Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hook.js load websocket.js only if specifield in beef configuration file

Browse Source 
if websocket is disabled all work normally
 if websocket is enabled have trouble in command.rb
This commit is contained in:
Graziano Felline
2012-04-12 19:01:49 +02:00
parent af9b3c97b5
commit 23f782b8d8
10 changed files with 105 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
beef
View File

@@ -114,7 +114,7 @@ print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
#@note Starts the WebSocket server
if config.get("beef.http.websocket.enable")
BeEF::Core::Websocket::Websocket.new
BeEF::Core::Websocket::Websocket.instance
end

4
config.yaml
View File

@@ -38,7 +38,7 @@ beef:
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
websocket:
enable: true
enable: false
secure: false # use WebSocketSecure
port: 11989
@@ -71,4 +71,4 @@ beef:
enable: false
console:
shell:
enable: true
enable: false

7
core/main/client/beef.js
View File

@@ -48,14 +48,11 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
* @param: {Function} the function to execute.
*/
execute: function(fn) {
console.log("inside execute socket status "+beef.websocket.socket);
if(beef.websocket.socket == null)
if ( typeof beef.websocket == "undefined")
this.commands.push(fn);
else
beef.websocket.send(fn);
/*@todo controllare se il websocket è attivo in tal caso
beef.websocket.send(fn) */
// ;
},

9
core/main/client/init.js
View File

@@ -61,12 +61,15 @@ window.onclose = function(event) {
function beef_init() {
if (!beef.pageIsLoaded) {
beef.pageIsLoaded = true;
/*@note we have to load websocket only if browser has websocket and beef server has websocketserver up
* the second check is require for this */
if(beef.browser.hasWebSocket() && typeof beef.websocket != 'undefined')
beef.websocket.start();
}
beef.net.browser_details();
beef.updater.execute_commands();
beef.updater.check();
beef.logger.start();
if(beef.browser.hasWebSocket())
beef.websocket.start();
}
}

11
core/main/client/net.js
View File

@@ -86,14 +86,13 @@ beef.net = {
//Queues the current command and flushes the queue straight away
send: function(handler, cid, results, callback) {
/*@todo insert ceck websocket up?*/
console.log("inside SEND socket status "+beef.websocket.socket);
if (beef.websocket.socket == null){
// if ( typeof beef.websocket == "undefined"){
this.queue(handler, cid, results, callback);
this.flush(); }
else
beef.websocket.send(results);
this.flush();
//}
// else
// beef.websocket.send(results);
},
//Flush all currently queued commands to the framework

6
core/main/client/updater.js
View File

@@ -51,14 +51,14 @@ beef.updater = {
beef.net.flush();
if(beef.commands.length > 0) {
this.execute_commands();
} /*here controllare ci sta sto websocket??? nn ha senso fare polling*/
}
else {
this.get_commands(); /*Polling*/
}
}
/*@Todo Simple ceck to stop polling */
if (beef.websocket.socket == null)
//if ( typeof beef.websocket === "undefined")
setTimeout("beef.updater.check();", beef.updater.timeout);
},

2
core/main/client/websocket.js
View File

@@ -54,7 +54,7 @@ beef.websocket = {
},
send:function (data) {
this.socket.send(data);
this.socket.send(data);
console.log("Sent [" + data + "]");
}

57
core/main/handlers/modules/beefjs.rb
View File

@@ -17,44 +17,49 @@ module BeEF
module Core
module Handlers
module Modules
# @note Purpose: avoid rewriting several times the same code.
module BeEFJS
# Builds the default beefjs library (all default components of the library).
# @param [Object] req_host The request object
def build_beefjs!(req_host)
config = BeEF::Core::Configuration.instance
# @note set up values required to construct beefjs
beefjs = ''
# @note location of sub files
beefjs = ''
# @note location of sub files
beefjs_path = "#{$root_dir}/core/main/client/"
#@todo radoen insert ceck for websocket require in config.yalm
js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js)
# @note we load websocket library only if ws server is enabled in config.yalm
# check in init.js
if config.get("beef.http.websocket.enable")
js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js)
else
js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js)
end
# @note construct the beefjs string from file(s)
js_sub_files.each {|js_sub_file_name|
js_sub_file_abs_path = beefjs_path + js_sub_file_name
beefjs << (File.read(js_sub_file_abs_path) + "\n\n")
js_sub_file_abs_path = beefjs_path + js_sub_file_name
beefjs << (File.read(js_sub_file_abs_path) + "\n\n")
}
# @note create the config for the hooked browser session
config = BeEF::Core::Configuration.instance
hook_session_name = config.get('beef.http.hook_session_name')
hook_session_config = BeEF::Core::Server.instance.to_h
# @note if http_host="0.0.0.0" in config ini, use the host requested by client
if hook_session_config['beef_host'].eql? "0.0.0.0"
hook_session_config['beef_host'] = req_host
hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
if hook_session_config['beef_host'].eql? "0.0.0.0"
hook_session_config['beef_host'] = req_host
hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
end
# @note populate place holders in the beefjs string and set the response body
eruby = Erubis::FastEruby.new(beefjs)
@body << eruby.evaluate(hook_session_config)
end
# Finds the path to js components
# @param [String] component Name of component
# @return [String|Boolean] Returns false if path was not found, otherwise returns component path
@@ -63,33 +68,33 @@ module Modules
component_path.gsub!(/beef./, '')
component_path.gsub!(/\./, '/')
component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
return false if not File.exists? component_path
component_path
end
# Builds missing beefjs components.
# @param [Array] beefjs_components An array of component names
def build_missing_beefjs_components(beefjs_components)
# @note verifies that @beef_js_cmps is not nil to avoid bugs
@beef_js_cmps = '' if @beef_js_cmps.nil?
if beefjs_components.is_a? String
beefjs_components_path = find_beefjs_component_path(beefjs_components)
raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
beefjs_components = {beefjs_components => beefjs_components_path}
beefjs_components = {beefjs_components => beefjs_components_path}
end
beefjs_components.keys.each {|k|
next if @beef_js_cmps.include? beefjs_components[k]
# @note path to the component
component_path = beefjs_components[k]
# @note we output the component to the hooked browser
@body << File.read(component_path)+"\n\n"
# @note finally we add the component to the list of components already generated so it does not get generated numerous times.
if @beef_js_cmps.eql? ''
@beef_js_cmps = component_path
@@ -100,7 +105,7 @@ module Modules
end
end
end
end
end

