Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update BrowserDetails to store textual OID-style key/value data

Browse Source
This commit is contained in:
Brendan Coles
2019-02-26 15:22:54 +00:00
parent 25988d1728
commit 03424c804e
22 changed files with 546 additions and 428 deletions
Download Patch File Download Diff File Expand all files Collapse all files

306
core/main/handlers/browserdetails.rb
View File

@@ -37,13 +37,13 @@ module BeEF
zombie = BeEF::Core::Models::HookedBrowser.new(:ip => @data['request'].ip, :session => session_id)
zombie.firstseen = Time.new.to_i
# hostname
# hooked window host name
log_zombie_port = 0
if not @data['results']['HostName'].nil? then
log_zombie_domain=@data['results']['HostName']
if not @data['results']['browser.window.hostname'].nil?
log_zombie_domain = @data['results']['browser.window.hostname']
elsif (not @data['request'].referer.nil?) and (not @data['request'].referer.empty?)
referer = @data['request'].referer
if referer.start_with?("https://") then
if referer.start_with?("https://")
log_zombie_port = 443
else
log_zombie_port = 80
@@ -53,9 +53,9 @@ module BeEF
log_zombie_domain="unknown" # Probably local file open
end
# port
if not @data['results']['HostPort'].nil? then
log_zombie_port=@data['results']['HostPort']
# hooked window host port
if not @data['results']['browser.window.hostport'].nil?
log_zombie_port = @data['results']['browser.window.hostport']
else
log_zombie_domain_parts=log_zombie_domain.split(':')
if log_zombie_domain_parts.length > 1 then
@@ -78,31 +78,40 @@ module BeEF
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
# get and store browser name
browser_name = get_param(@data['results'], 'BrowserName')
browser_name = get_param(@data['results'], 'browser.name')
if BeEF::Filters.is_valid_browsername?(browser_name)
BD.set(session_id, 'BrowserName', browser_name)
BD.set(session_id, 'browser.name', browser_name)
# lookup and store browser friendly name
browser_friendly_name = BeEF::Core::Constants::Browsers.friendly_name(browser_name)
BD.set(session_id, 'browser.name.friendly', browser_friendly_name)
else
self.err_msg "Invalid browser name returned from the hook browser's initial connection."
end
if BeEF::Filters.is_valid_ip?(zombie.ip)
BD.set(session_id, 'host.ipaddress', zombie.ip)
else
self.err_msg "Invalid IP address returned from the hook browser's initial connection."
end
# lookup zombie host name
ip_str = zombie.ip
if config.get('beef.dns_hostname_lookup')
begin
host_name = Resolv.getname(zombie.ip).to_s
if BeEF::Filters.is_valid_hostname?(host_name)
ip_str += " [#{host_name}]"
BD.set(session_id, 'host.name', host_name)
end
rescue
print_debug "[INIT] Reverse lookup failed - No results for IP address '#{zombie.ip}'"
end
end
BD.set(session_id, 'IP', ip_str)
# geolocation
BD.set(session_id, 'LocationCity', 'Unknown')
BD.set(session_id, 'LocationCountry', 'Unknown')
BD.set(session_id, 'location.city', 'Unknown')
BD.set(session_id, 'location.country', 'Unknown')
if BeEF::Core::GeoIp.instance.enabled?
geoip = BeEF::Core::GeoIp.instance.lookup(zombie.ip)
if geoip.nil?
