Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'active_record_fix' of https://github.com/beefproject/beef into active_record_fix

Browse Source
This commit is contained in:
root
2019-12-30 11:28:38 +00:00
parent e8e7ba26e4 4324876671
commit 1a8a8d9154
1328 changed files with 90024 additions and 1602 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@@ -110,3 +110,14 @@ $RECYCLE.BIN/
test/thirdparty/msf/unit/.byebug_history
/load
### JSDoc ###
# Dependency directories
node_modules/
# Generated files
out/
doc/rdoc/
# User-specific files

2
Gemfile
View File

@@ -1,7 +1,7 @@
# BeEF's Gemfile
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
INSTALL.txt
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission

2
README.md
View File

@@ -1,6 +1,6 @@
===============================================================================
Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission

2
Rakefile
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
VERSION
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
beef
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env ruby
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

16
conf.json Normal file
View File

@@ -0,0 +1,16 @@
{
"source": {
"include": ["./core/main/client"],
"includePattern": ".js$"
},
"plugins": [
"plugins/markdown"
],
"opts": {
"encoding": "utf8",
"readme": "./README.md",
"destination": "docs/",
"recurse": true,
"verbose": true
}
}

2
config.yaml
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/extension.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/extensions.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/configuration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/migration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/network_stack/assethandler.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/server.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/main/server/hook.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/module.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/api/modules.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/bootstrap.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/core.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/extension.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/extensions.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/base.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/browser.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/http.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/filters/page.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/hbmanager.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/loader.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/logger.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/autorun_engine/engine.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/autorun_engine/parser.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/autorun_engine/rule_loader.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

25
core/main/client/are.js
View File

@@ -1,16 +1,39 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/**
* A series of functions that handle statuses, returns a number based on the function called.
* @namespace beef.are
*/
beef.are = {
/**
* A function for handling a success status
* @memberof beef.are
* @method status_success
* @return {number} 1
*/
status_success: function(){
return 1;
},
/**
* A function for handling an unknown status
* @memberof beef.are
* @method status_unknown
* @return {number} 0
*/
status_unknown: function(){
return 0;
},
/**
* A function for handling an error status
* @memberof beef.are
* @method status_error
* @return {number} -1
*/
status_error: function(){
return -1;
}

27
core/main/client/beef.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -13,23 +13,24 @@ $j = jQuery.noConflict();
if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
/**
* Register the BeEF JS on the window object.
* @namespace {Object} BeefJS
* @property {string} version BeEf Version
* @property {boolean} pageIsLoaded This gets set to true during window.onload(). It's a useful hack when messing with document.write().
* @property {array} onpopstate An array containing functions to be executed by the window.onpopstate() method.
* @property {array} onclose An array containing functions to be executed by the window.onclose() method.
* @property {array} commands An array containing functions to be executed by Beef.
* @property {array} components An array containing all the BeEF JS components.
*/
var BeefJS = {
version: '<%= @beef_version %>',
// This get set to true during window.onload(). It's a useful hack when messing with document.write().
pageIsLoaded: false,
// An array containing functions to be executed by the window.onpopstate() method.
onpopstate: new Array(),
// An array containing functions to be executed by the window.onclose() method.
onclose: new Array(),
// An array containing functions to be executed by Beef.
commands: new Array(),
// An array containing all the BeEF JS components.
components: new Array(),
/**
@@ -37,8 +38,8 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
* @param: {string} the debug string to return
*/
debug: function(msg) {
if (!<%= @client_debug %>) return;
if (typeof console == "object" && typeof console.log == "function") {
isDebug = '<%= @client_debug %>'
if (typeof console == "object" && typeof console.log == "function" && isDebug.localeCompare("true")) {
var currentdate = new Date();
var pad = function(n){return ("0" + n).slice(-2);}
var datetime = currentdate.getFullYear() + "-"

30
core/main/client/browser.js
View File

@@ -1,13 +1,12 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/**
* @literal object: beef.browser
*
* Basic browser functions.
* @namespace beef.browser
*/
beef.browser = {
@@ -997,10 +996,13 @@ beef.browser = {
/**
* Returns true if Webkit based
*
* **** DUPLICATE WARNING **** Changes here may aldo need addressed in /isS\d+/ functions.
*/
isWebKitBased: function () {
/*
* **** DUPLICATE WARNING **** Changes here may aldo need addressed in /isS\d+/ functions.
*/
return (!window.opera && !window.chrome
&& window.navigator.userAgent.match(/ Version\/\d/) != null
&& !window.globalStorage
@@ -4579,17 +4581,19 @@ beef.browser = {
* This code is based on research from browserspy.dk
*
* @parameter {ENUM: 'PER_DOMAIN', 'GLOBAL'=>default}
* @return {Deferred promise} A jQuery deferred object promise, which when resolved passes
* @return {Object} A jQuery deferred object promise, which when resolved passes
* the number of connections to the callback function as "this"
*
* example usage:
* $j.when(getMaxConnections()).done(function(){
* console.debug("Max Connections: " + this);
* });
*
*/
getMaxConnections: function (scope) {
getMaxConnections: function (scope) {
/*
* example usage:
* $j.when(getMaxConnections()).done(function(){
* console.debug("Max Connections: " + this);
* });
*/
var imagesCount = 30; // Max number of images to test
var secondsTimeout = 5; // Image load timeout threashold
var testUrl = ""; // The image testing service URL

19
core/main/client/browser/cookie.js
View File

@@ -1,19 +1,18 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.browser.cookie
*
/**
* Provides fuctions for working with cookies.
* Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
* Original author unknown.
*
* @namespace beef.browser.cookie
*/
beef.browser.cookie = {
/** @memberof beef.browser.cookie */
setCookie: function (name, value, expires, path, domain, secure)
{
@@ -32,7 +31,7 @@ beef.browser.cookie = {
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
},
/** @memberof beef.browser.cookie */
getCookie: function(name)
{
var a_all_cookies = document.cookie.split( ';' );
@@ -63,7 +62,7 @@ beef.browser.cookie = {
return null;
}
},
/** @memberof beef.browser.cookie */
deleteCookie: function (name, path, domain)
{
if ( this.getCookie(name) ) document.cookie = name + "=" +
@@ -72,7 +71,7 @@ beef.browser.cookie = {
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
},
/* Never stop the madness dear C. */
/** @memberof beef.browser.cookie */
veganLol: function (){
var to_hell= '';
var min = 17;
@@ -99,7 +98,7 @@ beef.browser.cookie = {
}
return to_hell;
},
/** @memberof beef.browser.cookie */
hasSessionCookies: function (name){
this.setCookie( name, beef.browser.cookie.veganLol(), '', '/', '', '' );
@@ -108,7 +107,7 @@ beef.browser.cookie = {
return cookiesEnabled;
},
/** @memberof beef.browser.cookie */
hasPersistentCookies: function (name){
this.setCookie( name, beef.browser.cookie.veganLol(), 1, '/', '', '' );

10
core/main/client/browser/popup.js
View File

@@ -1,19 +1,17 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.browser.popup
*
/**
* Provides fuctions for working with cookies.
* Several functions adopted from http://davidwalsh.name/popup-block-javascript
* Original author unknown.
*
* @namespace beef.browser.popup
*/
beef.browser.popup = {
/** @memberof beef.browser.popup */
blocker_enabled: function ()
{
screenParams = beef.hardware.getScreenSize();

