Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix issue #662 the Web UI base path can now be configured in the main config.yaml. Web UI JS files are now also minified.

Browse Source
This commit is contained in:
antisnatchor
2013-10-01 17:16:46 +01:00
parent a1f102b869
commit 86d23d3815
30 changed files with 134 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@@ -17,6 +17,7 @@ gem "sinatra", "1.4.2"
gem "rack", "1.5.2"
gem "em-websocket", "~> 0.3.6"
gem "jsmin", "~> 1.0.1"
gem "uglifier", "~> 2.2.1"
gem "ansi"
gem "term-ansicolor", :require => "term/ansicolor"
gem "dm-core"

2
config.yaml
View File

@@ -30,7 +30,7 @@ beef:
# DNS
dns_host: "localhost"
dns_port: 53
panel_path: "/ui/panel"
web_ui_basepath: "/ui"
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"

8
core/main/client/browser.js
View File

@@ -1325,11 +1325,11 @@ beef.browser = {
*/
javaEnabled:function () {
//Use of deployJava defined in deployJava.js (Oracle java deployment toolkit)
versionJRE = deployJava.getJREs();
// versionJRE = deployJava.getJREs();
if(versionJRE != '')
return true;
else
// if(versionJRE != '')
// return true;
// else
return false;
},

2
core/main/console/banners.rb
View File

@@ -86,7 +86,7 @@ module Banners
print_success "running on network interface: #{host}"
beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
print_more data
end

5
core/main/router/router.rb
View File

@@ -114,6 +114,7 @@ module BeEF
# @note Default root page
get "/" do
if config.get("beef.http.web_server_imitation.enable")
bp = config.get "beef.http.web_ui_basepath"
type = config.get("beef.http.web_server_imitation.type")
case type
when "apache"
@@ -209,7 +210,7 @@ module BeEF
"<h2>If you are the website administrator:</h2>" +
"<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>" +
"<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"/ui/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/ui/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"<p><a href=\"http://httpd.apache.org/\"><img src=\"#{bp}/media/images/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"#{bp}/media/images/icons/powered_by_rh.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>" +
"</div>" +
"</div>" +
"</div>" +
@@ -234,7 +235,7 @@ module BeEF
"<table>" +
"<tr>" +
"<td ID=tableProps width=70 valign=top align=center>" +
"<img ID=pagerrorImg src=\"/ui/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<img ID=pagerrorImg src=\"#{bp}/media/images/icons/pagerror.gif\" width=36 height=48>" +
"<td ID=tablePropsWidth width=400>" +
"<h1 ID=errortype style=\"font:14pt/16pt verdana; color:#4e4e4e\">" +
"<P ID=Comment1><!--Problem--><P ID=\"errorText\">Under Construction</h1>" +

