diff --git a/core/filters/page.rb b/core/filters/page.rb index 4c4bbbf2b..d165529b6 100644 --- a/core/filters/page.rb +++ b/core/filters/page.rb @@ -25,6 +25,16 @@ module Filters return false if str.length > 50 true end + + # Verify the page referrer string is valid + # @param [String] str String for testing + # @return [Boolean] If the string is a valid referrer + def self.is_valid_pagereferrer?(str) + return false if not str.is_a? String + return false if has_non_printable_char?(str) + return false if str.length > 350 + true + end end end diff --git a/core/main/client/browser.js b/core/main/client/browser.js index 2f9f4d177..167f5397f 100644 --- a/core/main/client/browser.js +++ b/core/main/client/browser.js @@ -442,7 +442,7 @@ beef.browser = { if (this.isIE()) { return 'IE'}; // Internet Explorer any version if (this.isO()) { return 'O' }; // Opera any version if (this.isS()) { return 'S' }; // Safari any version - return 'UN'; // Unknown UA + return 'UN'; // Unknown UA }, /** @@ -647,7 +647,8 @@ beef.browser = { var browser_version = beef.browser.getBrowserVersion(); var browser_reported_name = beef.browser.getBrowserReportedName(); var cookies = document.cookie; - var page_title = document.title; + var page_title = (document.title) ? document.title : "No Title"; + var page_referrer = (document.referrer) ? document.referrer : "No Referrer"; var hostname = document.location.hostname; var hostport = (document.location.port)? document.location.port : "80"; var browser_plugins = beef.browser.getPlugins(); @@ -672,6 +673,7 @@ beef.browser = { if(browser_reported_name) details["BrowserReportedName"] = browser_reported_name; if(cookies) details["Cookies"] = cookies; if(page_title) details["PageTitle"] = page_title; + if(page_referrer) details["PageReferrer"] = page_referrer; if(hostname) details["HostName"] = hostname; if(hostport) details["HostPort"] = hostport; if(browser_plugins) details["BrowserPlugins"] = browser_plugins; @@ -749,12 +751,11 @@ beef.browser = { * */ hasGoogleGears: function() { - if (window.google && google.gears) { - return true; - } - var ggfactory = null; + // Chrome + if (window.google && google.gears) return true; + // Firefox if (typeof GearsFactory != 'undefined') { ggfactory = new GearsFactory(); @@ -776,44 +777,34 @@ beef.browser = { ggfactory.height = 0; ggfactory.type = "application/x-googlegears"; document.documentElement.appendChild(ggfactory); - if(ggfactory && (typeof ggfactory.create == 'undefined')) { - ggfactory = null; - } + if(ggfactory && (typeof ggfactory.create == 'undefined')) ggfactory = null; } } } - if (!ggfactory) { - return false - } else { - return true - } + if (!ggfactory) return false; else return true; }, /** * Dynamically changes the favicon: works in Firefox, Chrome and Opera **/ changeFavicon: function(favicon_url) { - var iframe = null; - if (this.isC()) { - iframe = document.createElement('iframe'); - iframe.src = 'about:blank'; - iframe.style.display = 'none'; - document.body.appendChild(iframe); - } - var link = document.createElement('link'), - oldLink = document.getElementById('dynamic-favicon'); - link.id = 'dynamic-favicon'; - link.rel = 'shortcut icon'; - link.href = favicon_url; - if (oldLink) { - document.head.removeChild(oldLink); - } - document.head.appendChild(link); - if (this.isC()) { - iframe.src += ''; - } + var iframe = null; + if (this.isC()) { + iframe = document.createElement('iframe'); + iframe.src = 'about:blank'; + iframe.style.display = 'none'; + document.body.appendChild(iframe); + } + var link = document.createElement('link'), + oldLink = document.getElementById('dynamic-favicon'); + link.id = 'dynamic-favicon'; + link.rel = 'shortcut icon'; + link.href = favicon_url; + if (oldLink) document.head.removeChild(oldLink); + document.head.appendChild(link); + if (this.isC()) iframe.src += ''; }, - + /** * Changes page title **/ @@ -821,13 +812,12 @@ beef.browser = { document.title = title; }, - /** - * A function that gets the max number of simaltaneous connections the browser can make - * per domain, or globally on all domains. - * - * This code is based on research from browserspy.dk - * + * A function that gets the max number of simultaneous connections the + * browser can make per domain, or globally on all domains. + * + * This code is based on research from browserspy.dk + * * @parameter {ENUM: 'PER_DOMAIN', 'GLOBAL'=>default} * @return {Deferred promise} A jQuery deferred object promise, which when resolved passes * the number of connections to the callback function as "this" @@ -840,9 +830,9 @@ beef.browser = { */ getMaxConnections: function(scope) { - var imagesCount = 30; // Max number of images