113
core/main/client/dom.js
View File

@@ -1,20 +1,19 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.dom
*
/**
* Provides functionality to manipulate the DOM.
* @namespace beef.dom
*/
beef.dom = {
/**
* Generates a random ID for HTML elements
* @param: {String} prefix: a custom prefix before the random id. defaults to "beef-"
* @return: generated id
* @param {String} prefix a custom prefix before the random id. defaults to "beef-"
* @return {String} generated id
*/
generateID: function(prefix) {
return ((prefix == null) ? 'beef-' : prefix)+Math.floor(Math.random()*99999);
@@ -22,9 +21,9 @@ beef.dom = {
/**
* Creates a new element but does not append it to the DOM.
* @param: {String} the name of the element.
* @param: {Literal Object} the attributes of that element.
* @return: the created element.
* @param {String} type the name of the element.
* @param {Array} attributes the attributes of that element.
* @return {Array} the created element.
*/
createElement: function(type, attributes) {
var el = document.createElement(type);
@@ -40,7 +39,7 @@ beef.dom = {
/**
* Removes element from the DOM.
* @param: {String or DOM Object} the target element to be removed.
* @param {Object} el the target element to be removed.
*/
removeElement: function(el) {
if (!beef.dom.isDOMElement(el))
@@ -54,8 +53,8 @@ beef.dom = {
/**
* Tests if the object is a DOM element.
* @param: {Object} the DOM element.
* @return: true if the object is a DOM element.
* @param {Object} the DOM element.
* @return {boolean} true if the object is a DOM element.
*/
isDOMElement: function(obj) {
return (obj.nodeType) ? true : false;
@@ -63,7 +62,7 @@ beef.dom = {
/**
* Creates an invisible iframe on the hook browser's page.
* @return: the iframe.
* @return {array} the iframe.
*/
createInvisibleIframe: function() {
var iframe = this.createElement('iframe', {
@@ -79,10 +78,10 @@ beef.dom = {
/**
* Returns the highest current z-index
* @param: {Boolean} whether to return an associative array with the height AND the ID of the element
* @return: {Integer} Highest z-index in the DOM
* @param {Boolean} whether to return an associative array with the height AND the ID of the element
* @return {Integer} Highest z-index in the DOM
* OR
* @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
* @return {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
*/
getHighestZindex: function(include_id) {
var highest = {'height':0, 'elem':''};
@@ -105,11 +104,11 @@ beef.dom = {
* Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
* is assigned to created iframe tag's src attribute resulting in GET request to that URI.
* example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
* @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
* @param: {Hash} params: list of params that will be sent in request.
* @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
* @param: {Function} a callback function to fire once the iFrame has loaded
* @return: {Object} the inserted iFrame
* @param {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
* @param {Hash} params: list of params that will be sent in request.
* @param {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
* @param {Function} a callback function to fire once the iFrame has loaded
* @return {Object} the inserted iFrame
*
*/
createIframe: function(type, params, styles, onload) {
@@ -150,8 +149,8 @@ beef.dom = {
/**
* Load a full screen div that is black, or, transparent
* @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
* @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
* @param {Boolean} vis: whether or not you want the screen dimmer enabled or not
* @param {Hash} options: a collection of options to customise how the div is configured, as follows:
* opacity:0-100 // Lower number = less grayout higher = more of a blackout
* // By default this is 70
* zindex: # // HTML elements with a higher zindex appear on top of the gray out
@@ -219,9 +218,9 @@ beef.dom = {
/**
* Create a form element with the specified parameters, appending it to the DOM if append == true
* @param: {Hash} params: params to be applied to the form element
* @param: {Boolean} append: automatically append the form to the body
* @return: {Object} a form object
* @param {Hash} params: params to be applied to the form element
* @param {Boolean} append: automatically append the form to the body
* @return {Object} a form object
*/
createForm: function(params, append) {
var form = $j('<form></form>').attr(params);
@@ -239,7 +238,7 @@ beef.dom = {
/**
* Get the location of the current page.
* @return: the location.
* @return the location.
*/
getLocation: function() {
return document.location.href;
@@ -247,7 +246,7 @@ beef.dom = {
/**
* Get links of the current page.
* @return: array of URLs.
* @return array of URLs.
*/
getLinks: function() {
var linksarray = [];
@@ -260,9 +259,9 @@ beef.dom = {
/**
* Rewrites all links matched by selector to url, also rebinds the click method to simply return true
* @param: {String} url: the url to be rewritten
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
* @param {String} url: the url to be rewritten
* @param {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return {Number} the amount of links found in the DOM and rewritten.
*/
rewriteLinks: function(url, selector) {
var sel = (selector == null) ? 'a' : selector;
@@ -277,9 +276,9 @@ beef.dom = {
/**
* Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
* http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
* @param: {String} url: the url to be rewritten
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
* @param {String} url: the url to be rewritten
* @param {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return {Number} the amount of links found in the DOM and rewritten.
*/
rewriteLinksClickEvents: function(url, selector) {
var sel = (selector == null) ? 'a' : selector;
@@ -293,10 +292,10 @@ beef.dom = {
/**
* Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
* @param: {String} old_protocol: the old link protocol to be rewritten
* @param: {String} new_protocol: the new link protocol to be written
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
* @param {String} old_protocol: the old link protocol to be rewritten
* @param {String} new_protocol: the new link protocol to be written
* @param {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return {Number} the amount of links found in the DOM and rewritten.
*/
rewriteLinksProtocol: function(old_protocol, new_protocol, selector) {
@@ -319,9 +318,9 @@ beef.dom = {
/**
* Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
* @param: {String} new_number: the new link telephone number to be written
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
* @param {String} new_number: the new link telephone number to be written
* @param {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return {Number} the amount of links found in the DOM and rewritten.
*/
rewriteTelLinks: function(new_number, selector) {
@@ -343,9 +342,9 @@ beef.dom = {
},
/**
* Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
* @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
* @return: {String} the parameters as a string ready to append to applet/embed/object tags (ex.: <param name='abc' value='test' />).
* Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
* @param {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
* @return {String} the parameters as a string ready to append to applet/embed/object tags (ex.: <param name='abc' value='test' />).
*/
parseAppletParams: function(params){
var result = '';
@@ -364,11 +363,11 @@ beef.dom = {
* beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D.class', null, 'http://127.0.0.1:3000/ui/media/images/target.jar', [{'param1':'1', 'param2':'2'}]);
* example usage in the code, using codebase:
* beef.dom.attachApplet('appletId', 'appletName', 'SuperMario3D', 'http://127.0.0.1:3000/', null, null);
* @params: {String} id: reference identifier to the applet.
* @params: {String} code: name of the class to be loaded. For example, beef.class.
* @params: {String} codebase: the URL of the codebase (usually used when loading a single class for an unsigned applet).
* @params: {String} archive: the jar that contains the code.
* @params: {String} params: an array of additional params that the applet except.
* @param {String} id: reference identifier to the applet.
* @param {String} code: name of the class to be loaded. For example, beef.class.
* @param {String} codebase: the URL of the codebase (usually used when loading a single class for an unsigned applet).
* @param {String} archive: the jar that contains the code.
* @param {String} params: an array of additional params that the applet except.
*/
attachApplet: function(id, name, code, codebase, archive, params) {
var content = null;
@@ -432,7 +431,7 @@ beef.dom = {
/**
* Given an id, remove the applet from the DOM.
* @params: {String} id: reference identifier to the applet.
* @param {String} id: reference identifier to the applet.
*/
detachApplet: function(id) {
$j('#' + id + '').detach();
@@ -440,10 +439,10 @@ beef.dom = {
/**
* Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
* @params: {String} action: the form action attribute, where the request will be sent.
* @params: {String} method: HTTP method, usually POST.
* @params: {String} enctype: form encoding type
* @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
* @param {String} action: the form action attribute, where the request will be sent.
* @param {String} method: HTTP method, usually POST.
* @param {String} enctype: form encoding type
* @param {Array} inputs: an array of inputs to be added to the form (type, name, value).
* example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
*/
createIframeXsrfForm: function(action, method, enctype, inputs){
@@ -477,9 +476,9 @@ beef.dom = {
/**
* Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.
* @params: {String} rhost: remote host ip/domain
* @params: {String} rport: remote port
* @params: {String} commands: protocol commands to be executed by the remote host:port service
* @param {String} rhost: remote host ip/domain
* @param {String} rport: remote port
* @param {String} commands: protocol commands to be executed by the remote host:port service
*/
createIframeIpecForm: function(rhost, rport, path, commands){
var iframeIpec = beef.dom.createInvisibleIframe();