70
extensions/admin_ui/api/handler.rb
View File

@@ -12,40 +12,90 @@ module API
# We use this module to register all the http handler for the Administrator UI
#
module Handler
require 'uglifier'
BeEF::API::Registrar.instance.register(BeEF::Extension::AdminUI::API::Handler, BeEF::API::Server, 'mount_handler')
def self.evaluate_and_minify(content, params, name)
erubis = Erubis::FastEruby.new(content)
evaluated = erubis.evaluate(params)
minified = Uglifier.compile(evaluated)
write_to = File.new("#{File.dirname(__FILE__)}/../media/javascript-min/#{name}.js", "w+")
File.open(write_to, 'w') { |file| file.write(minified) }
File.path write_to
end
def self.build_javascript_ui(beef_server)
auth_js_file = File.read(File.dirname(__FILE__)+'/../media/javascript/ui/authentication.js') + "\n\n"
js_files = ""
#NOTE: order counts! make sure you know what you're doing if you add files
esapi = %w(esapi/Class.create.js esapi/jquery-1.6.4.min.js esapi/jquery-encoder-0.1.0.js)
ux = %w(ui/common/beef_common.js ux/PagingStore.js ux/StatusBar.js ux/TabCloseMenu.js)
panel = %w(ui/panel/common.js ui/panel/DistributedEngine.js ui/panel/PanelStatusBar.js ui/panel/tabs/ZombieTabDetails.js ui/panel/tabs/ZombieTabLogs.js ui/panel/tabs/ZombieTabCommands.js ui/panel/tabs/ZombieTabRider.js ui/panel/tabs/ZombieTabXssRays.js wterm/wterm.jquery.js ui/panel/tabs/ZombieTabIpec.js ui/panel/tabs/ZombieTabAutorun.js ui/panel/PanelViewer.js ui/panel/DataGrid.js ui/panel/MainPanel.js ui/panel/ZombieTab.js ui/panel/ZombieTabs.js ui/panel/zombiesTreeList.js ui/panel/ZombiesMgr.js ui/panel/Logout.js ui/panel/WelcomeTab.js)
global_js = esapi + ux + panel
global_js.each do |file|
js_files << File.read(File.dirname(__FILE__)+'/../media/javascript/'+file) + "\n\n"
end
config = BeEF::Core::Configuration.instance
bp = config.get "beef.http.web_ui_basepath"
# if more dynamic variables are needed in JavaScript files
# add them here in the following Hash
params = {
'base_path' => bp
}
# process all JavaScript files, evaluating them with Erubis
web_ui_all = self.evaluate_and_minify(js_files, params, 'web_ui_all')
web_ui_auth = self.evaluate_and_minify(auth_js_file, params, 'web_ui_auth')
beef_server.mount("#{bp}/web_ui_all.js", Rack::File.new(web_ui_all))
beef_server.mount("#{bp}/web_ui_auth.js", Rack::File.new(web_ui_auth))
end
#
# This function gets called automatically by the server.
#
def self.mount_handler(beef_server)
# retrieve the configuration class instance
configuration = BeEF::Core::Configuration.instance
config = BeEF::Core::Configuration.instance
# Web UI base path, like http://beef_domain/<bp>/panel
bp = config.get "beef.http.web_ui_basepath"
# registers the http controllers used by BeEF core (authentication, logs, modules and panel)
Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each do |http_module|
require http_module
mod_name = File.basename http_module, '.rb'
beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
beef_server.mount("#{bp}/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
end
# registers the http controllers used by BeEF extensions (requester, proxy, xssrays, etc..)
Dir["#{$root_dir}/extensions/**/controllers/*.rb"].each do |http_module|
require http_module
mod_name = File.basename http_module, '.rb'
beef_server.mount("/ui/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
beef_server.mount("#{bp}/#{mod_name}", BeEF::Extension::AdminUI::Handlers::UI.new(mod_name))
end
# mount the folder were we store static files (javascript, css, images) for the admin ui
media_dir = File.dirname(__FILE__)+'/../media/'
beef_server.mount('/ui/media', Rack::File.new(media_dir))
beef_server.mount("#{bp}/media", Rack::File.new(media_dir))
# mount the favicon file, if we're not imitating a web server.
if !configuration.get("beef.http.web_server_imitation.enable")
beef_server.mount('/favicon.ico', Rack::File.new("#{media_dir}#{configuration.get("beef.extension.admin_ui.favicon_dir")}/#{configuration.get("beef.extension.admin_ui.favicon_file_name")}"))
if !config.get("beef.http.web_server_imitation.enable")
beef_server.mount('/favicon.ico', Rack::File.new("#{media_dir}#{config.get("beef.extension.admin_ui.favicon_dir")}/#{config.get("beef.extension.admin_ui.favicon_file_name")}"))
end
self.build_javascript_ui beef_server
end
end