to test. - var secondsTimeout = 5; // Image load timeout threashold. - var testUrl =""; // The image testing service URL. + var imagesCount = 30; // Max number of images to test + var secondsTimeout = 5; // Image load timeout threashold + var testUrl =""; // The image testing service URL // User broserspy.dk max connections service URL. if(scope=='PER_DOMAIN') @@ -852,8 +842,8 @@ beef.browser = { testUrl = "http://.browserspy.dk/connections.php?img=1&random="; - var imagesLoaded = 0; // Number of responding images before timeout. - var imagesRequested = 0; // Number of requested images. + var imagesLoaded = 0; // Number of responding images before timeout. + var imagesRequested = 0; // Number of requested images. var testImages = new Array(); // Array of all images. var deferredObject = $j.Deferred(); // A jquery Deferred object. diff --git a/extensions/admin_ui/controllers/modules/modules.rb b/extensions/admin_ui/controllers/modules/modules.rb index f2be8b570..7837ac361 100644 --- a/extensions/admin_ui/controllers/modules/modules.rb +++ b/extensions/admin_ui/controllers/modules/modules.rb @@ -63,17 +63,32 @@ class Modules < BeEF::Extension::AdminUI::HttpController page_title = BD.get(zombie_session, 'PageTitle') if not page_title.nil? encoded_page_title = CGI.escapeHTML(page_title) - encoded_page_hash = { 'Page Title' => encoded_page_title } + encoded_page_title_hash = { 'Page Title' => encoded_page_title } page_name_row = { 'category' => 'Browser Hook Initialization', - 'data' => encoded_page_hash, + 'data' => encoded_page_title_hash, 'from' => 'Initialization' } summary_grid_hash['results'].push(page_name_row) # add the row end + # set and add the return values for the page referrer + page_referrer = BD.get(zombie_session, 'PageReferrer') + if not page_referrer.nil? + encoded_page_referrer = CGI.escapeHTML(page_referrer) + encoded_page_referrer_hash = { 'Page Referrer' => encoded_page_referrer } + + page_name_row = { + 'category' => 'Browser Hook Initialization', + 'data' => encoded_page_referrer_hash, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end + # set and add the return values for the host name host_name = BD.get(zombie_session, 'HostName') if not host_name.nil? diff --git a/extensions/console/lib/shellinterface.rb b/extensions/console/lib/shellinterface.rb index 07b489fe1..332ae1409 100644 --- a/extensions/console/lib/shellinterface.rb +++ b/extensions/console/lib/shellinterface.rb @@ -272,17 +272,32 @@ class ShellInterface page_title = BD.get(self.targetsession, 'PageTitle') if not page_title.nil? encoded_page_title = CGI.escapeHTML(page_title) - encoded_page_hash = { 'Page Title' => encoded_page_title } + encoded_page_title_hash = { 'Page Title' => encoded_page_title } page_name_row = { 'category' => 'Browser Hook Initialization', - 'data' => encoded_page_hash, + 'data' => encoded_page_title_hash, 'from' => 'Initialization' } summary_grid_hash['results'].push(page_name_row) # add the row end + # set and add the return values for the page referrer + page_referrer = BD.get(self.targetsession, 'PageReferrer') + if not page_referrer.nil? + encoded_page_referrer = CGI.escapeHTML(page_referrer) + encoded_page_referrer_hash = { 'Page Referrer' => encoded_page_referrer } + + page_name_row = { + 'category' => 'Browser Hook Initialization', + 'data' => encoded_page_referrer_hash, + 'from' => 'Initialization' + } + + summary_grid_hash['results'].push(page_name_row) # add the row + end + # set and add the return values for the host name host_name = BD.get(self.targetsession, 'HostName') if not host_name.nil? diff --git a/extensions/initialization/handler.rb b/extensions/initialization/handler.rb index 08565776e..aa3192f69 100644 --- a/extensions/initialization/handler.rb +++ b/extensions/initialization/handler.rb @@ -130,15 +130,15 @@ module BeEF self.err_msg "Invalid page title returned from the hook browser's initial connection." end - page_title = get_param(@data['results'], 'PageTitle') - if BeEF::Filters.is_valid_pagetitle?(page_title) - BD.set(session_id, 'PageTitle', page_title) + # get and store the page referrer + page_referrer = get_param(@data['results'], 'PageReferrer') + if BeEF::Filters.is_valid_pagereferrer?(page_referrer) + BD.set(session_id, 'PageReferrer', page_referrer) else - self.err_msg "Invalid page title returned from the hook browser's initial connection." + self.err_msg "Invalid page referrer returned from the hook browser's initial connection." end - - # get and store page title + # get and store hostname host_name = get_param(@data['results'], 'HostName') if BeEF::Filters.is_valid_hostname?(host_name) BD.set(session_id, 'HostName', host_name)