32
core/main/client/encode/base64.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
@@ -8,10 +8,18 @@
beef.encode = {};
/**
* Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662
* @namespace beef.encode.base64
*/
beef.encode.base64 = {
keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
/**
* @memberof beef.encode.base64
* @param {string} input
* @return {string}
*/
encode : function (input) {
if (window.btoa) {
return btoa(unescape(encodeURIComponent(input)));
@@ -49,7 +57,11 @@ beef.encode.base64 = {
return output;
},
/**
* @memberof beef.encode.base64
* @param {string} input
* @return {string}
*/
decode : function (input) {
if (window.atob) {
return escape(atob(input));
@@ -90,8 +102,12 @@ beef.encode.base64 = {
},
utf8_encode : function (string) {
/**
* @memberof beef.encode.base64
* @param {string} string
* @return {string}
*/
utf8_encode : function (string) {
string = string.replace(/\r\n/g,"\n");
var utftext = "";
@@ -116,7 +132,11 @@ beef.encode.base64 = {
return utftext;
},
/**
* @memberof beef.encode.base64
* @param {string} utftext
* @return {string}
*/
utf8_decode : function (utftext) {
var string = "";
var i = 0;

17
core/main/client/encode/json.js
View File

@@ -1,13 +1,19 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
// Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
/**
* Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
* @namespace beef.encode.json
*/
beef.encode.json = {
/**
* @memberof beef.encode.json
* @param o
*/
stringify: function(o) {
if (typeof(JSON) == 'object' && JSON.stringify) {
// Error on stringifying cylcic structures caused polling to die
@@ -97,7 +103,10 @@ beef.encode.json = {
return "{" + pairs.join(", ") + "}";
}
},
/**
* @memberof beef.encode.json
* @param string
*/
quoteString: function(string) {
if (string.match(this._escapeable))
{

25
core/main/client/geolocation.js
View File

@@ -1,25 +1,30 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.geolocation
*
/**
* Provides functionalities to use the geolocation API.
* @namespace beef.geolocation
*/
beef.geolocation = {
/**
* check if browser supports the geolocation API
* Check if browser supports the geolocation API
* @return {boolean}
*/
isGeolocationEnabled: function(){
return !!navigator.geolocation;
},
/*
* given latitude/longitude retrieves exact street position of the zombie
/**
* Given latitude/longitude retrieves exact street position of the zombie
* @param command_url
* @param command_id
* @param latitude
* @param longitude
*/
getOpenStreetMapAddress: function(command_url, command_id, latitude, longitude){
@@ -56,8 +61,10 @@ beef.geolocation = {
},
/*
* retrieve latitude/longitude using the geolocation API
/**
* Retrieve latitude/longitude using the geolocation API
* @param command_url
* @param command_id
*/
getGeolocation: function (command_url, command_id){

99
core/main/client/hardware.js
View File

@@ -1,16 +1,20 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/**
* @namespace beef.hardware
*/
beef.hardware = {
ua: navigator.userAgent,
/*
* @return: {String} CPU type
**/
/**
* @return {String} CPU type
*/
getCpuArch: function() {
var arch = 'UNKNOWN';
// note that actually WOW64 means IE 32bit and Windows 64 bit. we are more interested
@@ -39,7 +43,8 @@ beef.hardware = {
/**
* Returns number of CPU cores
**/
* @return {String}
*/
getCpuCores: function() {
var cores = 'unknown';
try {
@@ -54,7 +59,8 @@ beef.hardware = {
/**
* Returns CPU details
**/
* @return {String}
*/
getCpuDetails: function() {
return {
arch: beef.hardware.getCpuArch(),
@@ -64,7 +70,8 @@ beef.hardware = {
/**
* Returns GPU details
**/
* @return {object}
*/
getGpuDetails: function() {
var gpu = 'unknown';
var vendor = 'unknown';
@@ -98,7 +105,8 @@ beef.hardware = {
/**
* Returns RAM (GiB)
**/
* @return {String}
*/
getMemory: function() {
var memory = 'unknown';
try {
@@ -113,7 +121,8 @@ beef.hardware = {
/**
* Returns battery details
**/
* @return {Object}
*/
getBatteryDetails: function() {
var battery = navigator.battery || navigator.webkitBattery || navigator.mozBattery;
@@ -136,6 +145,7 @@ beef.hardware = {
/**
* Returns zombie screen size and color depth.
* @return {Object}
*/
getScreenSize: function () {
return {
@@ -145,17 +155,19 @@ beef.hardware = {
}
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is touch enabled?
* @return {Boolean} true or false.
*/
isTouchEnabled: function() {
if ('ontouchstart' in document) return true;
return false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is virtual machine?
* @return {Boolean} true or false.
*/
isVirtualMachine: function() {
if (this.getGpuDetails().vendor.match('VMware, Inc'))
return true;
@@ -171,9 +183,10 @@ beef.hardware = {
return false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is a Laptop?
* @return {Boolean} true or false.
*/
isLaptop: function() {
if (this.isMobileDevice()) return false;
// Most common laptop screen resolution
@@ -183,64 +196,70 @@ beef.hardware = {
return false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is Nokia?
* @return {Boolean} true or false.
*/
isNokia: function() {
return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)|(Lumia )')) ? true : false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is Zune?
* @return {Boolean} true or false.
*/
isZune: function() {
return (this.ua.match('ZuneWP7')) ? true : false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is HTC?
* @return {Boolean} true or false.
*/
isHtc: function() {
return (this.ua.match('HTC')) ? true : false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is Ericsson?
* @return {Boolean} true or false.
*/
isEricsson: function() {
return (this.ua.match('Ericsson')) ? true : false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is Motorola?
* @return {Boolean} true or false.
*/
isMotorola: function() {
return (this.ua.match('Motorola')) ? true : false;
},
/*
* @return: {Boolean} true or false.
**/
/**
* Is Google?
* @return {Boolean} true or false.
*/
isGoogle: function() {
return (this.ua.match('Nexus One')) ? true : false;
},
/**
* Returns true if the browser is on a Mobile device
* @return: {Boolean} true or false
* @return {Boolean} true or false
*
* @example: if(beef.hardware.isMobileDevice()) { ... }
**/
*/
isMobileDevice: function() {
return MobileEsp.DetectMobileQuick();
},
/**
* Returns true if the browser is on a game console
* @return: {Boolean} true or false
* @return {Boolean} true or false
*
* @example: if(beef.hardware.isGameConsole()) { ... }
**/
*/
isGameConsole: function() {
return MobileEsp.DetectGameConsole();
},