26
extensions/admin_ui/classes/httpcontroller.rb
View File

@@ -40,8 +40,12 @@ module AdminUI
def run(request, response)
@request = request
@params = request.params
@session = BeEF::Extension::AdminUI::Session.instance
auth_url = '/ui/authentication'
@session = BeEF::Extension::AdminUI::Session.instance
config = BeEF::Core::Configuration.instance
# Web UI base path, like http://beef_domain/<bp>/panel
@bp = config.get "beef.http.web_ui_basepath"
auth_url = "#{@bp}/authentication"
# test if session is unauth'd and whether the auth functionality is requested
if not @session.valid_session?(@request) and not self.class.eql?(BeEF::Extension::AdminUI::Controllers::Authentication)
@@ -78,14 +82,14 @@ module AdminUI
end
# Constructs a redirect script
def script_redirect(location) "<script> document.location=\"#{location}\"</script>" end
# Constructs a html script tag
def script_tag(filename) "<script src=\"#{$url}/ui/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
# Constructs a html script tag (from media/javascript directory)
def script_tag(filename) "<script src=\"#{$url}#{@bp}/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
# Constructs a html script tag (from media/javascript-min directory)
def script_tag_min(filename) "<script src=\"#{$url}#{@bp}/media/javascript-min/#{filename}\" type=\"text/javascript\"></script>" end
# Constructs a html stylesheet tag
def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}/ui/media/css/#{filename}\" type=\"text/css\" />" end
def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}#{@bp}/media/css/#{filename}\" type=\"text/css\" />" end
# Constructs a hidden html nonce tag
def nonce_tag
@@ -93,6 +97,10 @@ module AdminUI
"<input type=\"hidden\" name=\"nonce\" id=\"nonce\" value=\"" + @session.get_nonce + "\"/>"
end
def base_path
"#{@bp}"
end
private
@eruby

4
extensions/admin_ui/controllers/authentication/index.html
View File

@@ -9,7 +9,7 @@
<%= script_tag 'ext-base.js' %>
<%= script_tag 'ext-all.js' %>
<%= script_tag 'ui/authentication.js' %>
<%= script_tag_min 'web_ui_auth.js' %>
<%= stylesheet_tag 'ext-all.css' %>
@@ -31,6 +31,6 @@
</head>
<body>
<div id="centered"><img id="beef-logo" src="/ui/media/images/beef.png" alt="BeEF - The Browser Exploitation Framework" /></div>
<div id="centered"><img id="beef-logo" src="<%= base_path %>/media/images/beef.png" alt="BeEF - The Browser Exploitation Framework" /></div>
</body>
</html>

43
extensions/admin_ui/controllers/panel/index.html
View File

@@ -12,47 +12,8 @@
<%= script_tag 'ext-base.js' %>
<%= script_tag 'ext-all.js' %>
<%= script_tag 'ext-beef.js' %>
<!-- jQuery encoder (ESAPI way) -->
<%= script_tag 'esapi/jquery-1.6.4.min.js' %>
<%= script_tag 'esapi/Class.create.js' %>
<%= script_tag 'esapi/jquery-encoder-0.1.0.js' %>
<script type="text/javascript" language="JavaScript">var $jEncoder = jQuery.noConflict();</script>
<!-- BeEF Web UI common functions-->
<%= script_tag 'ui/common/beef_common.js' %>
<%= script_tag 'ux/TabCloseMenu.js' %>
<%= script_tag 'ux/StatusBar.js' %>
<%= script_tag 'ux/PagingStore.js' %>
<%= script_tag 'ui/panel/common.js' %>
<%= script_tag 'ui/panel/DistributedEngine.js' %>
<%= script_tag 'ui/panel/PanelStatusBar.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabDetails.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabLogs.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabCommands.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabRider.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabXssRays.js' %>
<%= script_tag 'wterm/wterm.jquery.js' %>
<%= script_tag_min 'web_ui_all.js' %>
<%= stylesheet_tag 'wterm.css' %>
<script type="text/javascript" language="JavaScript">var $jwterm = jQuery.noConflict();</script>
<%= script_tag 'ui/panel/tabs/ZombieTabIpec.js' %>
<%= script_tag 'ui/panel/tabs/ZombieTabAutorun.js' %>
<%= script_tag 'ui/panel/PanelViewer.js' %>
<%= script_tag 'ui/panel/DataGrid.js' %>
<%= script_tag 'ui/panel/MainPanel.js' %>
<%= script_tag 'ui/panel/ZombieTab.js' %>
<%= script_tag 'ui/panel/ZombieTabs.js' %>
<%= script_tag 'ui/panel/zombiesTreeList.js' %>
<%= script_tag 'ui/panel/ZombiesMgr.js' %>
<%= script_tag 'ui/panel/Logout.js' %>
<%= script_tag 'ui/panel/WelcomeTab.js' %>
<!-- <%= script_tag 'ui/panel/HackVertorTab.js' %> -->
<%= stylesheet_tag 'ext-all.css' %>
<%= stylesheet_tag 'base.css' %>
</head>
@@ -63,7 +24,7 @@
<div class="left-menu" id="header-right">
</div>
<div class="right-menu">
<img src="/ui/media/images/favicon.ico" alt="BeEF" title="BeEF" />
<img src="<%= base_path %>/media/images/favicon.ico" alt="BeEF" title="BeEF" />
BeEF <%= BeEF::Core::Configuration.instance.get('beef.version') %> |
<a id='do-submit-bug-menu' href='https://github.com/beefproject/beef/issues/new' target='_blank'>Submit Bug</a> |
<a id='do-logout-menu' href='#'>Logout</a>

