diff --git a/beef b/beef index 622e03a27..0c1cc740f 100755 --- a/beef +++ b/beef @@ -114,7 +114,7 @@ print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}" #@note Starts the WebSocket server if config.get("beef.http.websocket.enable") - BeEF::Core::Websocket::Websocket.new + BeEF::Core::Websocket::Websocket.instance end diff --git a/config.yaml b/config.yaml index aabd0d5e5..bd913a9fe 100644 --- a/config.yaml +++ b/config.yaml @@ -38,7 +38,7 @@ beef: hook_session_name: "BEEFHOOK" session_cookie_name: "BEEFSESSION" websocket: - enable: true + enable: false secure: false # use WebSocketSecure port: 11989 @@ -71,4 +71,4 @@ beef: enable: false console: shell: - enable: true + enable: false diff --git a/core/main/client/beef.js b/core/main/client/beef.js index 4bbaa8a30..c0392d5ba 100644 --- a/core/main/client/beef.js +++ b/core/main/client/beef.js @@ -48,14 +48,11 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') { * @param: {Function} the function to execute. */ execute: function(fn) { - console.log("inside execute socket status "+beef.websocket.socket); - if(beef.websocket.socket == null) + if ( typeof beef.websocket == "undefined") this.commands.push(fn); else beef.websocket.send(fn); - /*@todo controllare se il websocket รจ attivo in tal caso - beef.websocket.send(fn) */ - // ; + }, diff --git a/core/main/client/init.js b/core/main/client/init.js index 0ac6ad7f7..978cea92a 100644 --- a/core/main/client/init.js +++ b/core/main/client/init.js @@ -61,12 +61,15 @@ window.onclose = function(event) { function beef_init() { if (!beef.pageIsLoaded) { beef.pageIsLoaded = true; + /*@note we have to load websocket only if browser has websocket and beef server has websocketserver up + * the second check is require for this */ + if(beef.browser.hasWebSocket() && typeof beef.websocket != 'undefined') + beef.websocket.start(); + } beef.net.browser_details(); beef.updater.execute_commands(); beef.updater.check(); beef.logger.start(); - if(beef.browser.hasWebSocket()) - beef.websocket.start(); - } + } diff --git a/core/main/client/net.js b/core/main/client/net.js index 28dfdefe4..d72f3f8d8 100644 --- a/core/main/client/net.js +++ b/core/main/client/net.js @@ -86,14 +86,13 @@ beef.net = { //Queues the current command and flushes the queue straight away send: function(handler, cid, results, callback) { - /*@todo insert ceck websocket up?*/ - console.log("inside SEND socket status "+beef.websocket.socket); - if (beef.websocket.socket == null){ + // if ( typeof beef.websocket == "undefined"){ this.queue(handler, cid, results, callback); - this.flush(); } - else - beef.websocket.send(results); + this.flush(); + //} + // else + // beef.websocket.send(results); }, //Flush all currently queued commands to the framework diff --git a/core/main/client/updater.js b/core/main/client/updater.js index 90b796947..a3cb1e0d7 100644 --- a/core/main/client/updater.js +++ b/core/main/client/updater.js @@ -51,14 +51,14 @@ beef.updater = { beef.net.flush(); if(beef.commands.length > 0) { this.execute_commands(); - } /*here controllare ci sta sto websocket??? nn ha senso fare polling*/ + } else { this.get_commands(); /*Polling*/ } } - /*@Todo Simple ceck to stop polling */ - if (beef.websocket.socket == null) + + //if ( typeof beef.websocket === "undefined") setTimeout("beef.updater.check();", beef.updater.timeout); }, diff --git a/core/main/client/websocket.js b/core/main/client/websocket.js index e155f5f16..547809ebc 100644 --- a/core/main/client/websocket.js +++ b/core/main/client/websocket.js @@ -54,7 +54,7 @@ beef.websocket = { }, send:function (data) { - this.socket.send(data); + this.socket.send(data); console.log("Sent [" + data + "]"); } diff --git a/core/main/handlers/modules/beefjs.rb b/core/main/handlers/modules/beefjs.rb index ea8c8ac0a..eed479cd6 100644 --- a/core/main/handlers/modules/beefjs.rb +++ b/core/main/handlers/modules/beefjs.rb @@ -17,44 +17,49 @@ module BeEF module Core module Handlers module Modules - + # @note Purpose: avoid rewriting several times the same code. module BeEFJS - + # Builds the default beefjs library (all default components of the library). # @param [Object] req_host The request object def build_beefjs!