sourcify, the /.../ literal syntax cannot
be used as a parameter; only %r{} or Regexp::new. There is a note
for this in the documentation for #add_rule.
 2013-07-22 22:37:39 -04:00
soh_cah_toa
6a62cf9eaa Added public attributes 'address' and 'port' to Dns::Server. 
This removes the need to search config.yaml for the address:port.
Also included unit tests.
 2013-07-19 22:33:40 -04:00
soh_cah_toa
8d961c1938 Added support for rules that fail to resolve (e.g. NXDOMAIN). 
Included unit tests.
 2013-07-19 22:15:25 -04:00
soh_cah_toa
95d0ddbe87 Added new method #remove_ruleset that clears the entire DNS ruleset. 
Included unit tests as well.
 2013-07-17 18:16:46 -04:00
soh_cah_toa
ebbadba6dd Improved #run_server to check if EM reactor is already running. 
Also moved Thread creation to inside #run_server instead of
forcing caller to do so.
 2013-07-14 23:27:21 -04:00
soh_cah_toa
e775748603 Added more tests for GET /api/dns/rule/:id with invalid input. 
Also changed handler to return 404 when rule isn't found.
 2013-06-08 21:58:28 -04:00
soh_cah_toa
3b58518cfd Added tests for GET /api/dns/rule/:id handler. 
Fixed #parse_response so that these tests pass.
 2013-06-08 19:04:42 -04:00
soh_cah_toa
eccbdd6958 Added tests for AAAA, CNAME, HINFO, MINFO, and MX RR types. 
Also fixed #format_response to properly format MS records.
 2013-06-07 18:32:29 -04:00
soh_cah_toa
6901581ae7 Moved #format_response call to before when RR type is evaled. 
Since #format_response throws an exception for unknown RR types,
calling it first will ensure bad Resolv::DNS::Resource names will
never be evaled.
 2013-06-06 22:59:54 -04:00
soh_cah_toa
09ec09601e Changed hash key syntax from previous commit. 
Besides being consistent, Sinatra actually requires the string
syntax.
 2013-06-05 18:33:08 -04:00
soh_cah_toa
fc6f0aface Changed DELETE handler to return JSON "success" key. 
Prior to this, nothing was returned. This will allow users to
determine whether or not a rule was removed as expected.
 2013-06-05 18:29:18 -04:00
soh_cah_toa
89a5d6fdbb Modified #remove_rule to return a boolean value. 
This is will soon allow the DELETE handler to indicate success
or failure.
 2013-06-05 18:20:48 -04:00
soh_cah_toa
6c61b39d81 Changed 401 status to 403 in filter for non-permitted IP's. 
403 Forbidden is more appropriate since 401 Unauthorized only
indicates that authentication is needed. In the case of a bad IP,
authentication will make no difference which is exactly what 403 is
meant for.
 2013-06-05 17:09:09 -04:00
soh_cah_toa
80ab665054 Added new InvalidParamError class for handling bad named parameters. 
Previously, InvalidJsonError was being used mistakenly for this which
is misleading considering no JSON was involved.
 2013-06-05 16:56:05 -04:00
soh_cah_toa
e56494d486 Renamed /rules GET route to /ruleset for the sake of consistency. 
Also added new "count" key to result that lists the number of rules.
 2013-06-05 16:30:24 -04:00
soh_cah_toa
2f5133e11a Changed GET handlers to return recently fixed rule data. 
Also wrapped all handlers in a begin/end block that catches
internal StandardError exceptions.
 2013-06-05 15:56:33 -04:00
soh_cah_toa
44622345d0 s/DNS/Dns/g since that is the BeEF style convention. 2013-06-03 17:55:58 -04:00
soh_cah_toa
0f8221918b Improved coding style (a la ruby-style-guide and rubocop). 
Because I'm too tired to start testing and need a little victory. ;)
 2013-06-03 00:11:41 -04:00
soh_cah_toa
c8c9e1e139 Reimplemented POST handler to avoid unsafe use of #eval. 
Now the desired response is passed an array. Each RR type is handled
specially to craft the necessary response.
 2013-06-02 22:40:58 -04:00
soh_cah_toa
998980b566 Fixed case-statement in #match that prevented adding rules locally. 2013-06-02 22:23:27 -04:00
soh_cah_toa
7f4562945a Added new InvalidJsonError class for handling errors in JSON input. 
This is better practice than just (ab)using StandardError.
 2013-05-26 23:46:37 -04:00
soh_cah_toa
38284d5eaa Implemented DELETE handler for removing DNS rules. 2013-05-26 23:26:58 -04:00
soh_cah_toa
27b1b530ef Implemented POST handler for /api/dns/rule which adds a new rule. 
A host of other changes got roped into this as well. #match now
silently handles blocks passed as a String in order to handle
the 'block' JSON parameter. This is because sourcify doesn't
work with eval'd data.

Rule id's are no longer incremental integers. It's now a 7-character
"token" generated from #secure_token and is managed by the RubyDNS
module.
 2013-05-26 22:44:11 -04:00
soh_cah_toa
c6f38324d1 Refactored #get_ruleset to be part of RubyDNS. 
All database logic should be inside RubyDNS since BeEF's DNS class
is mostly just a wrapper around it.
 2013-05-18 21:00:22 -04:00
soh_cah_toa
054767c898 Added RESTful API route for /api/dns/rule/:id. 
This will return a single rule given its unique id.
 2013-05-17 23:02:40 -04:00