@@ -112,44 +121,44 @@ module BeEF
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} is connecting from: #{geoip}", "#{zombie.id}")
BD.set(
session_id,
'LocationCity',
'location.city',
"#{geoip['city']['names']['en'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationCountry',
'location.country',
"#{geoip['country']['names']['en'] rescue 'Unknown' }")
BD.set(
session_id,
'LocationCountryIsoCode',
"#{geoip['country']['iso_code'] rescue ''}")
'location.country.isocode',
"#{geoip['country']['iso_code'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationRegisteredCountry',
"#{geoip['registered_country']['names']['en'] rescue ''}")
'location.country.registered_country',
"#{geoip['registered_country']['names']['en'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationRegisteredCountryIsoCode',
"#{geoip['registered_country']['iso_code'] rescue ''}")
'location.country.registered_country.isocode',
"#{geoip['registered_country']['iso_code'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationContinent',
"#{geoip['continent']['names']['en'] rescue ''}")
'location.continent',
"#{geoip['continent']['names']['en'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationContinentCode',
"#{geoip['continent']['code'] rescue ''}")
'location.continent.code',
"#{geoip['continent']['code'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationLatitude',
"#{geoip['location']['latitude'] rescue ''}")
'location.latitude',
"#{geoip['location']['latitude'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationLongitude',
"#{geoip['location']['longitude'] rescue ''}")
'location.longitude',
"#{geoip['location']['longitude'] rescue 'Unknown'}")
BD.set(
session_id,
'LocationTimeZone',
"#{geoip['location']['time_zone'] rescue ''}")
'location.timezone',
"#{geoip['location']['time_zone'] rescue 'Unknown'}")
end
end
@@ -210,144 +219,201 @@ module BeEF
end
# get and store browser version
browser_version = get_param(@data['results'], 'BrowserVersion')
browser_version = get_param(@data['results'], 'browser.version')
if BeEF::Filters.is_valid_browserversion?(browser_version)
BD.set(session_id, 'BrowserVersion', browser_version)
BD.set(session_id, 'browser.version', browser_version)
else
self.err_msg "Invalid browser version returned from the hook browser's initial connection."
end
# get and store browser string
browser_string = get_param(@data['results'], 'BrowserReportedName')
browser_string = get_param(@data['results'], 'browser.name.reported')
if BeEF::Filters.is_valid_browserstring?(browser_string)
BD.set(session_id, 'BrowserReportedName', browser_string)
BD.set(session_id, 'browser.name.reported', browser_string)
else
self.err_msg "Invalid browser string returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'browser.name.reported' returned from the hook browser's initial connection."
end
# get and store browser language
browser_lang = get_param(@data['results'], 'BrowserLanguage')
BD.set(session_id, 'BrowserLanguage', browser_lang)
browser_lang = get_param(@data['results'], 'browser.language')
BD.set(session_id, 'browser.language', browser_lang)
# get and store the cookies
cookies = get_param(@data['results'], 'Cookies')
cookies = get_param(@data['results'], 'browser.window.cookies')
if BeEF::Filters.is_valid_cookies?(cookies)
BD.set(session_id, 'Cookies', cookies)
BD.set(session_id, 'browser.window.cookies', cookies)
else
self.err_msg "Invalid cookies returned from the hook browser's initial connection."
end
# get and store the OS name
os_name = get_param(@data['results'], 'OsName')
os_name = get_param(@data['results'], 'host.os.name')
if BeEF::Filters.is_valid_osname?(os_name)
BD.set(session_id, 'OsName', os_name)
BD.set(session_id, 'host.os.name', os_name)
else
self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
end
# get and store the OS version (without checks as it can be very different or even empty, for instance on linux/bsd)
os_version = get_param(@data['results'], 'OsVersion')
BD.set(session_id, 'OsVersion', os_version)
# get and store the OS version
# - without checks as it can be very different, for instance on linux/bsd)
os_version = get_param(@data['results'], 'host.os.version')
BD.set(session_id, 'host.os.version', os_version)
# get and store the OS arch - without checks
os_arch = get_param(@data['results'], 'host.os.arch')
BD.set(session_id, 'host.os.arch', os_arch)
# get and store default browser
default_browser = get_param(@data['results'], 'DefaultBrowser')
BD.set(session_id, 'DefaultBrowser', default_browser)
default_browser = get_param(@data['results'], 'host.software.defaultbrowser')
BD.set(session_id, 'host.software.defaultbrowser', default_browser)
# get and store the hardware name
hw_name = get_param(@data['results'], 'Hardware')
if BeEF::Filters.is_valid_hwname?(hw_name)
BD.set(session_id, 'Hardware', hw_name)
# get and store the hardware type
hw_type = get_param(@data['results'], 'hardware.type')
if BeEF::Filters.is_valid_hwname?(hw_type)
BD.set(session_id, 'hardware.type', hw_type)
else
self.err_msg "Invalid hardware name returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'hardware.type' returned from the hook browser's initial connection."