2
extensions/admin_ui/media/javascript-min/readme Normal file
View File

@@ -0,0 +1,2 @@
This directory will contain minified JavaScript files used by the Web UI.
Those files are excluded from the GIT report through the .gitignore file.

5
extensions/admin_ui/media/javascript/esapi/jquery-encoder-0.1.0.js
View File

File diff suppressed because one or more lines are too long

36
extensions/admin_ui/media/javascript/ext-beef.js
View File

@@ -1,36 +0,0 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
Ext.beef = function(){
var msgCt;
function createBox(t, s){
return ['<div class="msg">',
'<div class="x-box-tl"><div class="x-box-tr"><div class="x-box-tc"></div></div></div>',
'<div class="x-box-ml"><div class="x-box-mr"><div class="x-box-mc"><h3>', t, '</h3>', s, '</div></div></div>',
'<div class="x-box-bl"><div class="x-box-br"><div class="x-box-bc"></div></div></div>',
'</div>'].join('');
}
return {
msg : function(title, format){
if(!msgCt){
msgCt = Ext.DomHelper.insertFirst(document.body, {id:'msg-div'}, true);
}
msgCt.alignTo(document, 't-t');
var s = String.format.apply(String, Array.prototype.slice.call(arguments, 1));
var m = Ext.DomHelper.append(msgCt, {html:createBox(title, s)}, true);
m.slideIn('t').pause(1).ghost("t", {remove:true});
},
init : function(){
var lb = Ext.get('lib-bar');
if(lb){
lb.show();
}
}
};
}();

2
extensions/admin_ui/media/javascript/ui/authentication.js
View File

@@ -12,7 +12,7 @@ Ext.onReady(function() {
login_form.getForm().submit({
success: function() {
window.location.href = '/ui/panel'
window.location.href = "<%= @base_path %>/panel"
},
failure: function() {
if(Ext.get('loginError') == null) {

2
extensions/admin_ui/media/javascript/ui/common/beef_common.js
View File

@@ -20,7 +20,7 @@ if(typeof beefwui === 'undefined' && typeof window.beefwui === 'undefined') {
*/
get_rest_token: function() {
if(this.rest_token.length == 0){
var url = "/ui/modules/getRestfulApiToken.json";
var url = "<%= @base_path %>/modules/getRestfulApiToken.json";
jQuery.ajax({
contentType: 'application/json',
dataType: 'json',

4
extensions/admin_ui/media/javascript/ui/panel/Logout.js
View File

@@ -10,12 +10,12 @@ DoLogout = function() {
after_logout = function() {
// will redirect the UA to the login
window.location.href = '/ui/panel'
window.location.href = '<%= @base_path %>/panel'
}
button.on('click', function(){
Ext.Ajax.request({
url: '/ui/authentication/logout',
url: '<%= @base_path %>/authentication/logout',
method: 'POST',
params: 'nonce=' + Ext.get("nonce").dom.value,
success: after_logout,

2
extensions/admin_ui/media/javascript/ui/panel/MainPanel.js
View File

@@ -29,7 +29,7 @@ MainPanel = function(){
}
});
this.grid = new DataGrid('/ui/logs/all.json',30);
this.grid = new DataGrid('<%= @base_path %>/logs/all.json',30);
this.grid.border = false;
this.welcome_tab = new WelcomeTab;
//this.hooks_tab = new HooksTab;

