Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into 3182_Resubmit_PR
Browse files Browse the repository at this point in the history
  • Loading branch information
zinduolis committed Oct 28, 2024
2 parents 3480fd3 + 4b926df commit 2cbe73a
Show file tree
Hide file tree
Showing 180 changed files with 206 additions and 197 deletions.
1 change: 1 addition & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ gem 'term-ansicolor', :require => 'term/ansicolor'
gem 'rubyzip', '~> 2.3'
gem 'espeak-ruby', '~> 1.1.0' # Text-to-Voice
gem 'rake', '~> 13.2'
gem 'activerecord', '~> 7.0'
gem 'otr-activerecord', '~> 2.2.0'
gem 'sqlite3', '~> 1.4'
gem 'rubocop', '~> 1.66.1', require: false
Expand Down
13 changes: 7 additions & 6 deletions Gemfile.lock
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
GEM
remote: https://rubygems.org/
specs:
activemodel (7.1.4)
activesupport (= 7.1.4)
activerecord (7.1.4)
activemodel (= 7.1.4)
activesupport (= 7.1.4)
activemodel (7.1.4.2)
activesupport (= 7.1.4.2)
activerecord (7.1.4.2)
activemodel (= 7.1.4.2)
activesupport (= 7.1.4.2)
timeout (>= 0.4.0)
activesupport (7.1.4)
activesupport (7.1.4.2)
base64
bigdecimal
concurrent-ruby (~> 1.0, >= 1.0.2)
Expand Down Expand Up @@ -268,6 +268,7 @@ PLATFORMS
x86_64-linux

DEPENDENCIES
activerecord (~> 7.0)
ansi (~> 1.5)
async (~> 1.32)
async-dns (~> 1.3)
Expand Down
6 changes: 3 additions & 3 deletions core/main/ar-migrations/015_create_http.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ def change
t.text :hooked_browser_id
# The http request to perform. In clear text.
t.text :request
# Boolean value as string to say whether cross-domain requests are allowed
t.boolean :allow_cross_domain, default: true
# Boolean value as string to say whether cross-origin requests are allowed
t.boolean :allow_cross_origin, default: true
# The http response body received. In clear text.
t.text :response_data
# The http response code. Useful to handle cases like 404, 500, 302, ...
Expand All @@ -26,7 +26,7 @@ def change
t.text :domain
# The port on which perform the request.
t.text :port
# Boolean value to say if the request was cross-domain
# Boolean value to say if the request was cross-origin
t.text :has_ran, default: 'waiting'
# The path of the request.
# Example: /secret.html
Expand Down
2 changes: 1 addition & 1 deletion core/main/ar-migrations/025_create_xssrays_scan.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ def change
t.datetime :scan_start
t.datetime :scan_finish
t.text :domain
t.text :cross_domain
t.text :cross_origin
t.integer :clean_timeout
t.boolean :is_started
t.boolean :is_finished
Expand Down
4 changes: 2 additions & 2 deletions core/main/client/lib/evercookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
* for example, if someone deletes all but one type of cookie, once
* that cookie is re-discovered, all of the other cookie types get reset
*
* !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
* !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
* OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
*
* USAGE:
Expand Down Expand Up @@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};
Expand Down
2 changes: 1 addition & 1 deletion core/main/client/mitb.js
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ beef.mitb = {
if (method == "GET") {
//GET request -> cross-origin
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
window.open(url);
}else { //GET request -> same-origin
beef.mitb.sniff("GET [Ajax Request]: " + url);
Expand Down
48 changes: 24 additions & 24 deletions core/main/client/net.js
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ beef.net = {
this.status_text = null; // success, timeout, error, ...
this.response_body = null; // "<html>…." if not a cross-origin request
this.port_status = null; // tcp port is open, closed or not http
this.was_cross_domain = null; // true or false
this.was_cross_origin = null; // true or false
this.was_timedout = null; // the user specified timeout was reached
this.duration = null; // how long it took for the request to complete
this.headers = null; // full response headers
Expand Down Expand Up @@ -217,11 +217,11 @@ beef.net = {
* @return {Object} this object contains the response details
*/
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain
var cross_domain = true;
//check if same origin or cross origin
var cross_origin = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443");
cross_origin = !(port == "80" || port == "443");
}
}

Expand All @@ -238,12 +238,12 @@ beef.net = {

//define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
response.was_cross_origin = cross_origin;
var start_time = new Date().getTime();

/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
* This will turn POSTs into GETs for cross origin requests.
*/
if (method == "POST") {
$j.ajaxSetup({
Expand Down Expand Up @@ -310,28 +310,28 @@ beef.net = {
/**
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback
* - allowCrossDomain: set cross-domain requests as allowed or blocked
* - allowCrossOrigin: set cross-origin requests as allowed or blocked
*
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
* Example usage:
* beef.net.forge_request("http", "POST", "172.20.40.50", 8080, "/lulz",
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
* alert(response.response_body)})
*/
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {

if (domain == "undefined" || path == "undefined") {
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
return;
}

