Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Review "IP address has changed" functionality #2821

Open
bcoles opened this issue Apr 15, 2023 · 1 comment
Open

Review "IP address has changed" functionality #2821

bcoles opened this issue Apr 15, 2023 · 1 comment

Comments

@bcoles
Copy link
Collaborator

bcoles commented Apr 15, 2023

The "IP address has changed" functionality is dodgy. Worse, when allow_reverse_proxy is used, the X-Forwarded-For header is trusted implicitly without validation.

# @note Check for a change in zombie IP and log an event
if config.get('beef.http.allow_reverse_proxy') == true
if hooked_browser.ip != request.env['HTTP_X_FORWARDED_FOR']
BeEF::Core::Logger.instance.register('Zombie', "IP address has changed from #{hooked_browser.ip} to #{request.env['HTTP_X_FORWARDED_FOR']}", hooked_browser.id.to_s)
hooked_browser.ip = request.env['HTTP_X_FORWARDED_FOR']
end
elsif hooked_browser.ip != request.ip
BeEF::Core::Logger.instance.register('Zombie', "IP address has changed from #{hooked_browser.ip} to #{request.ip}", hooked_browser.id.to_s)
hooked_browser.ip = request.ip
end

Here's an example someone provided, showing that the stored IP address contains two IP addresses separated by ,.

image

It may also result in many "IP address has changed" events in load balanced environments. Although I'm not sure that this is avoidable.

@bcoles bcoles added the Defect label Apr 15, 2023
@github-actions
Copy link
Contributor

This issue as been marked as stale due to inactivity and will be closed in 7 days

@github-actions github-actions bot added the Stale Used to mark issues with inactivity label Apr 22, 2023
@bcoles bcoles added Low and removed Stale Used to mark issues with inactivity labels Apr 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant