Path: blob/master/extensions/social_engineering/rest/socialengineering.rb
1874 views
#1# Copyright (c) 2006-2026 Wade Alcorn - [email protected]2# Browser Exploitation Framework (BeEF) - https://beefproject.com3# See the file 'doc/COPYING' for copying permission4#56module BeEF7module Extension8module SocialEngineering9class SEngRest < BeEF::Core::Router::Router10config = BeEF::Core::Configuration.instance1112before do13error 401 unless params[:token] == config.get('beef.api_token')14halt 401 unless BeEF::Core::Rest.permitted_source?(request.ip)15headers 'Content-Type' => 'application/json; charset=UTF-8',16'Pragma' => 'no-cache',17'Cache-Control' => 'no-cache',18'Expires' => '0'19end2021# Example: curl -H "Content-Type: application/json; charset=UTF-8" -d json_body22# -X POST http://127.0.0.1:3000/api/seng/clone_page?token=851a937305f8773ee82f5259e792288cdcb01cd723#24# Example json_body:25# {26# "url": "https://accounts.google.com/ServiceLogin?service=mail&continue=https://mail.google.com/mail/"27# "mount": "/gmail",28# "dns_spoof": true29# }30post '/clone_page' do31request.body.rewind32begin33body = JSON.parse request.body.read34uri = body['url']35mount = body['mount']36use_existing = body['use_existing']37dns_spoof = body['dns_spoof']3839if !uri.nil? && !mount.nil?40if (uri =~ URI::DEFAULT_PARSER.make_regexp).nil? # invalid URI41print_error 'Invalid URI'42halt 40143end4445unless mount[%r{^/}] # mount needs to start with /46print_error 'Invalid mount (need to be a relative path, and start with / )'47halt 40148end4950web_cloner = BeEF::Extension::SocialEngineering::WebCloner.instance51success = web_cloner.clone_page(uri, mount, use_existing, dns_spoof)5253if success54result = {55'success' => true,56'mount' => mount57}.to_json58else59result = {60'success' => false61}.to_json62halt 50063end64end65rescue StandardError66print_error 'Invalid JSON input passed to endpoint /api/seng/clone_page'67error 400 # Bad Request68end69end70end71end72end73end747576