CoCalc -- proxy.rb

GitHub Repository: beefproject/beef
Path: blob/master/extensions/proxy/rest/proxy.rb
¹¹⁵⁴ views
1
#
2
# Copyright (c) 2006-2025 Wade Alcorn - [email protected]
3
# Browser Exploitation Framework (BeEF) - https://beefproject.com
4
# See the file 'doc/COPYING' for copying permission
5
#
6
module BeEF
7
  module Extension
8
    module Proxy
9
      # This class handles the routing of RESTful API requests for the proxy
10
      class ProxyRest < BeEF::Core::Router::Router
11
        # Filters out bad requests before performing any routing
12
        before do
13
          config = BeEF::Core::Configuration.instance
14
          @hb = BeEF::Core::Models::HookedBrowser
15

16
          # Require a valid API token from a valid IP address
17
          halt 401 unless params[:token] == config.get('beef.api_token')
18
          halt 403 unless BeEF::Core::Rest.permitted_source?(request.ip)
19

20
          headers 'Content-Type' => 'application/json; charset=UTF-8',
21
                  'Pragma' => 'no-cache',
22
                  'Cache-Control' => 'no-cache',
23
                  'Expires' => '0'
24
        end
25

26
        # Use a specified hooked browser as proxy
27
        post '/setTargetZombie' do
28
          body = JSON.parse(request.body.read)
29
          hb_id = body['hb_id']
30

31
          result = {}
32
          result['success'] = false
33
          return result.to_json if hb_id.nil?
34

35
          hooked_browser = @hb.where(session: hb_id).first
36
          previous_proxy_hb = @hb.where(is_proxy: true).first
37

38
          # if another HB is currently set as tunneling proxy, unset it
39
          unless previous_proxy_hb.nil?
40
            previous_proxy_hb.update(is_proxy: false)
41
            print_debug("Unsetting previously HB [#{previous_proxy_hb.ip}] used as Tunneling Proxy")
42
          end
43

44
          # set the HB requested in /setTargetProxy as Tunneling Proxy
45
          unless hooked_browser.nil?
46
            hooked_browser.update(is_proxy: true)
47
            print_info("Using Hooked Browser with ip [#{hooked_browser.ip}] as Tunneling Proxy")
48
            result['success'] = true
49
          end
50

51
          result.to_json
52
        rescue InvalidParamError => e
53
          print_error e.message
54
          halt 400
55
        rescue StandardError => e
56
          print_error "Internal error setting browser as proxy (#{e.message})"
57
          halt 500
58
        end
59

60
        # Raised when invalid JSON input is passed to an /api/proxy handler.
61
        class InvalidJsonError < StandardError
62
          DEFAULT_MESSAGE = 'Invalid JSON input passed to /api/proxy handler'.freeze
63

64
          def initialize(message = nil)
65
            super(message || DEFAULT_MESSAGE)
66
          end
67
        end
68

69
        # Raised when an invalid named parameter is passed to an /api/proxy handler.
70
        class InvalidParamError < StandardError
71
          DEFAULT_MESSAGE = 'Invalid parameter passed to /api/proxy handler'.freeze
72

73
          def initialize(message = nil)
74
            str = 'Invalid "%s" parameter passed to /api/proxy handler'
75
            message = format str, message unless message.nil?
76
            super(message)
77
          end
78
        end
79
      end
80
    end
81
  end
82
end
83

84
Product

Resources

Company