end
# get and store the date
date_stamp = get_param(@data['results'], 'DateStamp')
date_stamp = get_param(@data['results'], 'browser.date.datestamp')
if BeEF::Filters.is_valid_date_stamp?(date_stamp)
BD.set(session_id, 'DateStamp', date_stamp)
BD.set(session_id, 'browser.date.datestamp', date_stamp)
else
self.err_msg "Invalid date returned from the hook browser's initial connection."
end
# get and store page title
page_title = get_param(@data['results'], 'PageTitle')
page_title = get_param(@data['results'], 'browser.window.title')
if BeEF::Filters.is_valid_pagetitle?(page_title)
BD.set(session_id, 'PageTitle', page_title)
BD.set(session_id, 'browser.window.title', page_title)
else
self.err_msg "Invalid page title returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'browser.window.title' returned from the hook browser's initial connection."
end
# get and store page origin
origin = get_param(@data['results'], 'browser.window.origin')
if BeEF::Filters.is_valid_url?(origin)
BD.set(session_id, 'browser.window.origin', origin)
else
self.err_msg "Invalid value for 'browser.window.uri' returned from the hook browser's initial connection."
end
# get and store page uri
page_uri = get_param(@data['results'], 'PageURI')
page_uri = get_param(@data['results'], 'browser.window.uri')
if BeEF::Filters.is_valid_url?(page_uri)
BD.set(session_id, 'PageURI', page_uri)
BD.set(session_id, 'browser.window.uri', page_uri)
else
self.err_msg "Invalid page URL returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'browser.window.uri' returned from the hook browser's initial connection."
end
# get and store the page referrer
page_referrer = get_param(@data['results'], 'PageReferrer')
page_referrer = get_param(@data['results'], 'browser.window.referrer')
if BeEF::Filters.is_valid_pagereferrer?(page_referrer)
BD.set(session_id, 'PageReferrer', page_referrer)
BD.set(session_id, 'browser.window.referrer', page_referrer)
else
self.err_msg "Invalid page referrer returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'browser.window.referrer' returned from the hook browser's initial connection."
end
# get and store hostname
host_name = get_param(@data['results'], 'HostName')
# get and store hooked window host port
host_name = get_param(@data['results'], 'browser.window.hostname')
if BeEF::Filters.is_valid_hostname?(host_name)
BD.set(session_id, 'HostName', host_name)
BD.set(session_id, 'browser.window.hostname', host_name)
else
self.err_msg "Invalid host name returned from the hook browser's initial connection."
self.err_msg "Invalid valid for 'browser.window.hostname' returned from the hook browser's initial connection."
end
# get and store hooked window host port
host_port = get_param(@data['results'], 'browser.window.hostport')
if BeEF::Filters.is_valid_port?(host_port)
BD.set(session_id, 'browser.window.hostport', host_port)
else
self.err_msg "Invalid valid for 'browser.window.hostport' returned from the hook browser's initial connection."
end
# get and store the browser plugins
browser_plugins = get_param(@data['results'], 'BrowserPlugins')
browser_plugins = get_param(@data['results'], 'browser.plugins')
if BeEF::Filters.is_valid_browser_plugins?(browser_plugins)
BD.set(session_id, 'BrowserPlugins', browser_plugins)
BD.set(session_id, 'browser.plugins', browser_plugins)
else
self.err_msg "Invalid browser plugins returned from the hook browser's initial connection."
