diff --git a/config.yaml b/config.yaml index 4bd0c9c41..e853313f4 100644 --- a/config.yaml +++ b/config.yaml @@ -54,9 +54,6 @@ beef: #public: "" # public hostname/IP address #public_port: "" # public port (experimental) - # Web Admin user interface URI - web_ui_basepath: "/ui" - # Hook hook_file: "/hook.js" hook_session_name: "BEEFHOOK" @@ -155,6 +152,7 @@ beef: extension: admin_ui: enable: true + base_path: "/ui" demos: enable: true events: diff --git a/core/main/console/banners.rb b/core/main/console/banners.rb index e1bfe40c6..f8247913f 100644 --- a/core/main/console/banners.rb +++ b/core/main/console/banners.rb @@ -80,14 +80,14 @@ module Banners proto = configuration.get("beef.http.https.enable") == true ? 'https' : 'http' hook_file = configuration.get("beef.http.hook_file") admin_ui = configuration.get("beef.extension.admin_ui.enable") ? true : false - web_ui_basepath = configuration.get("beef.http.web_ui_basepath") + admin_ui_path = configuration.get("beef.extension.admin_ui.base_path") # display the hook URL and Admin UI URL on each interface from the interfaces array self.interfaces.map do |host| print_info "running on network interface: #{host}" port = configuration.get("beef.http.port") data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n" - data += "UI URL: #{proto}://#{host}:#{port}#{web_ui_basepath}/panel\n" if admin_ui + data += "UI URL: #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui print_more data end @@ -97,7 +97,7 @@ module Banners port = configuration.get("beef.http.public_port") || configuration.get('beef.http.port') print_info 'Public:' data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n" - data += "UI URL: #{proto}://#{host}:#{port}#{web_ui_basepath}/panel\n" if admin_ui + data += "UI URL: #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui print_more data end end diff --git a/core/main/router/router.rb b/core/main/router/router.rb index 2c92dfecb..0298b1f49 100644 --- a/core/main/router/router.rb +++ b/core/main/router/router.rb @@ -130,7 +130,7 @@ module BeEF # @note Default root page get "/" do if config.get("beef.http.web_server_imitation.enable") - bp = config.get "beef.http.web_ui_basepath" + bp = config.get "beef.extension.admin_ui.base_path" type = config.get("beef.http.web_server_imitation.type") case type when "apache" diff --git a/core/main/server.rb b/core/main/server.rb index a701c7c78..708713e60 100644 --- a/core/main/server.rb +++ b/core/main/server.rb @@ -152,6 +152,10 @@ module BeEF print_warning 'Warning: Default SSL cert/key in use.' print_more 'Use the generate-certificate utility to generate a new certificate.' end + rescue => e + print_error "Failed to prepare HTTP server: #{e.message}" + puts e.backtrace + exit 1 end # diff --git a/extensions/admin_ui/api/handler.rb b/extensions/admin_ui/api/handler.rb index 915a9b31a..a319c4c78 100644 --- a/extensions/admin_ui/api/handler.rb +++ b/extensions/admin_ui/api/handler.rb @@ -51,7 +51,7 @@ module API end config = BeEF::Core::Configuration.instance - bp = config.get "beef.http.web_ui_basepath" + bp = config.get "beef.extension.admin_ui.base_path" # if more dynamic variables are needed in JavaScript files # add them here in the following Hash @@ -75,7 +75,7 @@ module API config = BeEF::Core::Configuration.instance # Web UI base path, like http://beef_domain//panel - bp = config.get "beef.http.web_ui_basepath" + bp = config.get "beef.extension.admin_ui.base_path" # registers the http controllers used by BeEF core (authentication, logs, modules and panel) Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each do |http_module| diff --git a/extensions/admin_ui/classes/httpcontroller.rb b/extensions/admin_ui/classes/httpcontroller.rb index 685ddda30..f2d7026bd 100644 --- a/extensions/admin_ui/classes/httpcontroller.rb +++ b/extensions/admin_ui/classes/httpcontroller.rb @@ -24,6 +24,10 @@ module AdminUI def initialize(data = {}) @erubis = nil @status = 200 if data['status'].nil? + @session = BeEF::Extension::AdminUI::Session.instance + + config = BeEF::Core::Configuration.instance + @bp = config.get "beef.extension.admin_ui.base_path" @headers = {'Content-Type' => 'text/html; charset=UTF-8'} if data['headers'].nil? @@ -40,11 +44,8 @@ module AdminUI def run(request, response) @request = request @params = request.params - @session = BeEF::Extension::AdminUI::Session.instance - config = BeEF::Core::Configuration.instance # Web UI base path, like http://beef_domain//panel - @bp = config.get "beef.http.web_ui_basepath" auth_url = "#{@bp}/authentication" # test if session is unauth'd and whether the auth functionality is requested @@ -77,7 +78,6 @@ module AdminUI # set content type if @headers['Content-Type'].nil? @headers['Content-Type']='text/html; charset=UTF-8' # default content and charset type for all pages - @headers['Content-Type']='application/json; charset=UTF-8' if request.path =~ /\.json$/ end rescue => e print_error "Error handling HTTP request: #{e.message}" @@ -85,22 +85,27 @@ module AdminUI end # Constructs a html script tag (from media/javascript directory) - def script_tag(filename) "" end + def script_tag(filename) + "" + end # Constructs a html script tag (from media/javascript-min directory) - def script_tag_min(filename) "" end + def script_tag_min(filename) + "" + end # Constructs a html stylesheet tag - def stylesheet_tag(filename) "" end + def stylesheet_tag(filename) + "" + end # Constructs a hidden html nonce tag def nonce_tag - @session = BeEF::Extension::AdminUI::Session.instance - "" + "" end def base_path - "#{@bp}" + @bp.to_s end private @@ -108,10 +113,10 @@ module AdminUI @eruby # Unescapes a URL-encoded string. - def unescape(s); s.tr('+', ' ').gsub(/%([\da-f]{2})/in){[$1].pack('H*')} end - + def unescape(s) + s.tr('+', ' ').gsub(/%([\da-f]{2})/in){[$1].pack('H*')} + end end - end end end diff --git a/extensions/admin_ui/config.yaml b/extensions/admin_ui/config.yaml index ce803a895..52131c44c 100644 --- a/extensions/admin_ui/config.yaml +++ b/extensions/admin_ui/config.yaml @@ -8,8 +8,14 @@ beef: admin_ui: name: 'Admin UI' enable: false + + # Admin UI base path + base_path: "/ui" + + # Favicon favicon_file_name: "favicon.ico" favicon_dir: "/images" + login_fail_delay: 1 play_sound_on_new_zombie: false diff --git a/extensions/demos/html/basic.html b/extensions/demos/html/basic.html index d8e7bbdc8..0b4eaddf2 100644 --- a/extensions/demos/html/basic.html +++ b/extensions/demos/html/basic.html @@ -16,7 +16,7 @@
- +

You should be hooked into BeEF.

Have fun while your browser is working against you.