Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06899ca267cb441872af8b410db8a90d3914c787
beef/extensions/admin_ui/classes/httpcontroller.rb
Wade Alcorn 06899ca267 Year updated from 2011 to 2012
2011-12-31 22:24:36 +10:00

118 lines
4.2 KiB
Ruby
Raw Blame History

#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module AdminUI
#
# Handle HTTP requests and call the relevant functions in the derived classes
#
class HttpController
attr_accessor :headers, :status, :body, :paths, :currentuser, :params
C = BeEF::Core::Models::Command
CM = BeEF::Core::Models::CommandModule
Z = BeEF::Core::Models::HookedBrowser
#
# Class constructor. Takes data from the child class and populates itself with it.
#
def initialize(data = {})
@erubis = nil
@status = 200 if data['status'].nil?
@headers = {'Content-Type' => 'text/html; charset=UTF-8'} if data['headers'].nil?
if data['paths'].nil? and self.methods.include? "index"
@paths = {'index' => '/'}
else
@paths = data['paths']
end
end
#
# Handle HTTP requests and call the relevant functions in the derived classes
#
def run(request, response)
@request = request
@params = request.params
@session = BeEF::Extension::AdminUI::Session.instance
auth_url = '/ui/authentication'
# test if session is unauth'd and whether the auth functionality is requested
if not @session.valid_session?(@request) and not self.class.eql?(BeEF::Extension::AdminUI::Controllers::Authentication)
@body = ''
@status = 302
@headers = {'Location' => auth_url}
return
end
# get the mapped function (if it exists) from the derived class
path = request.path_info
(print_error "path is invalid";return) if not BeEF::Filters.is_valid_path_info?(path)
function = @paths[path] || @paths[path + '/'] # check hash for '<path>' and '<path>/'
(print_error "path does not exist";return) if function.nil?
# call the relevant mapped function
function.call
# build the template filename and apply it - if the file exists
function_name = function.name # used for filename
class_s = self.class.to_s.sub('BeEF::Extension::AdminUI::Controllers::', '').downcase # used for directory name
template_ui = "#{$root_dir}/extensions/admin_ui/controllers/#{class_s}/#{function_name}.html"
@eruby = Erubis::FastEruby.new(File.read(template_ui)) if File.exists? template_ui # load the template file
@body = @eruby.result(binding()) if not @eruby.nil? # apply template and set the response
# set appropriate content-type 'application/json' for .json files
@headers['Content-Type']='application/json; charset=UTF-8' if request.path =~ /\.json$/
# set content type
if @headers['Content-Type'].nil?
@headers['Content-Type']='text/html; charset=UTF-8' # default content and charset type for all pages
@headers['Content-Type']='application/json; charset=UTF-8' if request.path =~ /\.json$/
end
end
# Constructs a redirect script
def script_redirect(location) "<script> document.location=\"#{location}\"</script>" end
# Constructs a html script tag
def script_tag(filename) "<script src=\"#{$url}/ui/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
# Constructs a html stylesheet tag
def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}/ui/media/css/#{filename}\" type=\"text/css\" />" end
# Constructs a hidden html nonce tag
def nonce_tag
@session = BeEF::Extension::AdminUI::Session.instance
"<input type=\"hidden\" name=\"nonce\" id=\"nonce\" value=\"" + @session.get_nonce + "\"/>"
end
private
@eruby
# Unescapes a URL-encoded string.
def unescape(s); s.tr('+', ' ').gsub(/%([\da-f]{2})/in){[$1].pack('H*')} end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink