Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b68df3d024ef1b09d4c7f94a3bd72aa461d9f6e7
beef/extensions/xssrays/controllers/xssrays.rb
Wade Alcorn b68df3d024 Changed license header
2012-11-02 14:05:15 +10:00

118 lines
4.3 KiB
Ruby
Raw Blame History

#
# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension
module AdminUI
module Controllers
class Xssrays < BeEF::Extension::AdminUI::HttpController
HB = BeEF::Core::Models::HookedBrowser
XS = BeEF::Core::Models::Xssraysscan
XD = BeEF::Core::Models::Xssraysdetail
# default values from config file, when XssRays is started right-clicking the zombie in the HB tree
CLEAN_TIMEOUT = BeEF::Core::Configuration.instance.get("beef.extension.xssrays.clean_timeout")
CROSS_DOMAIN = BeEF::Core::Configuration.instance.get("beef.extension.xssrays.cross_domain")
def initialize
super({
'paths' => {
'/set_scan_target' => method(:set_scan_target),
'/zombie.json' => method(:get_xssrays_logs),
'/createNewScan' => method(:create_new_scan)
}
})
end
# called by the UI when rendering xssrays_details table content in the XssRays zombie tab
def get_xssrays_logs
# validate nonce
nonce = @params['nonce'] || nil
(print_error "nonce is nil";return @body = {'success' => 'false'}.to_json) if nonce.nil?
(print_error "nonce incorrect";return @body = {'success' => 'false'}.to_json) if @session.get_nonce != nonce
# validate that the hooked browser's session has been sent
zombie_session = @params['zombie_session'] || nil
(print_error "Zombie session is nil";return @body = {'success' => 'false'}.to_json) if zombie_session.nil?
# validate that the hooked browser exists in the db
zombie = Z.first(:session => zombie_session) || nil
(print_error "Invalid hooked browser session";return @body = {'success' => 'false'}.to_json) if zombie.nil?
logs = []
BeEF::Core::Models::Xssraysdetail.all(:hooked_browser_id => zombie.id).each{|log|
logs << {
'id' => log.id,
'vector_method' => log.vector_method,
'vector_name' => log.vector_name,
'vector_poc' => log.vector_poc
}
}
@body = {'success' => 'true', 'logs' => logs}.to_json
end
# called by the UI. needed to pass the hooked browser ID/session and store a new scan in the DB.
# This is called when right-clicking the hooked browser from the tree. Default config options are read from config.yaml
def set_scan_target
hooked_browser = HB.first(:session => @params['hb_id'].to_s)
if(hooked_browser != nil)
xssrays_scan = XS.new(
:hooked_browser_id => hooked_browser.id,
:scan_start => Time.now,
:domain => hooked_browser.domain,
:cross_domain => CROSS_DOMAIN, #check also cross-domain URIs found by the spider
:clean_timeout => CLEAN_TIMEOUT #check also cross-domain URIs found by the spider
)
xssrays_scan.save
print_info("[XSSRAYS] Starting XSSRays [ip:#{hooked_browser.ip.to_s}], hooked domain [#{hooked_browser.domain.to_s}]")
end
end
# called by the UI, in the XssRays zombie tab
# Needed if we want to start a scan overriding default scan parameters without rebooting BeEF
def create_new_scan
hooked_browser = HB.first(:session => @params['zombie_session'].to_s)
if(hooked_browser != nil)
# set Cross-domain settings
cross_domain = @params['cross_domain']
if cross_domain.nil? or cross_domain.empty?
cross_domain = CROSS_DOMAIN
else
cross_domain = true
end
print_debug("[XSSRAYS] Setting scan cross_domain to #{cross_domain}")
# set Clean-timeout settings
clean_timeout = @params['clean_timeout']
if clean_timeout.nil? or clean_timeout.empty?
clean_timeout = CLEAN_TIMEOUT
end
print_debug("[XSSRAYS] Setting scan clean_timeout to #{clean_timeout}")
xssrays_scan = XS.new(
:hooked_browser_id => hooked_browser.id,
:scan_start => Time.now,
:domain => hooked_browser.domain,
:cross_domain => cross_domain, #check also cross-domain URIs found by the crawler
:clean_timeout => clean_timeout #how long to wait before removing the iFrames from the DOM (5000ms default)
)
xssrays_scan.save
print_info("[XSSRAYS] Starting XSSRays [ip:#{hooked_browser.ip.to_s}], hooked domain [#{hooked_browser.domain.to_s}]")
end
end
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink