Path: blob/master/extensions/admin_ui/classes/session.rb
1154 views
#1# Copyright (c) 2006-2025 Wade Alcorn - [email protected]2# Browser Exploitation Framework (BeEF) - https://beefproject.com3# See the file 'doc/COPYING' for copying permission4#5module BeEF6module Extension7module AdminUI8#9# The session for BeEF UI.10#11class Session12include Singleton1314attr_reader :ip, :id, :nonce, :auth_timestamp1516def initialize17set_logged_out18@auth_timestamp = Time.new19end2021#22# set the session logged in23#24def set_logged_in(ip)25@id = BeEF::Core::Crypto.secure_token26@nonce = BeEF::Core::Crypto.secure_token27@ip = ip28end2930#31# set the session logged out32#33def set_logged_out34@id = nil35@nonce = nil36@ip = nil37end3839#40# set teh auth_timestamp41#42def set_auth_timestamp(time)43@auth_timestamp = time44end4546#47# return the session id48#49def get_id50@id51end5253#54# return the nonce55#56def get_nonce57@nonce58end5960#61# return the auth_timestamp62#63def get_auth_timestamp64@auth_timestamp65end6667#68# Check if nonce valid69#70def valid_nonce?(request)71# check if a valid session72return false unless valid_session?(request)73return false if @nonce.nil?74return false unless request.post?7576# get nonce from request77request_nonce = request['nonce']78return false if request_nonce.nil?7980# verify nonce81request_nonce.eql? @nonce82end8384#85# Check if a session valid86#87def valid_session?(request)88# check if a valid session exists89return false if @id.nil?90return false if @ip.nil?9192# check ip address matches93return false unless @ip.to_s.eql? request.ip9495# get session cookie name from config96session_cookie_name = BeEF::Core::Configuration.instance.get('beef.extension.admin_ui.session_cookie_name')9798# check session id matches99request.cookies.each do |cookie|100return true if (cookie[0].to_s.eql? session_cookie_name) and (cookie[1].eql? @id)101end102request103104# not a valid session105false106end107end108end109end110end111112113