Fix #1851 - Command/request(s) sent to zombie 'undefined' bug #1963
Conversation
…ary for the nested function calls to act as intended.
jackdwalker
changed the title
|
Using |
|
No problems. I'll have a dig around for that object when I next get a chance and try to utilise that. |
|
@bcoles / @jackdwalker / @jcrew99 - was this completed? If this was the intended update, happy to merge this and add to Friday release |
|
I don't believe any changes were made following my original PR @wheatley. Re-reading with effectively zero context (given how long it has been lol), I believe @bcoles was implying that the That being said I don't recall the a higher order I do remember this fixing the solution pretty nicely but I didn't get a chance to investigate @bcoles comment further at the time. So there's a chance this could introduce other issues he is aware of that I was not when developing this patch. |
The original PR used this code: var zombie = Object.values(beefwui.hooked_browsers).find(hb => hb.session === location_hash('id'));That relies on This was changed in the var zombie = Object.values(beefwui.hooked_browsers).find(hb => hb.session === id);Which no longer makes use of the location hash.
I haven't tested this PR but my comment was addressed. |
Gotcha - makes sense. Looking back at the individual commit/comment timestamps it seems like I did end up updating the PR with that code the day you left that comment (as you've mentioned). @wheatley - feel free to merge if it is passing tests and still works functionally. |
| @@ -91,11 +91,13 @@ function locationHashChanged() { | |||
|
|
|||
| if (id === null) return; | |||
|
|
|||
| var zombie = Object.values(beefwui.hooked_browsers).find(hb => hb.session === id); | |||
There was a problem hiding this comment.
Is this where the change for for the zombie object referred to by @bcoles?
wheatley
deleted the
fix_error_request_sent_to_hooked_browser_undefined
branch
* Fix #1851 - Command/request(s) sent to zombie 'undefined' bug (#1963) * Provided correct context in locationHashChanged() to have data necessary for the nested function calls to act as intended. * rubocop cleanup (#2170) * version up (#2172) Co-authored-by: Jack Walker <[email protected]> Co-authored-by: Isaac Powell <[email protected]>
Pull Request
Thanks for submitting a PR! Please fill in this template where appropriate:
Category
e.g. Bug, Module, Extension, Core Functionality, Documentation, Tests
Bug
Feature/Issue Description
Q: Please give a brief summary of your feature/fix
A: The current release of BeEF master contains a bug in the 'Current Browser' zombie commands status bar. Any request made or command module launched resulted in an error similar to that highlighted in the picture below:
This patch resolves this issue.
Q: Give a technical rundown of what you have changed (if applicable)
A: The data previously passed into the constructor which generates these messages was only being given an object
zombiewhich contained the one keysessionwhose value was the Session ID for that hooked browser. The status bar was trying to call on that object to give a value for the keyip. I've edited thezombieobject to contain the full context of the hooked browser which is open in theZombieMgrpanel. To do this I called on thebeefwui(Beef Web UI?) API, and filtered for the hooked browser whose Session ID was in the URI fragment (location_hash('id')):The
location_hash('id')code is not mine, and was the previous way of identifying the Session ID (see the commit diff) of the hooked browser being examined.Test Cases
Q: Describe your test cases, what you have covered and if there are any use cases that still need addressing.
A: None written - Admin UI extension test (and all other tests) still pass, and my manual testing of the UI worked :)
Wiki Page
If you are adding a new feature that is not easily understood without context, please draft a section to be added to the Wiki below.
N/A