Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/core/main/rest/api.rb
1154 views
1
#

2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
# Browser Exploitation Framework (BeEF) - https://beefproject.com

4
# See the file 'doc/COPYING' for copying permission

5
#

6
module BeEF

7
  module Core

8
    module Rest

9
      module RegisterHooksHandler

10
        def self.mount_handler(server)

11
          server.mount('/api/hooks', BeEF::Core::Rest::HookedBrowsers.new)

12
        end

13
      end

14


15
      module RegisterBrowserDetailsHandler

16
        def self.mount_handler(server)

17
          server.mount('/api/browserdetails', BeEF::Core::Rest::BrowserDetails.new)

18
        end

19
      end

20


21
      module RegisterModulesHandler

22
        def self.mount_handler(server)

23
          server.mount('/api/modules', BeEF::Core::Rest::Modules.new)

24
        end

25
      end

26


27
      module RegisterCategoriesHandler

28
        def self.mount_handler(server)

29
          server.mount('/api/categories', BeEF::Core::Rest::Categories.new)

30
        end

31
      end

32


33
      module RegisterLogsHandler

34
        def self.mount_handler(server)

35
          server.mount('/api/logs', BeEF::Core::Rest::Logs.new)

36
        end

37
      end

38


39
      module RegisterAdminHandler

40
        def self.mount_handler(server)

41
          server.mount('/api/admin', BeEF::Core::Rest::Admin.new)

42
        end

43
      end

44


45
      module RegisterServerHandler

46
        def self.mount_handler(server)

47
          server.mount('/api/server', BeEF::Core::Rest::Server.new)

48
        end

49
      end

50


51
      module RegisterAutorunHandler

52
        def self.mount_handler(server)

53
          server.mount('/api/autorun', BeEF::Core::Rest::AutorunEngine.new)

54
        end

55
      end

56


57
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')

58
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterBrowserDetailsHandler, BeEF::API::Server, 'mount_handler')

59
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')

60
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')

61
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')

62
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')

63
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')

64
      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAutorunHandler, BeEF::API::Server, 'mount_handler')

65


66
      #

67
      # Check the source IP is within the permitted subnet

68
      # This is from extensions/admin_ui/controllers/authentication/authentication.rb

69
      #

70
      def self.permitted_source?(ip)

71
        # test if supplied IP address is valid

72
        return false unless BeEF::Filters.is_valid_ip?(ip)

73


74
        # get permitted subnets

75
        permitted_ui_subnet = BeEF::Core::Configuration.instance.get('beef.restrictions.permitted_ui_subnet')

76
        return false if permitted_ui_subnet.nil?

77
        return false if permitted_ui_subnet.empty?

78


79
        # test if ip within subnets

80
        permitted_ui_subnet.each do |subnet|

81
          return true if IPAddr.new(subnet).include?(ip)

82
        end

83


84
        false

85
      end

86


87
      #

88
      # Rate limit through timeout

89
      # This is from extensions/admin_ui/controllers/authentication/

90
      #

91
      # Brute Force Mitigation

92
      # Only one login request per config_delay_id seconds

93
      #

94
      # @param config_delay_id <string> configuration name for the timeout

95
      # @param last_time_attempt <Time> last time this was attempted

96
      # @param time_record_set_fn <lambda> callback, setting time on failure

97
      #

98
      # @return <boolean>

99
      def self.timeout?(config_delay_id, last_time_attempt, time_record_set_fn)

100
        success = true

101
        time = Time.now

102
        config = BeEF::Core::Configuration.instance

103
        fail_delay = config.get(config_delay_id)

104


105
        if time - last_time_attempt < fail_delay.to_f

106
          time_record_set_fn.call(time)

107
          success = false

108
        end

109


110
        success

111
      end

112
    end

113
  end

114
end

115


116