end
# get and store the system platform
system_platform = get_param(@data['results'], 'BrowserPlatform')
system_platform = get_param(@data['results'], 'browser.platform')
if BeEF::Filters.is_valid_system_platform?(system_platform)
BD.set(session_id, 'BrowserPlatform', system_platform)
BD.set(session_id, 'browser.platform', system_platform)
else
self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
end
# get and store the hooked browser type
browser_type = get_param(@data['results'], 'BrowserType')
browser_type = get_param(@data['results'], 'browser.type')
if BeEF::Filters.is_valid_browsertype?(browser_type)
BD.set(session_id, 'BrowserType', browser_type)
BD.set(session_id, 'browser.type', browser_type)
else
self.err_msg "Invalid hooked browser type returned from the hook browser's initial connection."
end
# get and store the zombie screen size and color depth
screen_size = get_param(@data['results'], 'ScreenSize')
if BeEF::Filters.is_valid_screen_size?(screen_size)
BD.set(session_id, 'ScreenSize', screen_size)
# get and store the zombie screen color depth
screen_colordepth = get_param(@data['results'], 'hardware.screen.colordepth')
if BeEF::Filters.nums_only?(screen_colordepth)
BD.set(session_id, 'hardware.screen.colordepth', screen_colordepth)
else
self.err_msg "Invalid screen size returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'hardware.screen.colordepth' returned from the hook browser's initial connection."
end
# get and store the window size
window_size = get_param(@data['results'], 'WindowSize')
if BeEF::Filters.is_valid_window_size?(window_size)
BD.set(session_id, 'WindowSize', window_size)
# get and store the zombie screen width
screen_size_width = get_param(@data['results'], 'hardware.screen.size.width')
if BeEF::Filters.nums_only?(screen_size_width)
BD.set(session_id, 'hardware.screen.size.width', screen_size_width)
else
self.err_msg "Invalid window size returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'hardware.screen.size.width' returned from the hook browser's initial connection."
end
# get and store the yes|no value for browser components
components = [
'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
'HasWebSocket', 'HasWebWorker', 'HasWebGL', 'HasWebRTC', 'HasActiveX',
'HasQuickTime', 'HasRealPlayer', 'HasWMP'
# get and store the zombie screen height
screen_size_height = get_param(@data['results'], 'hardware.screen.size.height')
if BeEF::Filters.nums_only?(screen_size_height)
BD.set(session_id, 'hardware.screen.size.height', screen_size_height)
else
self.err_msg "Invalid value for 'hardware.screen.size.height' returned from the hook browser's initial connection."
end
# get and store the window height
window_height = get_param(@data['results'], 'browser.window.size.height')
if BeEF::Filters.nums_only?(window_height)
BD.set(session_id, 'browser.window.size.height', window_height)
else
self.err_msg "Invalid value for 'browser.window.size.height' returned from the hook browser's initial connection."
end
# get and store the window width
window_width = get_param(@data['results'], 'browser.window.size.width')
if BeEF::Filters.nums_only?(window_width)
BD.set(session_id, 'browser.window.size.width', window_width)
else
self.err_msg "Invalid value for 'browser.window.size.width' returned from the hook browser's initial connection."
end
# get and store the yes|no value for browser capabilities
capabilities = [
'browser.capabilities.vbscript',
# 'browser.capabilities.java',
'browser.capabilities.flash',
'browser.capabilities.phonegap',
'browser.capabilities.googlegears',
'browser.capabilities.activex',
'browser.capabilities.quicktime',
'browser.capabilities.realplayer',
'browser.capabilities.wmp',
'browser.capabilities.vlc',
'browser.capabilities.webworker',
'browser.capabilities.websocket',
'browser.capabilities.webgl',
'browser.capabilities.webrtc',
]
components.each do |k|
capabilities.each do |k|
v = get_param(@data['results'], k)
if BeEF::Filters.is_valid_yes_no?(v)
BD.set(session_id, k, v)
@@ -356,28 +422,60 @@ module BeEF
end
end
# get and store the value for CpuArch
cpu_arch = get_param(@data['results'], 'CpuArch')
# get and store the value for hardware.memory
memory = get_param(@data['results'], 'hardware.memory')
if BeEF::Filters.is_valid_memory?(memory)
BD.set(session_id, 'hardware.memory', memory)
else
self.err_msg "Invalid value for 'hardware.memory' returned from the hook browser's initial connection."
