Merge branch 'pr/zinduolis/3171'

core/main/ar-migrations/015_create_http.rb

@@ -4,8 +4,8 @@ def change
       t.text :hooked_browser_id
       # The http request to perform. In clear text.
       t.text :request
-      # Boolean value as string to say whether cross-domain requests are allowed
-      t.boolean :allow_cross_domain, default: true
+      # Boolean value as string to say whether cross-origin requests are allowed
+      t.boolean :allow_cross_origin, default: true
       # The http response body received. In clear text.
       t.text :response_data
       # The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ def change
       t.text :domain
       # The port on which perform the request.
       t.text :port
-      # Boolean value to say if the request was cross-domain
+      # Boolean value to say if the request was cross-origin
       t.text :has_ran, default: 'waiting'
       # The path of the request.
       # Example: /secret.html

core/main/ar-migrations/025_create_xssrays_scan.rb

@@ -5,7 +5,7 @@ def change
       t.datetime :scan_start
       t.datetime :scan_finish
       t.text :domain
-      t.text :cross_domain
+      t.text :cross_origin
       t.integer :clean_timeout
       t.boolean :is_started
       t.boolean :is_finished

core/main/client/lib/evercookie.js

@@ -31,7 +31,7 @@
  *  for example, if someone deletes all but one type of cookie, once
  *  that cookie is re-discovered, all of the other cookie types get reset
  *
- *  !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS
+ *  !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
  *  OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
  *
  * USAGE:
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
         else
             return this.getFromStr(name, document.cookie);
     }catch(e){
-        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
         // evercookie_userdata and evercookie_window will be used in this case.
     }
 };

core/main/client/mitb.js

@@ -38,7 +38,7 @@ beef.mitb = {
                         if (method == "GET") {
                             //GET request -> cross-origin
                             if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
-                                beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
+                                beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
                                 window.open(url);
                             }else { //GET request -> same-origin
                                 beef.mitb.sniff("GET [Ajax Request]: " + url);

core/main/client/net.js

@@ -74,7 +74,7 @@ beef.net = {
         this.status_text = null;        // success, timeout, error, ...
         this.response_body = null;      // "<html>…." if not a cross-origin request
         this.port_status = null;        // tcp port is open, closed or not http
-        this.was_cross_domain = null;   // true or false
+        this.was_cross_origin = null;   // true or false
         this.was_timedout = null;       // the user specified timeout was reached
         this.duration = null;           // how long it took for the request to complete
         this.headers = null;            // full response headers
@@ -217,11 +217,11 @@ beef.net = {
      * @return {Object} this object contains the response details
      */
     request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
-        //check if same domain or cross domain
-        var cross_domain = true;
+        //check if same origin or cross origin
+        var cross_origin = true;
         if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
             if (document.location.port == "" || document.location.port == null) {
-                cross_domain = !(port == "80" || port == "443");
+                cross_origin = !(port == "80" || port == "443");
             }
         }
 
@@ -238,12 +238,12 @@ beef.net = {
 
         //define response object
         var response = new this.response;
-        response.was_cross_domain = cross_domain;
+        response.was_cross_origin = cross_origin;
         var start_time = new Date().getTime();
 
         /*
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
-         * This will turn POSTs into GETs for remote-domain requests.
+         * This will turn POSTs into GETs for cross origin requests.
          */
         if (method == "POST") {
             $j.ajaxSetup({
@@ -310,28 +310,28 @@ beef.net = {
     /**
      * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
      *  - requestid: needed on the callback
-     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
+     *  - allowCrossOrigin: set cross-origin requests as allowed or blocked
      *
      * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
      * Example usage:
      * beef.net.forge_request("http", "POST", "172.20.40.50", 8080, "/lulz",
      *   true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
      *   alert(response.response_body)})
      */
-    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
 
         if (domain == "undefined" || path == "undefined") {
             beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
             return;
         }
 
-        // check if same domain or cross domain
-        var cross_domain = true;
+        // check if same origin or cross origin
+        var cross_origin = true;
         if (document.domain == domain && document.location.protocol == scheme + ':') {
             if (document.location.port == "" || document.location.port == null) {
-                cross_domain = !(port == "80" || port == "443");
+                cross_origin = !(port == "80" || port == "443");
             } else {
-                if (document.location.port == port) cross_domain = false;
+                if (document.location.port == port) cross_origin = false;
             }
         }
 
@@ -348,23 +348,23 @@ beef.net = {
 
         // define response object
         var response = new this.response;
-        response.was_cross_domain = cross_domain;
+        response.was_cross_origin = cross_origin;
         var start_time = new Date().getTime();
 
