diff --git a/config.yaml b/config.yaml index 269bb7bac..035adba68 100644 --- a/config.yaml +++ b/config.yaml @@ -14,6 +14,9 @@ beef: # Used for generating secure tokens crypto_default_value_length: 80 + # Testif variable + testif: false + # Credentials to authenticate in BeEF. # Used by both the RESTful API and the Admin interface credentials: diff --git a/core/main/handlers/hookedbrowsers.rb b/core/main/handlers/hookedbrowsers.rb index a2621087d..3f2118b9b 100644 --- a/core/main/handlers/hookedbrowsers.rb +++ b/core/main/handlers/hookedbrowsers.rb @@ -6,11 +6,11 @@ module BeEF module Core module Handlers - + # @note This class handles connections from hooked browsers to the framework. class HookedBrowsers < BeEF::Core::Router::Router - + include BeEF::Core::Handlers::Modules::BeEFJS include BeEF::Core::Handlers::Modules::Command @@ -18,7 +18,7 @@ module Handlers configure do disable :protection end - + # Process HTTP requests sent by a hooked browser to the framework. # It will update the database to add or update the current hooked browser # and deploy some command modules or extensions to the hooked browser. @@ -27,7 +27,7 @@ module Handlers params = request.query_string #@response = Rack::Response.new(body=[], 200, header={}) config = BeEF::Core::Configuration.instance - + # @note check source ip address of browser permitted_hooking_subnet = config.get('beef.restrictions.permitted_hooking_subnet') if permitted_hooking_subnet.nil? || permitted_hooking_subnet.empty? @@ -56,15 +56,15 @@ module Handlers end # @note is a new browser so return instructions to set up the hook - if not hooked_browser - + if not hooked_browser + # @note generate the instructions to hook the browser host_name = request.host (print_error "Invalid host name";return) if not BeEF::Filters.is_valid_hostname?(host_name) build_beefjs!(host_name) - # @note is a known browser so send instructions - else + # @note is a known browser so send instructions + else # @note Check if we haven't seen this browser for a while, log an event if we haven't if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60 BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}") @@ -72,7 +72,7 @@ module Handlers # @note record the last poll from the browser hooked_browser.lastseen = Time.new.to_i - + # @note Check for a change in zombie IP and log an event if config.get('beef.http.use_x_forward_for') == true if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"] @@ -85,10 +85,10 @@ module Handlers hooked_browser.ip = request.ip end end - + hooked_browser.count! hooked_browser.save! - + # @note add all available command module instructions to the response zombie_commands = BeEF::Core::Models::Command.where(:hooked_browser_id => hooked_browser.id, :instructions_sent => false) zombie_commands.each{|command| add_command_instructions(command, hooked_browser)} @@ -114,7 +114,7 @@ module Handlers @body end end - + end end end diff --git a/core/main/handlers/modules/beefjs.rb b/core/main/handlers/modules/beefjs.rb index a4e5699de..87e2969d6 100644 --- a/core/main/handlers/modules/beefjs.rb +++ b/core/main/handlers/modules/beefjs.rb @@ -11,15 +11,16 @@ module BeEF # @note Purpose: avoid rewriting several times the same code. module BeEFJS - include BeEF::Core::Handlers::Modules::legacyBeEFJS # Builds the default beefjs library (all default components of the library). # @param [Object] req_host The request object def build_beefjs!(req_host) - if config.get("beef.testif.enable") + config = BeEF::Core::Configuration.instance + if config.get("beef.testif") print("beefnew") else - legacy_build_beefjs!(req_host) + legacy = BeEF::Core::Handlers::Modules::LegacyBeEFJS + legacy.legacy_build_beefjs!(req_host) end end @@ -27,20 +28,24 @@ module BeEF # @param [String] component Name of component # @return [String|Boolean] Returns false if path was not found, otherwise returns component path def find_beefjs_component_path(component) - if config.get("beef.testif.enable") + config = BeEF::Core::Configuration.instance + if config.get("beef.testif") print("beefnew") else - legacy_find_beefjs_component_path(component) + legacy = BeEF::Core::Handlers::Modules::LegacyBeEFJS + legacy.legacy_find_beefjs_component_path(component) end end # Builds missing beefjs components. # @param [Array] beefjs_components An array of component names def build_missing_beefjs_components(beefjs_components) - if config.get("beef.testif.enable") + config = BeEF::Core::Configuration.instance + if config.get("beef.testif") print("beefnew") else - build_missing_beefjs_components(beefjs_components) + legacy = BeEF::Core::Handlers::Modules::LegacyBeEFJS + legacy.legacy_build_missing_beefjs_components(beefjs_components) end end end diff --git a/core/main/handlers/modules/legacybeefjs.rb b/core/main/handlers/modules/legacybeefjs.rb index f291471c5..b570c5645 100644 --- a/core/main/handlers/modules/legacybeefjs.rb +++ b/core/main/handlers/modules/legacybeefjs.rb @@ -9,11 +9,11 @@ module BeEF module Modules # @note Purpose: avoid rewriting several times the same code. - module BeEFJS + module LegacyBeEFJS # Builds the default beefjs library (all default components of the library). # @param [Object] req_host The request object - def build_beefjs!(req_host) + def legacy_build_beefjs!(req_host) config = BeEF::Core::Configuration.instance # @note set up values required to construct beefjs beef_js = '' @@ -133,7 +133,7 @@ module BeEF # Finds the path to js components # @param [String] component Name of component # @return [String|Boolean] Returns false if path was not found, otherwise returns component path - def find_beefjs_component_path(component) + def legacy_find_beefjs_component_path(component) component_path = component component_path.gsub!(/beef./, '') component_path.gsub!(/\./, '/') @@ -146,7 +146,7 @@ module BeEF # Builds missing beefjs components. # @param [Array] beefjs_components An array of component names - def build_missing_beefjs_components(beefjs_components) + def legacy_build_missing_beefjs_components(beefjs_components) # @note verifies that @beef_js_cmps is not nil to avoid bugs @beef_js_cmps = '' if @beef_js_cmps.nil?