4
extensions/admin_ui/media/javascript/ui/panel/PanelViewer.js
View File

@@ -47,7 +47,7 @@ var lastpoll = new Date().getTime();
Ext.TaskMgr.start({
run: function() {
Ext.Ajax.request({
url: '/ui/panel/hooked-browser-tree-update.json',
url: '<%= @base_path %>/panel/hooked-browser-tree-update.json',
method: 'POST',
success: function(response) {
var updates;
@@ -56,7 +56,7 @@ Ext.TaskMgr.start({
} catch (e) {
//The framework has probably been reset and you're actually logged out
var hr = document.getElementById("header-right");
hr.innerHTML = "You appear to be logged out. <a href='/ui/panel/'>Login</a>";
hr.innerHTML = "You appear to be logged out. <a href='<%= @base_path %>/panel/'>Login</a>";
}
var distributed_engine_rules = (updates['ditributed-engine-rules']) ? updates['ditributed-engine-rules'] : null;
var hooked_browsers = (updates['hooked-browsers']) ? updates['hooked-browsers'] : null;

2
extensions/admin_ui/media/javascript/ui/panel/WelcomeTab.js
View File

@@ -12,7 +12,7 @@ WelcomeTab = function() {
welcome = " \
<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' > \
<p><img src='/ui/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
<p><img src='<%= @base_path %>/media/images/beef.jpg' alt='BeEF - The Browser Exploitation Framework' /></p><br /> \
<p>Official website: <a href='http://beefproject.com/'>http://beefproject.com/</a></p><br />\
<p><span style='font:bold 13px tahoma,arial,helvetica,sans-serif'>Getting Started</span></p><br />\
<p>Welcome to BeEF!</p><br /> \

6
extensions/admin_ui/media/javascript/ui/panel/ZombiesMgr.js
View File

@@ -37,9 +37,9 @@ var ZombiesMgr = function(zombies_tree_lists) {
var has_realplayer = zombie_array[index]["has_realplayer"];
var date_stamp = zombie_array[index]["date_stamp"];
text = "<img src='/ui/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='/ui/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='/ui/media/images/icons/"+escape(hw_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text = "<img src='<%= @base_path %>/media/images/icons/"+escape(browser_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='<%= @base_path %>/media/images/icons/"+escape(os_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= "<img src='<%= @base_path %>/media/images/icons/"+escape(hw_icon)+"' style='padding-top:3px;' width='13px' height='13px'/> ";
text+= ip;
balloon_text = "IP: " + ip;

14
extensions/admin_ui/media/javascript/ui/panel/common.js
View File

@@ -111,7 +111,7 @@ function get_dynamic_payload_details(payload, zombie) {
modid = Ext.getCmp( 'form-zombie-'+zombie.session+'-field-mod_id').value
Ext.Ajax.request({
loadMask: true,
url: '/ui/modules/select/commandmodule.json',
url: '/<%= @base_path %>/modules/select/commandmodule.json',
method: 'POST',
params: 'command_module_id=' + modid + '&' + 'payload_name=' + payload,
success: function(resp) {
@@ -146,7 +146,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
panel.removeAll();
Ext.Ajax.request({
url: '/ui/modules/select/command.json',
url: '<%= @base_path %>/modules/select/command.json',
method: 'POST',
params: 'command_id=' + command_id,
loadMask: true,
@@ -159,7 +159,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
}
var form = new Ext.form.FormPanel({
url: '/ui/modules/commandmodule/reexecute',
url: '<%= @base_path %>/modules/commandmodule/reexecute',
id: 'form-command-module-zombie-'+zombie.session,
border: false,
labelWidth: 75,
@@ -208,7 +208,7 @@ function genExistingExploitPanel(panel, command_id, zombie, sb) {
});
var grid_store = new Ext.data.JsonStore({
url: '/ui/modules/select/command_results.json?command_id='+command_id,
url: '<%= @base_path %>/modules/select/command_results.json?command_id='+command_id,
storeId: 'command-results-store-zombie-'+zombie.session,
root: 'results',
remoteSort: false,
@@ -320,7 +320,7 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
} else {
Ext.Ajax.request({
loadMask: true,
url: '/ui/modules/select/commandmodule.json',
url: '<%= @base_path %>/modules/select/commandmodule.json',
method: 'POST',
params: 'command_module_id=' + command_module_id,
success: function(resp) {
@@ -331,9 +331,9 @@ function genNewExploitPanel(panel, command_module_id, command_module_name, zombi
return;
}
var submiturl = '/ui/modules/commandmodule/new';
var submiturl = '<%= @base_path %>/modules/commandmodule/new';
if(module.dynamic){
submiturl = '/ui/modules/commandmodule/dynamicnew';
submiturl = '<%= @base_path %>/modules/commandmodule/dynamicnew';
}
module = module.command_modules[1];

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabAutorun.js
View File

@@ -248,7 +248,7 @@ ZombieTab_Autorun = function(zombie) {
}
}})],
loader: new Ext.tree.TreeLoader({
dataUrl: '/ui/modules/select/commandmodules/tree.json',
dataUrl: '<%= @base_path %>/modules/select/commandmodules/tree.json',
baseParams: {zombie_session: zombie.session},
createNode: function(attr) {
if(attr.checked == null){attr.checked = false;}

4
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabCommands.js
View File

@@ -19,7 +19,7 @@ ZombieTab_Commands = function(zombie) {
var command_module_grid = new Ext.grid.GridPanel({
store: new Ext.data.JsonStore({
url: '/ui/modules/commandmodule/commands.json',
url: '<%= @base_path %>/modules/commandmodule/commands.json',
params: { // insert the nonce with the form
nonce: Ext.get ("nonce").dom.value
},
@@ -107,7 +107,7 @@ ZombieTab_Commands = function(zombie) {
rootVisible: false,
root: {nodeType: 'async'},
loader: new Ext.tree.TreeLoader({
dataUrl: '/ui/modules/select/commandmodules/tree.json',
dataUrl: '<%= @base_path %>/modules/select/commandmodules/tree.json',
baseParams: {zombie_session: zombie.session},
listeners:{
beforeload: function(treeloader, node, callback) {

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabDetails.js
View File

@@ -10,7 +10,7 @@
ZombieTab_DetailsTab = function(zombie) {
var store_summary = new Ext.data.GroupingStore({
url: '/ui/modules/select/zombie_summary.json',
url: '<%= @base_path %>/modules/select/zombie_summary.json',
baseParams: {zombie_session: zombie.session} ,
reader: new Ext.data.JsonReader({
root: 'results'

2
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabLogs.js
View File

@@ -9,7 +9,7 @@
*/
ZombieTab_LogTab = function(zombie) {
var zombieLog = new DataGrid('/ui/logs/zombie.json',30,{session:zombie.session});
var zombieLog = new DataGrid('<%= @base_path %>/logs/zombie.json',30,{session:zombie.session});
zombieLog.border = false;
ZombieTab_LogTab.superclass.constructor.call(this, {

