1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
module BeEF
7
  module Extension
8
    module Customhook
9
      class Handler
10
        def call(env)
11
          @body = ''
12
          @request = Rack::Request.new(env)
13
          @params = @request.query_string
14
          @response = Rack::Response.new(body = [], 200, header = {})
15
          config = BeEF::Core::Configuration.instance
16
          eruby = Erubis::FastEruby.new(File.read("#{File.dirname(__FILE__)}/html/index.html"))
17
          config.get('beef.extension.customhook.hooks').each do |h|
18
            path = config.get("beef.extension.customhook.hooks.#{h.first}.path")
19
            next unless path == (env['REQUEST_URI']).to_s
20

21
            print_info "[Custom Hook] Handling request for custom hook mounted at '#{path}'"
22
            @body << eruby.evaluate({
23
                                      'customhook_target' => config.get("beef.extension.customhook.hooks.#{h.first}.target"),
24
                                      'customhook_title' => config.get("beef.extension.customhook.hooks.#{h.first}.title")
25
                                    })
26
            break
27
          end
28

29
          @response = Rack::Response.new(
30
            body = [@body],
31
            status = 200,
32
            header = {
33
              'Pragma' => 'no-cache',
34
              'Cache-Control' => 'no-cache',
35
              'Expires' => '0',
36
              'Content-Type' => 'text/html',
37
              'Access-Control-Allow-Origin' => '*',
38
              'Access-Control-Allow-Methods' => 'POST, GET'
39
            }
40
          )
41
        end
42

43
        # @note Object representing the HTTP request
44
        @request
45

46
        # @note Object representing the HTTP response
47
        @response
48
      end
49
    end
50
  end
51
end
52

53