18
core/main/client/init.js
View File

@@ -1,17 +1,18 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/**
* @literal object: beef.init
* Contains the beef_init() method which starts the BeEF client-side
* logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object.
*
* If beef.pageIsLoaded is true, then this JS has been loaded >1 times
* and will have a new session id. The new session id will need to know
* the brwoser details. So sendback the browser details again.
*
* @namespace beef.init
*/
beef.session.get_hook_session_id();
@@ -19,11 +20,15 @@ beef.session.get_hook_session_id();
if (beef.pageIsLoaded) {
beef.net.browser_details();
}
/**
* @memberof beef.init
*/
window.onload = function () {
beef_init();
};
/**
* @memberof beef.init
*/
window.onpopstate = function (event) {
if (beef.onpopstate.length > 0) {
event.preventDefault;
@@ -38,7 +43,9 @@ window.onpopstate = function (event) {
}
}
};
/**
* @memberof beef.init
*/
window.onclose = function (event) {
if (beef.onclose.length > 0) {
event.preventDefault;
@@ -60,6 +67,7 @@ window.onclose = function (event) {
* - the polling starts (checks for new commands, and execute them)
* - the logger component is initialized (see logger.js)
* - the Autorun Engine is initialized (see are.js)
* @memberof beef.init
*/
function beef_init() {
if (!beef.pageIsLoaded) {

41
core/main/client/lib/browser_jools.js
View File

@@ -1,3 +1,12 @@
/**
* @namespace browser_jools
*/
/**
* @memberof browser_jools
* @param file
* @param cwd
*/
var require = function (file, cwd) {
var resolved = require.resolve(file, cwd || '/');
var mod = require.modules[resolved];
@@ -19,7 +28,9 @@ require._core = {
'path': true,
'vm': true
};
/**
* @memberof browser_jools
*/
require.resolve = (function () {
return function (x, cwd) {
if (!cwd) cwd = '/';
@@ -104,7 +115,9 @@ require.resolve = (function () {
}
};
})();
/**
* @memberof browser_jools
*/
require.alias = function (from, to) {
var path = require.modules.path();
var res = null;
@@ -133,7 +146,9 @@ require.alias = function (from, to) {
}
}
};
/**
* @memberof browser_jools
*/
require.define = function (filename, fn) {
var dirname = require._core[filename]
? ''
@@ -215,10 +230,15 @@ function filter (xs, fn) {
return res;
}
// resolves . and .. elements in a path array with directory names there
// must be no slashes, empty elements, or device names (c:\) in the array
// (so also no leading and trailing slashes - it does not distinguish
// relative and absolute paths)
/**
* resolves . and .. elements in a path array with directory names there
* must be no slashes, empty elements, or device names (c:\) in the array
* (so also no leading and trailing slashes - it does not distinguish
* relative and absolute paths)
* @memberof browser_jools
* @param parts
* @param allowAboveRoot
*/
function normalizeArray(parts, allowAboveRoot) {
// if the path tries to go above the root, `up` ends up > 0
var up = 0;
@@ -357,6 +377,7 @@ var utils = require('./utils')
/**
* version
* @memberof browser_jools
*/
exports.version = '0.0.1';
@@ -367,7 +388,7 @@ exports.version = '0.0.1';
* - Descriptive name
* - One or more conditions
* - One or more consequences, which are fired when all conditions evaluate to true.
*
* @memberof browser_jools
* @param {Object} rules
*/
function Jools(rules) {
@@ -426,7 +447,7 @@ module.exports = Jools;
require.define("/node_modules/jools/lib/utils.js", function (require, module, exports, __dirname, __filename) {
/**
* Returns an array of parameter names of the function f
*
* @memberof browser_jools
* @param {Function} f
*/
module.exports.paramNames = function (f) {
@@ -443,7 +464,7 @@ module.exports.paramNames = function (f) {
/**
* Creates an array of arguments
*
* @memberof browser_jools
* @param {Object} obj
* @param {Array} params
*/

2
core/main/client/lib/evercookie.js
View File

@@ -1,5 +1,5 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

5
core/main/client/lib/platform.js
View File

@@ -1,8 +1,9 @@
/*!
/**
* Platform.js
* Copyright 2014-2018 Benjamin Tan
* Copyright 2011-2013 John-David Dalton
* Available under MIT license
* @namespace platform
*/
;(function() {
'use strict';
@@ -1032,7 +1033,7 @@
/**
* The platform object.
*
* @name platform
* @memberof platform
* @type Object
*/
var platform = {};

7
core/main/client/logger.js
View File

@@ -1,13 +1,12 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.logger
*
/**
* Provides logging capabilities.
* @namespace beef.logger
*/
beef.logger = {

23
core/main/client/mitb.js
View File

@@ -1,15 +1,18 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/**
* @namespace beef.mitb
*/
beef.mitb = {
cid:null,
curl:null,
/** Initializes */
init:function (cid, curl) {
beef.mitb.cid = cid;
beef.mitb.curl = curl;
@@ -61,7 +64,7 @@ beef.mitb = {
}
},
// Initializes the hook on anchors and forms.
/** Initializes the hook on anchors and forms. */
hook:function () {
beef.onpopstate.push(function (event) {
beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);
@@ -92,7 +95,7 @@ beef.mitb = {
}
},
// Hooks anchors and prevents them from linking away
/** Hooks anchors and prevents them from linking away */
poisonAnchor:function (e) {
try {
e.preventDefault;
@@ -111,7 +114,7 @@ beef.mitb = {
return false;
},
// Hooks forms and prevents them from linking away
/** Hooks forms and prevents them from linking away */
poisonForm:function (form) {
form.onsubmit = function (e) {
@@ -154,7 +157,7 @@ beef.mitb = {
}
},
// Fetches a hooked form with AJAX
/** Fetches a hooked form with AJAX */
fetchForm:function (url, query, target) {
try {
var y = new XMLHttpRequest();
@@ -174,7 +177,7 @@ beef.mitb = {
}
},
// Fetches a hooked link with AJAX
/** Fetches a hooked link with AJAX */
fetch:function (url, target) {
try {
var y = new XMLHttpRequest();
@@ -195,7 +198,7 @@ beef.mitb = {
}
},
// Fetches a window.location=http://domainname.com and setting up history
/** Fetches a window.location=http://domainname.com and setting up history */
fetchOnclick:function (url) {
try {
var target = document.getElementsByTagName("html")[0];
@@ -225,7 +228,7 @@ beef.mitb = {
}
},
// Relays an entry to the framework
/** Relays an entry to the framework */
sniff:function (result) {
try {
beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
@@ -234,7 +237,7 @@ beef.mitb = {
return true;
},
// Signals the Framework that the user has lost the hook
/** Signals the Framework that the user has lost the hook */
endSession:function () {
beef.mitb.sniff("Window closed.");
}