94
core/main/handlers/modules/command.rb
View File

@@ -14,64 +14,64 @@
# limitations under the License.
#
module BeEF
module Core
module Handlers
module Modules
module Core
module Handlers
module Modules
module Command
module Command
# Adds the command module instructions to a hooked browser's http response.
# @param [Object] command Command object
# @param [Object] hooked_browser Hooked Browser object
def add_command_instructions(command, hooked_browser)
# Adds the command module instructions to a hooked browser's http response.
# @param [Object] command Command object
# @param [Object] hooked_browser Hooked Browser object
def add_command_instructions(command, hooked_browser)
(print_error "hooked_browser is nil";return) if hooked_browser.nil?
(print_error "hooked_browser.session is nil";return) if hooked_browser.session.nil?
(print_error "hooked_browser is nil";return) if command.nil?
(print_error "hooked_browser.command_module_id is nil";return) if command.command_module_id.nil?
(print_error "hooked_browser is nil"; return) if hooked_browser.nil?
(print_error "hooked_browser.session is nil"; return) if hooked_browser.session.nil?
(print_error "hooked_browser is nil"; return) if command.nil?
(print_error "hooked_browser.command_module_id is nil"; return) if command.command_module_id.nil?
# @note get the command module
command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
(print_error "command_module is nil";return) if command_module.nil?
(print_error "command_module.path is nil";return) if command_module.path.nil?
# @note get the command module
command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
(print_error "command_module is nil"; return) if command_module.nil?
(print_error "command_module.path is nil"; return) if command_module.path.nil?
if(command_module.path.match(/^Dynamic/))
command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
else
key = BeEF::Module.get_key_by_database_id(command.command_module_id)
command_module = BeEF::Core::Command.const_get(BeEF::Core::Configuration.instance.get("beef.module.#{key}.class")).new(key)
end
if (command_module.path.match(/^Dynamic/))
command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
else
key = BeEF::Module.get_key_by_database_id(command.command_module_id)
command_module = BeEF::Core::Command.const_get(BeEF::Core::Configuration.instance.get("beef.module.#{key}.class")).new(key)
end
command_module.command_id = command.id
command_module.session_id = hooked_browser.session
command_module.build_datastore(command.data)
command_module.pre_send
command_module.command_id = command.id
command_module.session_id = hooked_browser.session
command_module.build_datastore(command.data)
command_module.pre_send
build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
print_info(BeEF::Core::Websocket::Websocket.getsocket(hooked_browser))
build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
let= BeEF::Core::Websocket::Websocket.instance
#@todo radoen debug this one
exist= let.getsocket(hooked_browser.session)
if exist != nil
#@todo radoen debug this one
if BeEF::Core::Websocket::Websocket.getsocket(hooked_browser)
let.sent(command_module.output, hooked_browser.session)
else
@body << command_module.output + "\n\n"
BeEF::Core::Websocket::Websocket.sent(command,hooked_browser)
else
@body << command_module.output + "\n\n"
end
# @note prints the event to the console
if BeEF::Settings.console?
name = command_module.friendlyname || kclass
print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'"
end
# @note flag that the command has been sent to the hooked browser
command.instructions_sent = true
command.save
end
end
end
# @note prints the event to the console
if BeEF::Settings.console?
name = command_module.friendlyname || kclass
print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'"
end
# @note flag that the command has been sent to the hooked browser
command.instructions_sent = true
command.save
end
end
end
end
end
end

10
core/main/network_stack/websocket/websocket.rb
View File

@@ -16,9 +16,13 @@
module BeEF
module Core
module Websocket
class Websocket
#all hooked browser
require 'singleton'
class Websocket
# require 'singleton'
#include Singleton
#all hooked browser
include Singleton
@@activeSocket= Hash.new #empty at begin
@@ -46,7 +50,7 @@ module BeEF
if(/BEEFHOOK=/.match(message))
print_info("Browser #{ws.origin} says helo! ws is running")
#insert new connection in activesocket
@@activeSocket[message.split(/BEEFHOOK=/)] = ws
@@activeSocket["#{message.split(/BEEFHOOK=/)}"] = ws
print_debug("In activesocket we have #{@@activeSocket}")
end
end