Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
beefproject
GitHub Repository: beefproject/beef
 Path: blob/master/extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js
1155 views
1
//

2
// Copyright (c) 2006-2025 Wade Alcorn - [email protected]

3
// Browser Exploitation Framework (BeEF) - https://beefproject.com

4
// See the file 'doc/COPYING' for copying permission

5
//

6


7
/*

8
 * The XssRays Tab panel for the selected zombie.

9
 */

10


11
ZombieTab_XssRaysTab = function(zombie) {

12
  var commands_statusbar = new Beef_StatusBar('xssrays-bbar-zombie-'+zombie.session);

13
  var req_pagesize = 30;

14


15
  // RESTful API token

16
  var token = BeefWUI.get_rest_token();

17


18
  var xssrays_config_panel = new Ext.Panel({

19
    id: 'xssrays-config-zombie-'+zombie.session,

20
    title: 'Scan Config',

21
    layout: 'fit'

22
  });

23


24
  var xssrays_logs_store = new Ext.ux.data.PagingJsonStore({

25
    storeId: 'xssrays-logs-store-zombie-' + zombie.session,

26
    remoteSort: false,

27
    autoDestroy: true,

28
    autoLoad: false,

29
    proxy: new Ext.data.HttpProxy({

30
      method: 'GET',

31
      url: '/api/xssrays/rays/' + zombie.session + '?token=' + token

32
    }),

33
    root: 'rays',

34
    fields: ['id', 'vector_method', 'vector_name', 'vector_poc'],

35
    sortInfo: {field: 'id', direction: 'DESC'},

36
  });

37


38
  var xssrays_logs_bbar = new Ext.PagingToolbar({

39
    pageSize: req_pagesize,

40
    store: xssrays_logs_store,

41
    displayInfo: true,

42
    displayMsg: 'Displaying history {0} - {1} of {2}',

43
    emptyMsg: 'No history to display'

44
  });

45


46
  var xssrays_logs_grid = new Ext.grid.GridPanel({

47
        id: 'xssrays-logs-grid-zombie-' + zombie.session,

48
        store: xssrays_logs_store,

49
        bbar: xssrays_logs_bbar,

50
        border: false,

51
        loadMask: {msg:'Loading History...'},

52


53
        viewConfig: {

54
            forceFit:true

55
        },

56


57
        view: new Ext.grid.GridView({

58
            forceFit: true,

59
            emptyText: "No History",

60
            enableRowBody:true

61
        }),

62


63
        columns: [

64
            {header: 'Id', width: 10, sortable: true, dataIndex: 'id', hidden:true},

65
            {header: 'Vector Method', width: 30, sortable: true, dataIndex: 'vector_method', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},

66
            {header: 'Vector Name', width: 40, sortable: true, dataIndex: 'vector_name', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}},

67
            {header: 'Vector PoC', sortable: true, dataIndex: 'vector_poc', renderer: function(value){return $jEncoder.encoder.encodeForHTML(value)}}

68
        ],

69


70
        listeners: {

71
            afterrender: function(datagrid) {

72
                datagrid.store.reload({params:{start:0,limit:req_pagesize, sort: "date", dir:"DESC"}});

73
            }

74
        }

75
  });

76


77
  var xssrays_logs_panel = new Ext.Panel({

78
		id: 'xssrays-logs-panel-zombie-'+zombie.session,

79
		title: 'Logs',

80
		items:[xssrays_logs_grid],

81
		layout: 'fit',

82


83
		listeners: {

84
			activate: function(xssrays_logs_panel) {

85
				xssrays_logs_panel.items.items[0].store.reload();

86
			}

87
		}

88
  });

89


90
  function genScanSettingsPanel(zombie, bar, value) {

91
		var form = new Ext.FormPanel({

92
			title: 'Scan settings',

93
			id: 'xssrays-config-form-zombie'+zombie.session,

94
			url: '/api/xssrays/scan/' + zombie.session + '?token=' + token,

95
            labelWidth: 230,

96
			border: false,

97
			padding: '3px 5px 0 5px',

98
            defaults: {width: 100},

99
            defaultType: 'textfield',

100


101
			items:[{

102
                fieldLabel: 'Clean Timeout (milliseconds before the injected iFrames are removed from the DOM)',

103
                name: 'clean_timeout',

104
                allowBlank:false,

105
                value: 5000,

106
                padding: '10px 5px 0 5px'

107
            },{

108
               xtype:'checkbox',

109
               id:'cross_origin',

110
               fieldLabel: 'Cross-origin (check for XSS on cross-origin resources)',

111
               name: 'cross_origin',

112
               checked: true

113
            }],

114


115
			buttons: [{

116
				text: 'Start Scan',

117
				handler: function() {

118
					var form = Ext.getCmp('xssrays-config-form-zombie'+zombie.session).getForm();

119


120
                    bar.update_sending('Starting XssRays on ' + zombie.ip + ' ...');

121
					form.submit({

122
						params: {

123
							cross_origin: document.getElementById('cross_origin').checked

124
						},

125
						success: function() {

126
							bar.update_sent("Scan settings saved for hooked browser [" + zombie.ip + "]. XssRays will be added to victim DOM on next polling.");

127
						},

128
						failure: function() {

129
							bar.update_fail("Error! Something went wrong saving scan settings.");

130
						}

131
					});

132
				}

133
			}]

134
		});

135


136
		panel = Ext.getCmp('xssrays-config-zombie-'+zombie.session);

137
		panel.setTitle('Scan Config');

138
		panel.add(form);

139
	}

140


141
	ZombieTab_XssRaysTab.superclass.constructor.call(this, {

142
        id: 'xssrays-log-tab-'+zombie.session,

143
		title: 'XssRays',

144
		activeTab: 0,

145
		viewConfig: {

146
			forceFit: true,

147
			type: 'fit'

148
		},

149
        items: [xssrays_logs_panel, xssrays_config_panel],

150
        bbar: commands_statusbar,

151
        listeners: {

152
			afterrender : function(){

153
				genScanSettingsPanel(zombie, commands_statusbar);

154
			}

155
		}

156
  });

157
};

158


159
Ext.extend(ZombieTab_XssRaysTab, Ext.TabPanel, {} );

160


161