67
core/main/client/net.js
View File

@@ -1,12 +1,10 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net
*
/**
* Provides basic networking functions,
* like beef.net.request and beef.net.forgeRequest,
* used by BeEF command modules and the Requester extension,
@@ -15,6 +13,8 @@
*
* Also, it contains the core methods used by the XHR-polling
* mechanism (flush, queue)
* @namespace beef.net
*
*/
beef.net = {
@@ -82,11 +82,11 @@ beef.net = {
/**
* Queues the specified command results.
* @param: {String} handler: the server-side handler that will be called
* @param: {Integer} cid: command id
* @param: {String} results: the data to send
* @param: {Integer} status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
* @param: {Function} callback: the function to call after execution
* @param {String} handler the server-side handler that will be called
* @param {Integer} cid command id
* @param {String} results the data to send
* @param {Integer} status the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
* @param {Function} callback the function to call after execution
*/
queue: function (handler, cid, results, status, callback) {
if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
@@ -105,12 +105,12 @@ beef.net = {
* NOTE: Always send Browser Fingerprinting results
* (beef.net.browser_details(); -> /init handler) using normal XHR-polling,
* even if WebSockets are enabled.
* @param: {String} handler: the server-side handler that will be called
* @param: {Integer} cid: command id
* @param: {String} results: the data to send
* @param: {Integer} exec_status: the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
* @param: {Function} callback: the function to call after execution
* @return: {Integer} exec_status: the command module execution status (defaults to 0 - 'unknown' if status is null)
* @param {String} handler the server-side handler that will be called
* @param {Integer} cid command id
* @param {String} results the data to send
* @param {Integer} exec_status the result of the command execution (-1, 0 or 1 for 'error', 'unknown' or 'success')
* @param {Function} callback the function to call after execution
* @return {Integer} the command module execution status (defaults to 0 - 'unknown' if status is null)
*/
send: function (handler, cid, results, exec_status, callback) {
// defaults to 'unknown' execution status if no parameter is provided, otherwise set the status
@@ -173,8 +173,8 @@ beef.net = {
/**
* Split the input data into chunk lengths determined by the amount parameter.
* @param: {String} str: the input data
* @param: {Integer} amount: chunk length
* @param {String} str the input data
* @param {Integer} amount chunk length
*/
chunk: function (str, amount) {
if (typeof amount == 'undefined') n = 2;
@@ -184,7 +184,7 @@ beef.net = {
/**
* Push the input stream back to the BeEF server-side components.
* It uses beef.net.request to send back the data.
* @param: {Object} stream: the stream object to be sent back.
* @param {Object} stream the stream object to be sent back.
*/
push: function (stream, callback) {
//need to implement wait feature here eventually
@@ -203,18 +203,18 @@ beef.net = {
/**
* Performs http requests
* @param: {String} scheme: HTTP or HTTPS
* @param: {String} method: GET or POST
* @param: {String} domain: bindshell.net, 192.168.3.4, etc
* @param: {Int} port: 80, 5900, etc
* @param: {String} path: /path/to/resource
* @param: {String} anchor: this is the value that comes after the # in the URL
* @param: {String} data: This will be used as the query string for a GET or post data for a POST
* @param: {Int} timeout: timeout the request after N seconds
* @param: {String} dataType: specify the data return type expected (ie text/html/script)
* @param: {Function} callback: call the callback function at the completion of the method
* @param {String} scheme HTTP or HTTPS
* @param {String} method GET or POST
* @param {String} domain bindshell.net, 192.168.3.4, etc
* @param {Int} port 80, 5900, etc
* @param {String} path /path/to/resource
* @param {String} anchor this is the value that comes after the # in the URL
* @param {String} data This will be used as the query string for a GET or post data for a POST
* @param {Int} timeout timeout the request after N seconds
* @param {String} dataType specify the data return type expected (ie text/html/script)
* @param {Function} callback call the callback function at the completion of the method
*
* @return: {Object} response: this object contains the response details
* @return {Object} this object contains the response details
*/
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain
@@ -307,7 +307,7 @@ beef.net = {
return response;
},
/*
/**
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback
* - allowCrossDomain: set cross-domain requests as allowed or blocked
@@ -490,8 +490,9 @@ beef.net = {
return response;
},
//this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
//http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
/** this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
* http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
*/
clean: function (r) {
if (this.array_has_string_key(r)) {
var obj = {};
@@ -502,7 +503,7 @@ beef.net = {
return r;
},
//Detects if an array has a string key
/** Detects if an array has a string key */
array_has_string_key: function (arr) {
if ($j.isArray(arr)) {
try {

31
core/main/client/net/connection.js
View File

@@ -1,19 +1,22 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
// beef.net.connection - wraps Mozilla's Network Information API
// https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
/**
* beef.net.connection - wraps Mozilla's Network Information API
* https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation
* https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection
* @namespace beef.net.connection
*/
beef.net.connection = {
/* Returns the connection type
* @example: beef.net.connection.type()
* @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
* @return: {String} connection type or 'unknown'.
**/
/**
* Returns the connection type. https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type
* @example beef.net.connection.type()
* @return {String} connection type or 'unknown'.
*/
type: function () {
try {
var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
@@ -25,11 +28,11 @@ beef.net.connection = {
}
},
/* Returns the maximum downlink speed of the connection
* @example: beef.net.connection.downlinkMax()
* @note: https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
* @return: {String} downlink max or 'unknown'.
**/
/**
* Returns the maximum downlink speed of the connection. https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/downlinkMax
* @example beef.net.connection.downlinkMax()
* @return {String} downlink max or 'unknown'.
*/
downlinkMax: function () {
try {
var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;

4
core/main/client/net/cors.js
View File

@@ -1,3 +1,7 @@
/**
* @namespace beef.net.cors
*/
beef.net.cors = {
handler: "cors",

14
core/main/client/net/dns.js
View File

@@ -1,23 +1,29 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.dns
/**
*
* request object structure:
* + msgId: {Integer} Unique message ID for the request.
* + domain: {String} Remote domain to retrieve the data.
* + wait: {Integer} Wait time between requests (milliseconds) - NOT IMPLEMENTED
* + callback: {Function} Callback function to receive the number of requests sent.
* @namespace beef.net.dns
*/
beef.net.dns = {
handler: "dns",
/**
*
* @param msgId
* @param data
* @param domain
* @param callback
*/
send: function(msgId, data, domain, callback) {
var encode_data = function(str) {

16
core/main/client/net/local.js
View File

@@ -1,13 +1,12 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.local
*
/**
* Provides networking functions for the local/internal network of the zombie.
* @namespace beef.net.local
*/
beef.net.local = {
@@ -22,7 +21,6 @@ beef.net.local = {
* is invalid:
* sock: new java.net.Socket();
*/
initializeSocket: function() {
if(this.checkJava){
if(!beef.browser.hasJava()) {
@@ -50,8 +48,8 @@ beef.net.local = {
/**
* Returns the internal IP address of the zombie.
* @return: {String} the internal ip of the zombie.
* @error: return -1 if the internal ip cannot be retrieved.
* @return {String} the internal ip of the zombie.
* @error return -1 if the internal ip cannot be retrieved.
*/
getLocalAddress: function() {
if(!this.hasJava) return false;
@@ -68,8 +66,8 @@ beef.net.local = {
/**
* Returns the internal hostname of the zombie.
* @return: {String} the internal hostname of the zombie.
* @error: return -1 if the hostname cannot be retrieved.
* @return {String} the internal hostname of the zombie.
* @error return -1 if the hostname cannot be retrieved.
*/
getLocalHostname: function() {
if(!this.hasJava) return false;

22
core/main/client/net/portscanner.js
View File

@@ -1,21 +1,27 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.portscanner
*
/**
* Provides port scanning functions for the zombie. A mod of pdp's scanner
*
* Version: '0.1',
* author: 'Petko Petkov',
* homepage: 'http://www.gnucitizen.org'
* @namespace beef.net.portscanner
*/
beef.net.portscanner = {
/**
*
* @param callback
* @param target
* @param port
* @param timeout
*/
scanPort: function(callback, target, port, timeout)
{
var timeout = (timeout == null)?100:timeout;
@@ -38,7 +44,13 @@ beef.net.portscanner = {
}, timeout);
},
/**
*
* @param callback
* @param target
* @param ports_str
* @param timeout
*/
scanTarget: function(callback, target, ports_str, timeout)
{
var ports = ports_str.split(",");