// check if same domain or cross domain
var cross_domain = true;
// check if same origin or cross origin
var cross_origin = true;
if (document.domain == domain && document.location.protocol == scheme + ':') {
if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443");
cross_origin = !(port == "80" || port == "443");
} else {
if (document.location.port == port) cross_domain = false;
if (document.location.port == port) cross_origin = false;
}
}

Expand All @@ -348,23 +348,23 @@ beef.net = {

// define response object
var response = new this.response;
response.was_cross_domain = cross_domain;
response.was_cross_origin = cross_origin;
var start_time = new Date().getTime();

// if cross-domain requests are not allowed and the request is cross-domain
// if cross-origin requests are not allowed and the request is cross-origin
// don't proceed and return
if (allowCrossDomain == "false" && cross_domain) {
if (allowCrossOrigin == "false" && cross_origin) {
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
response.status_code = -1;
response.status_text = "crossdomain";
response.port_status = "crossdomain";
response.status_text = "crossorigin";
response.port_status = "crossorigin";
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
if (callback != null) callback(response, requestid);
return response;
}

// if the request was cross-domain from a HTTPS origin to HTTP
// if the request was cross-origin from a HTTPS origin to HTTP
// don't proceed and return
if (document.location.protocol == 'https:' && scheme == 'http') {
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
Expand All @@ -379,7 +379,7 @@ beef.net = {

/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
* This will turn POSTs into GETs for cross origin requests.
*/
if (method == "POST") {
$j.ajaxSetup({
Expand Down Expand Up @@ -432,10 +432,10 @@ beef.net = {
},

complete: function (xhr, textStatus) {
// cross-domain request
if (cross_domain) {
// cross-origin request
if (cross_origin) {

response.port_status = "crossdomain";
response.port_status = "crossorigin";

if (xhr.status != 0) {
response.status_code = xhr.status;
Expand All @@ -446,7 +446,7 @@ beef.net = {
if (textStatus) {
response.status_text = textStatus;
} else {
response.status_text = "crossdomain";
response.status_text = "crossorigin";
}

if (xhr.getAllResponseHeaders()) {
Expand All @@ -460,7 +460,7 @@ beef.net = {
}

} else {
// same-domain request
// same-origin request
response.status_code = xhr.status;
response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders();
Expand Down
2 changes: 1 addition & 1 deletion core/main/client/net/requester.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ beef.net.requester = {
request = requests_array[i];
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body,
response_status_code: res.status_code,
Expand Down
4 changes: 2 additions & 2 deletions core/main/client/net/xssrays.js
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ beef.net.xssrays = {
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
search:url.search, type: 'url'});//scan each link & param
} else {
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString());
beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
beef.debug('\nlocation :' + location.hostname.toString());
}
}
Expand Down Expand Up @@ -251,7 +251,7 @@ beef.net.xssrays = {
continue;
}
if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
beef.debug('location :' + this.host(location));
continue;
}
Expand Down
2 changes: 1 addition & 1 deletion core/main/configuration.rb
Original file line number Diff line number Diff line change
Expand Up @@ -256,7 +256,7 @@ def load_extensions_config
#
def load_modules_config
set('beef.module', {})
# support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
# support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
Dir.glob(module_configs) do |cf|
y = load(cf)
Expand Down
2 changes: 1 addition & 1 deletion core/main/handlers/browserdetails.rb
Original file line number Diff line number Diff line change
Expand Up @@ -549,7 +549,7 @@ def setup
end

# log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]"
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"

# add localhost as network host
if config.get('beef.extension.network.enable')
Expand Down
6 changes: 3 additions & 3 deletions core/main/router/router.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ class Router < Sinatra::Base

# @note If CORS is enabled, expose the appropriate headers
if config.get('beef.http.restful_api.allow_cors')
allowed_domains = config.get('beef.http.restful_api.cors_allowed_domains')
if allowed_domains
headers 'Access-Control-Allow-Origin' => allowed_domains
allowed_origins = config.get('beef.http.restful_api.cors_allowed_origins')
if allowed_origins
headers 'Access-Control-Allow-Origin' => allowed_origins
end
headers 'Access-Control-Allow-Methods' => 'POST, GET'

Expand Down
2 changes: 1 addition & 1 deletion docs/BeefJS.html
Original file line number Diff line number Diff line change
Expand Up @@ -558,7 +558,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/are.js.html
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.are.html
Original file line number Diff line number Diff line change
Expand Up @@ -457,7 +457,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.browser.cookie.html
Original file line number Diff line number Diff line change
Expand Up @@ -634,7 +634,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.browser.html
Original file line number Diff line number Diff line change
Expand Up @@ -30172,7 +30172,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.browser.popup.html
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.dom.html
Original file line number Diff line number Diff line change
Expand Up @@ -3679,7 +3679,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.encode.base64.html
Original file line number Diff line number Diff line change
Expand Up @@ -731,7 +731,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.encode.json.html
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.geolocation.html
Original file line number Diff line number Diff line change
Expand Up @@ -569,7 +569,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
2 changes: 1 addition & 1 deletion docs/beef.hardware.html
Original file line number Diff line number Diff line change
Expand Up @@ -2077,7 +2077,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
<br class="clear">

<footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer>

<script> prettyPrint(); </script>
Expand Down
Loading

0 comments on commit 2cbe73a

Please sign in to comment.