(req_host) - + config = BeEF::Core::Configuration.instance # @note set up values required to construct beefjs - beefjs = '' - # @note location of sub files + beefjs = '' + # @note location of sub files beefjs_path = "#{$root_dir}/core/main/client/" - #@todo radoen insert ceck for websocket require in config.yalm - js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js) + # @note we load websocket library only if ws server is enabled in config.yalm + # check in init.js + if config.get("beef.http.websocket.enable") + js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js) + else + js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js) + end # @note construct the beefjs string from file(s) js_sub_files.each {|js_sub_file_name| - js_sub_file_abs_path = beefjs_path + js_sub_file_name - beefjs << (File.read(js_sub_file_abs_path) + "\n\n") + js_sub_file_abs_path = beefjs_path + js_sub_file_name + beefjs << (File.read(js_sub_file_abs_path) + "\n\n") } - + # @note create the config for the hooked browser session - config = BeEF::Core::Configuration.instance + hook_session_name = config.get('beef.http.hook_session_name') hook_session_config = BeEF::Core::Server.instance.to_h # @note if http_host="0.0.0.0" in config ini, use the host requested by client - if hook_session_config['beef_host'].eql? "0.0.0.0" - hook_session_config['beef_host'] = req_host - hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host) + if hook_session_config['beef_host'].eql? "0.0.0.0" + hook_session_config['beef_host'] = req_host + hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host) end - + # @note populate place holders in the beefjs string and set the response body eruby = Erubis::FastEruby.new(beefjs) @body << eruby.evaluate(hook_session_config) - + end - + # Finds the path to js components # @param [String] component Name of component # @return [String|Boolean] Returns false if path was not found, otherwise returns component path @@ -63,33 +68,33 @@ module Modules component_path.gsub!(/beef./, '') component_path.gsub!(/\./, '/') component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js" - + return false if not File.exists? component_path - + component_path end - + # Builds missing beefjs components. # @param [Array] beefjs_components An array of component names def build_missing_beefjs_components(beefjs_components) # @note verifies that @beef_js_cmps is not nil to avoid bugs @beef_js_cmps = '' if @beef_js_cmps.nil? - + if beefjs_components.is_a? String beefjs_components_path = find_beefjs_component_path(beefjs_components) raise "Invalid component: could not build the beefjs file" if not beefjs_components_path - beefjs_components = {beefjs_components => beefjs_components_path} + beefjs_components = {beefjs_components => beefjs_components_path} end beefjs_components.keys.each {|k| next if @beef_js_cmps.include? beefjs_components[k] - + # @note path to the component component_path = beefjs_components[k] - + # @note we output the component to the hooked browser @body << File.read(component_path)+"\n\n" - + # @note finally we add the component to the list of components already generated so it does not get generated numerous times. if @beef_js_cmps.eql? '' @beef_js_cmps = component_path @@ -100,7 +105,7 @@ module Modules end end - + end end end diff --git a/core/main/handlers/modules/command.rb b/core/main/handlers/modules/command.rb index 4103056c4..d8d189914 100644 --- a/core/main/handlers/modules/command.rb +++ b/core/main/handlers/modules/command.rb @@ -14,64 +14,64 @@ # limitations under the License. # module BeEF -module Core -module Handlers -module Modules + module Core + module Handlers + module Modules - module Command + module Command - # Adds the command module instructions to a hooked browser's http response. - # @param [Object] command Command object - # @param [Object] hooked_browser Hooked Browser object - def add_command_instructions(command, hooked_browser) + # Adds the command module instructions to a hooked browser's http response. + # @param [Object] command Command object + # @param [Object] hooked_browser Hooked Browser object + def add_command_instructions(command, hooked_browser) - (print_error "hooked_browser is nil";return) if hooked_browser.nil? - (print_error "hooked_browser.session is nil";return) if hooked_browser.session.nil? - (print_error "hooked_browser is nil";return) if command.nil? - (print_error "hooked_browser.command_module_id is nil";return) if command.command_module_id.nil? + (print_error "hooked_browser is nil"; return) if hooked_browser.nil? + (print_error "hooked_browser.session is nil"; return) if hooked_browser.session.nil? + (print_error "hooked_browser is nil"; return) if command.nil? + (print_error "hooked_browser.command_module_id is nil"; return) if command.command_module_id.nil? - # @note get the command module - command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id) - (print_error "command_module is nil";return) if command_module.nil? - (print_error "command_module.path is nil";return) if command_module.path.nil? + # @note get the command module + command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id) + (print_error "command_module is nil"; return) if command_module.nil? + (print_error "command_module.path is nil"; return) if command_module.path.nil? - if(command_module.path.match(/^Dynamic/)) - command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new - else - key = BeEF::Module.get_key_by_database_id(command.command_module_id) - command_module = BeEF::Core::Command.const_get(BeEF::Core::Configuration.instance.get("beef.module.#{key}.class")).new(key) - end + if (command_module.path.match(/^Dynamic/)) + command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new + else + key = BeEF::Module.get_key_by_database_id(command.command_module_id) + command_module = BeEF::Core::Command.const_get(BeEF::Core::Configuration.instance.get("beef.module.#{key}.class")).new(key) + end - command_module.command_id = command.id - command_module.session_id = hooked_browser.session - command_module.build_datastore(command.data) - command_module.pre_send + command_module.command_id = command.id + command_module.session_id = hooked_browser.session + command_module.build_datastore(command.data) + command_module.pre_send - build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty? - print_info(BeEF::Core::Websocket::Websocket.getsocket(hooked_browser)) + build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty? + let= BeEF::Core::Websocket::Websocket.instance + #@todo radoen debug this one + exist= let.getsocket(hooked_browser.session) + if exist != nil - #@todo radoen debug this one - if BeEF::Core::Websocket::Websocket.getsocket(hooked_browser) + let.sent(command_module.output, hooked_browser.session) + else + @body << command_module.output + "\n\n" - BeEF::Core::Websocket::Websocket.sent(command,hooked_browser) - else - @body << command_module.output + "\n\n" + end + # @note prints the event to the console + if BeEF::Settings.console? + name = command_module.friendlyname || kclass + print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'" + end + + # @note flag that the command has been sent to the hooked browser + command.instructions_sent = true + command.save + end + + end end - # @note prints the event to the console - if BeEF::Settings.console? - name = command_module.friendlyname || kclass - print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'" - end - - # @note flag that the command has been sent to the hooked browser - command.instructions_sent = true - command.save end - end - -end -end -end end diff --git a/core/main/network_stack/websocket/websocket.rb b/core/main/network_stack/websocket/websocket.rb index 58f4b6665..f9453c1f9 100644 --- a/core/main/network_stack/websocket/websocket.rb +++ b/core/main/network_stack/websocket/websocket.rb @@ -16,9 +16,13 @@ module BeEF module Core module Websocket - class Websocket - #all hooked browser + require 'singleton' + class Websocket + # require 'singleton' + #include Singleton + #all hooked browser + include Singleton @@activeSocket= Hash.new #empty at begin @@ -46,7 +50,7 @@ module BeEF if(/BEEFHOOK=/.match(message)) print_info("Browser #{ws.origin} says helo! ws is running") #insert new connection in activesocket - @@activeSocket[message.split(/BEEFHOOK=/)] = ws + @@activeSocket["#{message.split(/BEEFHOOK=/)}"] = ws print_debug("In activesocket we have #{@@activeSocket}") end end