12
core/main/client/net/requester.js
View File

@@ -1,23 +1,25 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.requester
*
/**
* request object structure:
* + method: {String} HTTP method to use (GET or POST).
* + host: {String} hostname
* + query_string: {String} The query string is a part of the URL which is passed to the program.
* + uri: {String} The URI syntax consists of a URI scheme name.
* + headers: {Array} contain the operating parameters of the HTTP request.
* @namespace beef.net.requester
*/
beef.net.requester = {
handler: "requester",
/**
*
* @param {array} requests_array
*/
send: function(requests_array) {
for(var i=0; i<requests_array.length; i++){
request = requests_array[i];

30
core/main/client/net/xssrays.js
View File

@@ -26,11 +26,12 @@
* (E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
*/
/*
/**
* XssRays 0.5.5 ported to BeEF by Michele "antisnatchor" Orru'
* The XSS detection mechanisms has been rewritten from scratch: instead of using the location hash trick (that doesn't work anymore),
* if the vulnerability is triggered the JS code vector will contact back BeEF.
* Other aspects of the original code have been simplified and improved.
* @namespace beef.net.xssrays
*/
beef.net.xssrays = {
handler: "xssrays",
@@ -72,7 +73,10 @@ beef.net.xssrays = {
rays: [],
stack: [],
// return true is the attack vector can be launched to the current browser type.
/**
* return true is the attack vector can be launched to the current browser type.
* @param {array} vector_array_index
*/
checkBrowser:function(vector_array_index){
var result = false;
var browser_id = this.vectors[vector_array_index].browser;
@@ -101,7 +105,14 @@ beef.net.xssrays = {
return result;
},
// main function, where all starts :-)
/**
* main function, where all starts :-)
* @param xssraysScanId
* @param hookedBrowserSession
* @param beefUrl
* @param crossDomain
* @param timeout
*/
startScan:function(xssraysScanId, hookedBrowserSession, beefUrl, crossDomain, timeout) {
this.xssraysScanId = xssraysScanId;
@@ -284,7 +295,14 @@ beef.net.xssrays = {
return str;
},
// this is the main core function with the detection mechanisms...
/**
* this is the main core function with the detection mechanisms...
* @param url
* @param method
* @param vector
* @param params
* @param urlencode
*/
run: function(url, method, vector, params, urlencode) {
this.stack.push(function() {
@@ -429,7 +447,9 @@ beef.net.xssrays = {
});
},
// run the jobs (run functions added to the stack), and clean the shit (iframes) from the DOM after a timeout value
/**
* run the jobs (run functions added to the stack), and clean the shit (iframes) from the DOM after a timeout value
*/
runJobs: function() {
var that = this;
this.totalConnections = this.stack.length;

151
core/main/client/os.js
View File

@@ -1,9 +1,11 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/** @namespace beef.os */
beef.os = {
ua: navigator.userAgent,
@@ -12,6 +14,7 @@ beef.os = {
* Detect default browser (IE only)
* Written by unsticky
* http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
* @return {string}
*/
getDefaultBrowser: function() {
var result = "Unknown"
@@ -31,142 +34,219 @@ beef.os = {
},
// the likelihood that we hook Windows 3.11 (which has only Win in the UA string) is zero in 2015
/**
* @return {boolean}
*/
isWin311: function() {
return (this.ua.match('(Win16)')) ? true : false;
},
/**
* @return {boolean}
*/
isWinNT4: function() {
return (this.ua.match('(Windows NT 4.0)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin95: function() {
return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
},
/**
* @return {boolean}
*/
isWinCE: function() {
return (this.ua.match('(Windows CE)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin98: function() {
return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
},
/**
* @return {boolean}
*/
isWinME: function() {
return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin2000: function() {
return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin2000SP1: function() {
return (this.ua.match('Windows NT 5.01 ')) ? true : false;
},
/**
* @return {boolean}
*/
isWinXP: function() {
return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
},
/**
* @return {boolean}
*/
isWinServer2003: function() {
return (this.ua.match('(Windows NT 5.2)')) ? true : false;
},
/**
* @return {boolean}
*/
isWinVista: function() {
return (this.ua.match('(Windows NT 6.0)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin7: function() {
return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin8: function() {
return (this.ua.match('(Windows NT 6.2)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin81: function() {
return (this.ua.match('(Windows NT 6.3)')) ? true : false;
},
/**
* @return {boolean}
*/
isWin10: function() {
return (this.ua.match('Windows NT 10.0')) ? true : false;
},
/**
* @return {boolean}
*/
isOpenBSD: function() {
return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
},
/**
* @return {boolean}
*/
isSunOS: function() {
return (this.ua.indexOf('SunOS') != -1) ? true : false;
},
/**
* @return {boolean}
*/
isLinux: function() {
return (this.ua.match('(Linux)|(X11)')) ? true : false;
},
/**
* @return {boolean}
*/
isMacintosh: function() {
return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
},
/**
* @return {boolean}
*/
isOsxYosemite: function(){ // TODO
return (this.ua.match('(OS X 10_10)|(OS X 10.10)')) ? true : false;
},
/**
* @return {boolean}
*/
isOsxMavericks: function(){ // TODO
return (this.ua.match('(OS X 10_9)|(OS X 10.9)')) ? true : false;
},
/**
* @return {boolean}
*/
isOsxSnowLeopard: function(){ // TODO
return (this.ua.match('(OS X 10_8)|(OS X 10.8)')) ? true : false;
},
/**
* @return {boolean}
*/
isOsxLeopard: function(){ // TODO
return (this.ua.match('(OS X 10_7)|(OS X 10.7)')) ? true : false;
},
/**
* @return {boolean}
*/
isWinPhone: function() {
return (this.ua.match('(Windows Phone)')) ? true : false;
},
/**
* @return {boolean}
*/
isIphone: function() {
return (this.ua.indexOf('iPhone') != -1) ? true : false;
},
/**
* @return {boolean}
*/
isIpad: function() {
return (this.ua.indexOf('iPad') != -1) ? true : false;
},
/**
* @return {boolean}
*/
isIpod: function() {
return (this.ua.indexOf('iPod') != -1) ? true : false;
},
/**
* @return {boolean}
*/
isNokia: function() {
return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
},
/**
* @return {boolean}
*/
isAndroid: function() {
return (this.ua.match('Android')) ? true : false;
},
/**
* @return {boolean}
*/
isBlackBerry: function() {
return (this.ua.match('BlackBerry')) ? true : false;
},
/**
* @return {boolean}
*/
isWebOS: function() {
return (this.ua.match('webOS')) ? true : false;
},
/**
* @return {boolean}
*/
isQNX: function() {
return (this.ua.match('QNX')) ? true : false;
},
/**
* @return {boolean}
*/
isBeOS: function() {
return (this.ua.match('BeOS')) ? true : false;
},
isAros: function() {
return (this.ua.match('AROS')) ? true : false;
},
/**
* @return {boolean}
*/
isAros: function() {
return (this.ua.match('AROS')) ? true : false;
},
/**
* @return {boolean}
*/
isWindows: function() {
return (this.ua.match('Windows')) ? true : false;
},
/**
* @return {string}
*/
getName: function() {
if(this.isWindows()){
@@ -244,6 +324,7 @@ beef.os = {
/**
* Get OS name
* @return {string}
*/
getVersion: function(){
//Windows

7
core/main/client/session.js
View File

@@ -1,13 +1,12 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.session
*
/**
* Provides basic session functions.
* @namespace beef.session
*/
beef.session = {