10
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabRider.js
View File

@@ -32,7 +32,7 @@ ZombieTab_Requester = function(zombie) {
title: 'Proxy',
layout: 'fit',
padding: '10 10 10 10',
html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='/ui/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
html: "<div style='font:11px tahoma,arial,helvetica,sans-serif;width:500px' ><p style='font:11px tahoma,arial,helvetica,sans-serif'>The Tunneling Proxy allows you to use a hooked browser as a proxy. Simply right-click a browser from the Hooked Browsers tree to the left and select \"Use as Proxy\".</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/proxy.png'></p><p>The proxy runs on localhost port 6789 by default. Each request sent through the Proxy is recorded in the History panel in the Rider tab. Click a history item to view the HTTP headers and HTML source of the HTTP response.</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/history.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>To manually forge an arbitrary HTTP request use the \"Forge Request\" tab from the Rider tab.</p><p style='margin: 10 0 10 0'><img src='<%= @base_path %>/media/images/help/forge.png'></p><p style='font:11px tahoma,arial,helvetica,sans-serif'>For more information see: <a href=\"https://github.com/beefproject/beef/wiki/Tunneling\">https://github.com/beefproject/beef/wiki/Tunneling</a></p></div>",
listeners: {
activate: function(proxy_panel) {
// to do: refresh list of hooked browsers
@@ -56,7 +56,7 @@ ZombieTab_Requester = function(zombie) {
********************************************/
var history_panel_store = new Ext.ux.data.PagingJsonStore({
storeId: 'requester-history-store-zombie-'+zombie.session,
url: '/ui/requester/history.json',
url: '<%= @base_path %>/requester/history.json',
remoteSort: false,
autoDestroy: true,
autoLoad: false,
@@ -169,7 +169,7 @@ ZombieTab_Requester = function(zombie) {
listeners: {
activate: function(history_panel) {
history_panel.items.items[0].store.reload({params:{url:'/ui/requester/history.json'}});
history_panel.items.items[0].store.reload({params:{url:'<%= @base_path %>/requester/history.json'}});
}
}
});
@@ -190,7 +190,7 @@ ZombieTab_Requester = function(zombie) {
var form = new Ext.FormPanel({
title: 'Forge Raw HTTP Request',
id: 'requester-request-form-zombie'+zombie.session,
url: '/ui/requester/send',
url: '<%= @base_path %>/requester/send',
hideLabels : true,
border: false,
padding: '3px 5px 0 5px',
@@ -251,7 +251,7 @@ ZombieTab_Requester = function(zombie) {
bar.update_sending('Getting response...');
Ext.Ajax.request({
url: '/ui/requester/response.json',
url: '<%= @base_path %>/requester/response.json',
loadMask: true,
params: {

4
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js
View File

@@ -23,7 +23,7 @@ ZombieTab_XssRaysTab = function(zombie) {
var xssrays_logs_store = new Ext.ux.data.PagingJsonStore({
storeId: 'xssrays-logs-store-zombie-' + zombie.session,
url: '/ui/xssrays/zombie.json',
url: '/<%= @base_path %>/xssrays/zombie.json',
remoteSort: false,
autoDestroy: true,
autoLoad: false,
@@ -94,7 +94,7 @@ ZombieTab_XssRaysTab = function(zombie) {
var form = new Ext.FormPanel({
title: 'Scan settings',
id: 'xssrays-config-form-zombie'+zombie.session,
url: '/ui/xssrays/createNewScan',
url: '<%= @base_path %>/xssrays/createNewScan',
labelWidth: 230,
border: false,
padding: '3px 5px 0 5px',

4
extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js
View File

@@ -85,14 +85,14 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
switch (item.id) {
case 'use_as_proxy':
Ext.Ajax.request({
url: '/ui/proxy/setTargetZombie',
url: '<%= @base_path %>/proxy/setTargetZombie',
method: 'POST',
params: 'hb_id=' + escape(hb_id)
});
break;
case 'xssrays_hooked_domain':
Ext.Ajax.request({
url: '/ui/xssrays/set_scan_target',
url: '<%= @base_path %>/xssrays/set_scan_target',
method: 'POST',
params: 'hb_id=' + escape(hb_id)
});

3
extensions/admin_ui/media/javascript/wterm/wterm.jquery.js
View File

@@ -422,3 +422,6 @@
};
})( jQuery );
var $jwterm = jQuery.noConflict();

2
extensions/demos/html/basic.html
View File

@@ -19,7 +19,6 @@
Have fun while your browser is working against you.
</p>
<p>
These links are for demonstrating the "Get Page HREFs" command module<br />
<ul>
@@ -28,7 +27,6 @@
<li><a href="http://slashdot.org/" target="_blank">Slashdot</a>
</ul>
</p>
<p>Have a go at the event logger.<br />
<label for="imptxt">Insert your secret here:</label>&nbsp;&nbsp;<input type="text" id="imptxt" name="Important Text" /></p>

4
extensions/evasion/obfuscation/minify.rb
View File

@@ -6,7 +6,7 @@
module BeEF
module Extension
module Evasion
require 'jsmin'
require 'uglifier'
class Minify
include Singleton
@@ -15,7 +15,7 @@ module BeEF
end
def execute(input, config)
input = JSMin.minify(input)
input = Uglifier.compile(input)
print_debug "[OBFUSCATION - MINIFIER] Javascript has been minified"
input
end