end
# get and store the value for hardware.gpu
gpu = get_param(@data['results'], 'hardware.gpu')
if BeEF::Filters.is_valid_gpu?(gpu)
BD.set(session_id, 'hardware.gpu', gpu)
else
self.err_msg "Invalid value for 'hardware.gpu' returned from the hook browser's initial connection."
end
# get and store the value for hardware.gpu.vendor
gpu_vendor = get_param(@data['results'], 'hardware.gpu.vendor')
if BeEF::Filters.is_valid_gpu?(gpu_vendor)
BD.set(session_id, 'hardware.gpu.vendor', gpu_vendor)
else
self.err_msg "Invalid value for 'hardware.gpu.vendor' returned from the hook browser's initial connection."
end
# get and store the value for hardware.cpu.arch
cpu_arch = get_param(@data['results'], 'hardware.cpu.arch')
if BeEF::Filters.is_valid_cpu?(cpu_arch)
BD.set(session_id, 'CpuArch', cpu_arch)
BD.set(session_id, 'hardware.cpu.arch', cpu_arch)
else
self.err_msg "Invalid value for CpuArch returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'hardware.cpu.arch' returned from the hook browser's initial connection."
end
# get and store the value for CpuCores
cpu_cores = get_param(@data['results'], 'CpuCores')
# get and store the value for hardware.cpu.cores
cpu_cores = get_param(@data['results'], 'hardware.cpu.cores')
if BeEF::Filters.alphanums_only?(cpu_cores)
BD.set(session_id, 'CpuCores', cpu_cores)
BD.set(session_id, 'hardware.cpu.cores', cpu_cores)
else
self.err_msg "Invalid value for CpuCores returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'hardware.cpu.cores' returned from the hook browser's initial connection."
end
# get and store the value for TouchEnabled
touch_enabled = get_param(@data['results'], 'TouchEnabled')
if BeEF::Filters.is_valid_yes_no?(touch_enabled)
BD.set(session_id, 'TouchEnabled', touch_enabled)
# get and store the value for hardware.battery.level
battery_level = get_param(@data['results'], 'hardware.battery.level')
if battery_level == 'unknown' || battery_level =~ /\A[\d\.]+%\z/
BD.set(session_id, 'hardware.battery.level', battery_level)
else
self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
self.err_msg "Invalid value for 'hardware.battery.level' returned from the hook browser's initial connection."
end
# get and store the value for hardware.screen.touchenabled
touch_enabled = get_param(@data['results'], 'hardware.screen.touchenabled')
if BeEF::Filters.is_valid_yes_no?(touch_enabled)
BD.set(session_id, 'hardware.screen.touchenabled', touch_enabled)
else
self.err_msg "Invalid value for hardware.screen.touchenabled returned from the hook browser's initial connection."
end
if config.get('beef.integration.phishing_frenzy.enable')
@@ -397,7 +495,7 @@ module BeEF
# add localhost as network host
if config.get('beef.extension.network.enable')
print_debug("Hooked browser has network interface 127.0.0.1")
BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => '127.0.0.1', :hostname => 'localhost', :os => BeEF::Core::Models::BrowserDetails.get(session_id, 'OsName'))
BeEF::Core::Models::NetworkHost.add(:hooked_browser_id => session_id, :ip => '127.0.0.1', :hostname => 'localhost', :os => BeEF::Core::Models::BrowserDetails.get(session_id, 'host.os.name'))
end
# check if any ARE rules shall be triggered only if the channel is != WebSockets (XHR). If the channel