26
core/main/client/timeout.js
View File

@@ -1,17 +1,23 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*
Sometimes there are timing issues and looks like beef_init
is not called at all (always in cross-origin situations,
for example calling the hook with jquery getScript,
or sometimes with event handler injections).
To fix this, we call again beef_init after 1 second.
Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
antisnatchor
/**
* Sometimes there are timing issues and looks like beef_init
* is not called at all (always in cross-origin situations,
* for example calling the hook with jquery getScript,
* or sometimes with event handler injections).
*
* To fix this, we call again beef_init after 1 second.
* Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
* antisnatchor
* @namespace beef.timeout
*/
/**
* @memberof beef.timeout
* @function setTimeout
*/
setTimeout(beef_init, 1000);

25
core/main/client/updater.js
View File

@@ -1,34 +1,35 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @Literal object: beef.updater
*
/**
* Object in charge of getting new commands from the BeEF framework and execute them.
* The XHR-polling channel is managed here. If WebSockets are enabled,
* websocket.ls is used instead.
* @namespace beef.updater
*/
beef.updater = {
// XHR-polling timeout.
xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
/** XHR-polling timeout. */
xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
/** Hook session name. */
beefhook: "<%= @hook_session_name %>",
// A lock.
/** A lock. */
lock: false,
// An object containing all values to be registered and sent by the updater.
/** An object containing all values to be registered and sent by the updater. */
objects: new Object(),
/*
/**
* Registers an object to always send when requesting new commands to the framework.
* @param: {String} the name of the object.
* @param: {String} the value of that object.
* @param {String} key the name of the object.
* @param {String} value the value of that object.
*
* @example: beef.updater.regObject('java_enabled', 'true');
* @example beef.updater.regObject('java_enabled', 'true');
*/
regObject: function(key, value) {
this.objects[key] = escape(value);

217
core/main/client/webrtc.js
View File

@@ -1,13 +1,11 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/**
* @Literal object: beef.webrtc
*
* Manage the WebRTC peer to peer communication channels.
* This objects contains all the necessary client-side WebRTC components,
* allowing browsers to use WebRTC to communicate with each other.
@@ -19,21 +17,43 @@
* the signalling.
*
* This is all mostly a Proof of Concept
* @namespace beef.webrtc
*/
beefrtcs = {}; // To handle multiple peers - we need to have a hash of Beefwebrtc objects
// The key is the peer id
globalrtc = {}; // To handle multiple Peers - we have to have a global hash of RTCPeerConnection objects
// these objects persist outside of everything else
// The key is the peer id
rtcstealth = false; // stealth should only be initiated from one peer - this global variable will contain:
// false - i.e not stealthed; or
// <peerid> - i.e. the id of the browser which initiated stealth mode
rtcrecvchan = {}; // To handle multiple event channels - we need to have a global hash of these
// The key is the peer id
/**
* To handle multiple peers - we need to have a hash of Beefwebrtc objects. The key is the peer id.
* @memberof beef.webrtc
*/
beefrtcs = {};
/**
* To handle multiple Peers - we have to have a global hash of RTCPeerConnection objects
* these objects persist outside of everything else. The key is the peer id.
* @memberof beef.webrtc
*/
globalrtc = {};
/**
* stealth should only be initiated from one peer - this global variable will contain:
* false - i.e not stealthed; or
* <peerid> - i.e. the id of the browser which initiated stealth mode
* @memberof beef.webrtc
*/
rtcstealth = false;
/**
* To handle multiple event channels - we need to have a global hash of these. The key is the peer id
* @memberof beef.webrtc
*/
rtcrecvchan = {};
// Beefwebrtc object - wraps everything together for a peer connection
// One of these per peer connection, and will be stored in the beefrtc global hash
/**
* Beefwebrtc object - wraps everything together for a peer connection
* One of these per peer connection, and will be stored in the beefrtc global hash
* @memberof beef.webrtc
* @param initiator
* @param peer
* @param turnjson
* @param stunservers
* @param verbparam
*/
function Beefwebrtc(initiator,peer,turnjson,stunservers,verbparam) {
this.verbose = typeof verbparam !== 'undefined' ? verbparam : false; // whether this object is verbose or not
this.initiator = typeof initiator !== 'undefined' ? initiator : 0; // if 1 - this is the caller; if 0 - this is the receiver
@@ -59,7 +79,10 @@ function Beefwebrtc(initiator,peer,turnjson,stunservers,verbparam) {
// ["stun:stun.l.google.com:19302","stun:stun1.l.google.com:19302"]
}
// Initialize the object
/**
* Initialize the object
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.initialize = function() {
if (this.peerid == null) {
return 0; // no peerid - NO DICE
@@ -88,8 +111,11 @@ Beefwebrtc.prototype.initialize = function() {
return 1; // because .. yeah .. we had a peerid - this is good yar.
}
//Forces the TURN configuration (we can't query that computeengine thing because it's CORS is restrictive)
//These values are now simply passed in from the config.yaml for the webrtc extension
/**
* Forces the TURN configuration (we can't query that computeengine thing because it's CORS is restrictive)
* These values are now simply passed in from the config.yaml for the webrtc extension
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.forceTurn = function(jason) {
var turnServer = JSON.parse(jason);
var iceServers = createIceServers(turnServer.uris,
@@ -103,7 +129,10 @@ Beefwebrtc.prototype.forceTurn = function(jason) {
this.maybeStart();
}
// Try and establish the RTC connection
/**
* Try and establish the RTC connection
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.createPeerConnection = function() {
beef.debug('Creating RTCPeerConnnection with the following options:\n' +
' config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
@@ -129,7 +158,10 @@ Beefwebrtc.prototype.createPeerConnection = function() {
this.dataChannel = globalrtc[this.peerid].createDataChannel("sendDataChannel", {reliable:false});
}
// When the PeerConnection receives a new ICE Candidate
/**
* When the PeerConnection receives a new ICE Candidate
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onIceCandidate = function(event) {
var peerid = null;
@@ -155,9 +187,12 @@ Beefwebrtc.prototype.onIceCandidate = function(event) {
}
}
// For all rtc signalling messages we receive as part of hook.js polling - we have to process them with this function
// This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
// against the message directly
/**
* For all rtc signalling messages we receive as part of hook.js polling - we have to process them with this function
* This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
* against the message directly
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.processMessage = function(message) {
beef.debug('Signalling Message - S->C: ' + JSON.stringify(message));
var msg = JSON.parse(message);
@@ -193,14 +228,20 @@ Beefwebrtc.prototype.processMessage = function(message) {
}
}
// Send a signalling message ..
/**
* Send a signalling message ..
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.sendSignalMsg = function(message) {
var msgString = JSON.stringify(message);
beef.debug('Signalling Message - C->S: ' + msgString);
beef.net.send('/rtcsignal',0,{targetbeefid: this.peerid, signal: msgString});
}
// Used to record ICS candidates locally
/**
* Used to record ICS candidates locally
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
if (this.gatheredIceCandidateTypes[location][type])
return;
@@ -208,12 +249,19 @@ Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
// updateInfoDiv();
}
// When the signalling state changes. We don't actually do anything with this except log it.
/**
* When the signalling state changes. We don't actually do anything with this except log it.
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onSignalingStateChanged = function(event) {
beef.debug("Signalling has changed to: " + event.target.signalingState);
}
// When the ICE Connection State changes - this is useful to determine connection statuses with peers.
/**
* When the ICE Connection State changes - this is useful to determine connection statuses with peers.
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
var peerid = null;
@@ -259,7 +307,10 @@ Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
}
// This is the function when a peer tells us to go into stealth by sending a dataChannel message of "!gostealth"
/**
* This is the function when a peer tells us to go into stealth by sending a dataChannel message of "!gostealth"
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.goStealth = function() {
//stop the beef updater
rtcstealth = this.peerid; // this is a global variable
@@ -269,7 +320,10 @@ Beefwebrtc.prototype.goStealth = function() {
setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
}
// This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
/**
* This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
* @memberof beef.webrtc
*/
rtcpollPeer = function() {
if (rtcstealth == false) {
//my peer has disabled stealth mode
@@ -284,7 +338,10 @@ rtcpollPeer = function() {
setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 5);
}
// When a data channel has been established - within here is the message handling function as well
/**
* When a data channel has been established - within here is the message handling function as well
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onDataChannel = function(event) {
var peerid = null;
for (k in globalrtc) {
@@ -351,20 +408,29 @@ Beefwebrtc.prototype.onDataChannel = function(event) {
}
}
// How the browser executes received JS (this is pretty hacky)
/**
* How the browser executes received JS (this is pretty hacky)
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.execCmd = function(input) {
var fn = new Function(input);
var res = fn();
return res.toString();
}
// Shortcut function to SEND a data messsage
/**
* Shortcut function to SEND a data messsage
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.sendPeerMsg = function(msg) {
beef.debug('sendPeerMsg to ' + this.peerid);
this.dataChannel.send(msg);
}
// Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
/**
* Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.maybeStart = function() {
beef.debug("maybe starting ... ");
@@ -387,7 +453,10 @@ Beefwebrtc.prototype.maybeStart = function() {
}
}
// RTC - create an offer - the caller runs this, while the receiver runs calleeStart()
/**
* RTC - create an offer - the caller runs this, while the receiver runs calleeStart()
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.doCall = function() {
var constraints = this.mergeConstraints(this.offerConstraints, this.sdpConstraints);
var self = this;
@@ -396,7 +465,10 @@ Beefwebrtc.prototype.doCall = function() {
' \'' + JSON.stringify(constraints) + '\'.');
}
// Helper method to merge SDP constraints
/**
* Helper method to merge SDP constraints
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.mergeConstraints = function(cons1, cons2) {
var merged = cons1;
for (var name in cons2.mandatory) {
@@ -406,14 +478,13 @@ Beefwebrtc.prototype.mergeConstraints = function(cons1, cons2) {
return merged;
}
// Sets the local RTC session description, sends this information back (via signalling)
// The caller uses this to set it's local description, and it then has to send this to the peer (via signalling)
// The receiver uses this information too - and vice-versa - hence the signaling
/**
* Sets the local RTC session description, sends this information back (via signalling)
* The caller uses this to set it's local description, and it then has to send this to the peer (via signalling)
* The receiver uses this information too - and vice-versa - hence the signaling
*
*/
Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
// This fucking function does NOT receive a 'this' state, and you can't pass additional parameters
// Stupid .. javascript :(
// So I'm hacking it to find the peerid gah - I believe *this* is what means you can't establish peers concurrently
// i.e. this browser will have to wait for this peerconnection to establish before attempting to connect to the next one..
var peerid = null;
for (var k in beefrtcs) {
@@ -435,17 +506,26 @@ Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
}
}
// If the browser can't build an SDP
/**
* If the browser can't build an SDP
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onCreateSessionDescriptionError = function(error) {
beef.debug('Failed to create session description: ' + error.toString());
}
// If the browser successfully sets a remote description
/**
* If the browser successfully sets a remote description
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onSetRemoteDescriptionSuccess = function() {
beef.debug('Set remote session description successfully');
}
// Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
/**
* Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.calleeStart = function() {
// Callee starts to process cached offer and other messages.
while (this.msgQueue.length > 0) {
@@ -453,7 +533,10 @@ Beefwebrtc.prototype.calleeStart = function() {
}
}
// Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
/**
* Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.processSignalingMessage = function(message) {
if (!this.started) {
beef.debug('peerConnection has not been created yet!');
@@ -522,19 +605,28 @@ Beefwebrtc.prototype.processSignalingMessage = function(message) {
}
}
// Used to set the RTC remote session
/**
* Used to set the RTC remote session
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.setRemote = function(message) {
globalrtc[this.peerid].setRemoteDescription(new RTCSessionDescription(message),
this.onSetRemoteDescriptionSuccess, this.onSetSessionDescriptionError);
}
// As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
/**
* As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.doAnswer = function() {
beef.debug('Sending answer to peer.');
globalrtc[this.peerid].createAnswer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, this.sdpConstraints);
}
// Helper method to determine what kind of ICE Candidate we've received
/**
* Helper method to determine what kind of ICE Candidate we've received
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
if (candidateSDP.indexOf("typ relay ") >= 0)
return "TURN";
@@ -545,17 +637,26 @@ Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
return "UNKNOWN";
}
// Event handler for successful addition of ICE Candidates
/**
* Event handler for successful addition of ICE Candidates
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onAddIceCandidateSuccess = function() {
beef.debug('AddIceCandidate success.');
}
// Event handler for unsuccessful addition of ICE Candidates
/**
* Event handler for unsuccessful addition of ICE Candidates
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onAddIceCandidateError = function(error) {
beef.debug('Failed to add Ice Candidate: ' + error.toString());
}
// If a peer hangs up (we bring down the peerconncetion via the stop() method)
/**
* If a peer hangs up (we bring down the peerconncetion via the stop() method)
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.onRemoteHangup = function() {
beef.debug('Session terminated.');
this.initiator = 0;
@@ -563,7 +664,10 @@ Beefwebrtc.prototype.onRemoteHangup = function() {
this.stop();
}
// Bring down the peer connection
/**
* Bring down the peer connection
* @memberof beef.webrtc
*/
Beefwebrtc.prototype.stop = function() {
this.started = false; // we're no longer started
this.signalingReady = false; // signalling isn't ready
@@ -574,8 +678,11 @@ Beefwebrtc.prototype.stop = function() {
this.allgood = false; // allgood .. NAH UH
}
// The actual beef.webrtc wrapper - this exposes only two functions directly - start, and status
// These are the methods which are executed via the custom extension of the hook.js
/**
* The actual beef.webrtc wrapper - this exposes only two functions directly - start, and status
* These are the methods which are executed via the custom extension of the hook.js
* @memberof beef.webrtc
*/
beef.webrtc = {
// Start the RTCPeerConnection process
start: function(initiator,peer,turnjson,stunservers,verbose) {