-        // if cross-domain requests are not allowed and the request is cross-domain
+        // if cross-origin requests are not allowed and the request is cross-origin
         // don't proceed and return
-        if (allowCrossDomain == "false" && cross_domain) {
+        if (allowCrossOrigin == "false" && cross_origin) {
             beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
             response.status_code = -1;
-            response.status_text = "crossdomain";
-            response.port_status = "crossdomain";
+            response.status_text = "crossorigin";
+            response.port_status = "crossorigin";
             response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
             response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
             if (callback != null) callback(response, requestid);
             return response;
         }
 
-        // if the request was cross-domain from a HTTPS origin to HTTP
+        // if the request was cross-origin from a HTTPS origin to HTTP
         // don't proceed and return
         if (document.location.protocol == 'https:' && scheme == 'http') {
             beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -379,7 +379,7 @@ beef.net = {
 
         /*
          * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
-         * This will turn POSTs into GETs for remote-domain requests.
+         * This will turn POSTs into GETs for cross origin requests.
          */
         if (method == "POST") {
             $j.ajaxSetup({
@@ -432,10 +432,10 @@ beef.net = {
             },
 
             complete: function (xhr, textStatus) {
-                // cross-domain request
-                if (cross_domain) {
+                // cross-origin request
+                if (cross_origin) {
 
-                    response.port_status = "crossdomain";
+                    response.port_status = "crossorigin";
 
                     if (xhr.status != 0) {
                         response.status_code = xhr.status;
@@ -446,7 +446,7 @@ beef.net = {
                     if (textStatus) {
                         response.status_text = textStatus;
                     } else {
-                        response.status_text = "crossdomain";
+                        response.status_text = "crossorigin";
                     }
 
                     if (xhr.getAllResponseHeaders()) {
@@ -460,7 +460,7 @@ beef.net = {
                     }
 
                 } else {
-                    // same-domain request
+                    // same-origin request
                     response.status_code = xhr.status;
                     response.status_text = textStatus;
                     response.headers = xhr.getAllResponseHeaders();

core/main/client/net/requester.js

@@ -25,7 +25,7 @@ beef.net.requester = {
             request = requests_array[i];
             if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
             beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
-            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
+            beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
                                        function(res, requestid) { beef.net.send('/requester', requestid, {
                                            response_data: res.response_body,
                                            response_status_code: res.status_code,

core/main/client/net/xssrays.js

@@ -171,7 +171,7 @@ beef.net.xssrays = {
                 this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
                     search:url.search, type: 'url'});//scan each link & param
             } else {
-                beef.debug('Scan is not Cross-domain.  URLS\nurl :' + url.hostname.toString());
+                beef.debug('Scan is not Cross-origin.  URLS\nurl :' + url.hostname.toString());
                 beef.debug('\nlocation :' + location.hostname.toString());
             }
         }
@@ -251,7 +251,7 @@ beef.net.xssrays = {
                             continue;
                         }
                         if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
-                            beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString());
+                            beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
                             beef.debug('location :' + this.host(location));
                             continue;
                         }

core/main/configuration.rb

@@ -256,7 +256,7 @@ def load_extensions_config
       #
       def load_modules_config
         set('beef.module', {})
-        # support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
+        # support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
         module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
         Dir.glob(module_configs) do |cf|
           y = load(cf)

core/main/handlers/browserdetails.rb

@@ -547,7 +547,7 @@ def setup
           end
 
           # log a few info of newly hooked zombie in the console
-          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]"
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"
 
           # add localhost as network host
           if config.get('beef.extension.network.enable')

core/main/router/router.rb

@@ -27,9 +27,9 @@ class Router < Sinatra::Base
 
           # @note If CORS is enabled, expose the appropriate headers
           if config.get('beef.http.restful_api.allow_cors')
-            allowed_domains = config.get('beef.http.restful_api.cors_allowed_domains')
-            if allowed_domains
-              headers 'Access-Control-Allow-Origin' => allowed_domains
+            allowed_origins = config.get('beef.http.restful_api.cors_allowed_origins')
+            if allowed_origins
+              headers 'Access-Control-Allow-Origin' => allowed_origins
             end
             headers 'Access-Control-Allow-Methods' => 'POST, GET'
 

docs/BeefJS.html

@@ -558,7 +558,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/are.js.html

@@ -83,7 +83,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.are.html

@@ -457,7 +457,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.browser.cookie.html

@@ -634,7 +634,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.browser.html

@@ -30172,7 +30172,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.browser.popup.html

@@ -214,7 +214,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.dom.html

@@ -3679,7 +3679,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.encode.base64.html

@@ -731,7 +731,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.encode.json.html

@@ -383,7 +383,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.geolocation.html

@@ -569,7 +569,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.hardware.html

@@ -2077,7 +2077,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.init.html

@@ -477,7 +477,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>

docs/beef.js.html

@@ -126,7 +126,7 @@ <h2><a href="index.html">Home</a></h2><h3>Namespaces</h3><ul><li><a href="BeefJS
 <br class="clear">
 
 <footer>
-    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time)
+    Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
 </footer>
 
 <script> prettyPrint(); </script>