Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca8d83ffad7ddf815051915c435a58a21e875bf1
beef/lib/server/requesterhandler.rb
wade@bindshell.net c4e07ff66d minor update: typo 
git-svn-id: https://beef.googlecode.com/svn/trunk@659 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-01-03 04:39:33 +00:00

65 lines
2.1 KiB
Ruby
Raw Blame History

module BeEF
#
# The http handler that manages the Requester.
#
class RequesterHandler < WEBrick::HTTPServlet::AbstractServlet
attr_reader :guard
H = BeEF::Models::Http
Z = BeEF::Models::Zombie
#
# Class constructor
#
def initialize(config)
# we set up a mutex
@guard = Mutex.new
end
#
# This function receives any POST http requests. We only
# allow the hooked browser to send back results using POST.
#
def do_POST(request, response)
# validates the hook token
beef_hook = request.query['BEEFHOOK'] || nil
raise WEBrick::HTTPStatus::BadRequest, "beef_hook is null" if beef_hook.nil?
# validates the request id
request_id = request.query['id'] || nil
raise WEBrick::HTTPStatus::BadRequest, "request_id is null" if request_id.nil?
# validates that a hooked browser with the beef_hook token exists in the db
zombie_db = Z.first(:session => beef_hook) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid beef hook id: the hooked browser cannot be found in the database" if zombie_db.nil?
# validates that we have such a http request saved in the db
http_db = H.first(:id => request_id.to_i, :zombie_id => zombie_db.id) || nil
raise WEBrick::HTTPStatus::BadRequest, "Invalid http_db: no such request found in the database" if http_db.nil?
# validates that the http request has not be ran before
raise WEBrick::HTTPStatus::BadRequest, "This http request has been saved before" if http_db.has_ran.eql? true
# validates the body
body = request.query['body'] || nil
raise WEBrick::HTTPStatus::BadRequest, "body is null" if body.nil?
@guard.synchronize {
# save the results in the database
http_db.response = body
http_db.has_ran = true
http_db.save
}
response.set_no_cache()
response.header['Content-Type'] = 'text/javascript'
response.header['Access-Control-Allow-Origin'] = '*'
response.header['Access-Control-Allow-Methods'] = 'POST'
response.body = ''
end
end
end
Reference in New Issue View Git Blame Copy Permalink