5
core/main/client/websocket.js
View File

@@ -1,16 +1,15 @@
//
// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/**
* @Literal object: beef.websocket
*
* Manage the WebSocket communication channel.
* This channel is much faster and responsive, and it's used automatically
* if the browser supports WebSockets AND beef.http.websocket.enable = true.
* @namespace beef.websocket
*/
beef.websocket = {

2
core/main/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/configuration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/console/banners.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/console/commandline.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/browsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/commandmodule.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/hardware.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/constants/os.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/crypto.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/geoip.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/handlers/browserdetails.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/handlers/commands.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/handlers/hookedbrowsers.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/handlers/modules/beefjs.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

4
core/main/handlers/modules/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
@@ -53,7 +53,7 @@ module BeEF
if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
#content = command_module.output.gsub('//
#//
#// Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
#// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
#// Browser Exploitation Framework (BeEF) - http://beefproject.com
#// See the file 'doc/COPYING' for copying permission
#//

2
core/main/logger.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/migration.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/model.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/browserdetails.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/command.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/commandmodule.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/execution.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/hookedbrowser.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/log.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/optioncache.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/result.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/models/rule.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/assethandler.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/handlers/dynamicreconstruction.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/handlers/raw.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/handlers/redirector.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/network_stack/websocket/websocket.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/rest/api.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

2
core/main/rest/handlers/admin.rb
View File

@@ -1,5 +1,5 @@
#
# Copyright (c) 2006-2019 Wade Alcorn - wade@bindshell.net
# Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#

Some files were not shown because too many files have changed in this diff Show More