Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix origin / domain terminology (#1688)

Browse Source
This commit is contained in:
zinduolis
2024-10-23 16:07:17 +10:00
parent 89ed6cce8e
commit a5a8196792
173 changed files with 571 additions and 643 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/main/ar-migrations/015_create_http.rb
View File

@@ -4,8 +4,8 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :hooked_browser_id t.text :hooked_browser_id
# The http request to perform. In clear text. # The http request to perform. In clear text.
t.text :request t.text :request
# Boolean value as string to say whether cross-domain requests are allowed # Boolean value as string to say whether cross-origin requests are allowed
t.boolean :allow_cross_domain, default: true t.boolean :allow_cross_origin, default: true
# The http response body received. In clear text. # The http response body received. In clear text.
t.text :response_data t.text :response_data
# The http response code. Useful to handle cases like 404, 500, 302, ... # The http response code. Useful to handle cases like 404, 500, 302, ...
@@ -26,7 +26,7 @@ class CreateHttp < ActiveRecord::Migration[6.0]
t.text :domain t.text :domain
# The port on which perform the request. # The port on which perform the request.
t.text :port t.text :port
# Boolean value to say if the request was cross-domain # Boolean value to say if the request was cross-origin
t.text :has_ran, default: 'waiting' t.text :has_ran, default: 'waiting'
# The path of the request. # The path of the request.
# Example: /secret.html # Example: /secret.html

2
core/main/ar-migrations/025_create_xssrays_scan.rb
View File

@@ -5,7 +5,7 @@ class CreateXssraysScan < ActiveRecord::Migration[6.0]
t.datetime :scan_start t.datetime :scan_start
t.datetime :scan_finish t.datetime :scan_finish
t.text :domain t.text :domain
t.text :cross_domain t.text :cross_origin
t.integer :clean_timeout t.integer :clean_timeout
t.boolean :is_started t.boolean :is_started
t.boolean :is_finished t.boolean :is_finished

4
core/main/client/lib/evercookie.js
View File

@@ -31,7 +31,7 @@
* for example, if someone deletes all but one type of cookie, once * for example, if someone deletes all but one type of cookie, once
* that cookie is re-discovered, all of the other cookie types get reset * that cookie is re-discovered, all of the other cookie types get reset
* *
* !!! SOME OF THESE ARE CROSS-DOMAIN COOKIES, THIS MEANS * !!! SOME OF THESE ARE CROSS-ORIGIN COOKIES, THIS MEANS
* OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!! * OTHER SITES WILL BE ABLE TO READ SOME OF THESE COOKIES !!!
* *
* USAGE: * USAGE:
@@ -803,7 +803,7 @@ this.evercookie_cookie = function(name, value)
else else
return this.getFromStr(name, document.cookie); return this.getFromStr(name, document.cookie);
}catch(e){ }catch(e){
// the hooked domain is using HttpOnly, so we must set the hook ID in a different way. // the hooked origin is using HttpOnly, so we must set the hook ID in a different way.
// evercookie_userdata and evercookie_window will be used in this case. // evercookie_userdata and evercookie_window will be used in this case.
} }
}; };

2
core/main/client/mitb.js
View File

@@ -38,7 +38,7 @@ beef.mitb = {
if (method == "GET") { if (method == "GET") {
//GET request -> cross-origin //GET request -> cross-origin
if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) { if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url); beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
window.open(url); window.open(url);
}else { //GET request -> same-origin }else { //GET request -> same-origin
beef.mitb.sniff("GET [Ajax Request]: " + url); beef.mitb.sniff("GET [Ajax Request]: " + url);

48
core/main/client/net.js
View File

@@ -74,7 +74,7 @@ beef.net = {
this.status_text = null; // success, timeout, error, ... this.status_text = null; // success, timeout, error, ...
this.response_body = null; // "<html>…." if not a cross-origin request this.response_body = null; // "<html>…." if not a cross-origin request
this.port_status = null; // tcp port is open, closed or not http this.port_status = null; // tcp port is open, closed or not http
this.was_cross_domain = null; // true or false this.was_cross_origin = null; // true or false
this.was_timedout = null; // the user specified timeout was reached this.was_timedout = null; // the user specified timeout was reached
this.duration = null; // how long it took for the request to complete this.duration = null; // how long it took for the request to complete
this.headers = null; // full response headers this.headers = null; // full response headers
@@ -217,11 +217,11 @@ beef.net = {
* @return {Object} this object contains the response details * @return {Object} this object contains the response details
*/ */
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) { request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain //check if same origin or cross origin
var cross_domain = true; var cross_origin = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) { if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443"); cross_origin = !(port == "80" || port == "443");
} }
} }
@@ -238,12 +238,12 @@ beef.net = {
//define response object //define response object
var response = new this.response; var response = new this.response;
response.was_cross_domain = cross_domain; response.was_cross_origin = cross_origin;
var start_time = new Date().getTime(); var start_time = new Date().getTime();
/* /*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script': * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests. * This will turn POSTs into GETs for cross origin requests.
*/ */
if (method == "POST") { if (method == "POST") {
$j.ajaxSetup({ $j.ajaxSetup({
@@ -310,7 +310,7 @@ beef.net = {
/** /**
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests: * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback * - requestid: needed on the callback
* - allowCrossDomain: set cross-domain requests as allowed or blocked * - allowCrossOrigin: set cross-origin requests as allowed or blocked
* *
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions. * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
* Example usage: * Example usage:
@@ -318,20 +318,20 @@ beef.net = {
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) { * true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
* alert(response.response_body)}) * alert(response.response_body)})
*/ */
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) { forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
if (domain == "undefined" || path == "undefined") { if (domain == "undefined" || path == "undefined") {
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified."); beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
return; return;
} }
// check if same domain or cross domain // check if same origin or cross origin
var cross_domain = true; var cross_origin = true;
if (document.domain == domain && document.location.protocol == scheme + ':') { if (document.domain == domain && document.location.protocol == scheme + ':') {
if (document.location.port == "" || document.location.port == null) { if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443"); cross_origin = !(port == "80" || port == "443");
} else { } else {
if (document.location.port == port) cross_domain = false; if (document.location.port == port) cross_origin = false;
} }
} }
@@ -348,23 +348,23 @@ beef.net = {
// define response object // define response object
var response = new this.response; var response = new this.response;
response.was_cross_domain = cross_domain; response.was_cross_origin = cross_origin;
var start_time = new Date().getTime(); var start_time = new Date().getTime();
// if cross-domain requests are not allowed and the request is cross-domain // if cross-origin requests are not allowed and the request is cross-origin
// don't proceed and return // don't proceed and return
if (allowCrossDomain == "false" && cross_domain) { if (allowCrossOrigin == "false" && cross_origin) {
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent."); beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
response.status_code = -1; response.status_code = -1;
response.status_text = "crossdomain"; response.status_text = "crossorigin";
response.port_status = "crossdomain"; response.port_status = "crossorigin";
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n"; response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n"; response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
if (callback != null) callback(response, requestid); if (callback != null) callback(response, requestid);
return response; return response;
} }
// if the request was cross-domain from a HTTPS origin to HTTP // if the request was cross-origin from a HTTPS origin to HTTP
// don't proceed and return // don't proceed and return
if (document.location.protocol == 'https:' && scheme == 'http') { if (document.location.protocol == 'https:' && scheme == 'http') {
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent."); beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -379,7 +379,7 @@ beef.net = {
/* /*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script': * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests. * This will turn POSTs into GETs for cross origin requests.
*/ */
if (method == "POST") { if (method == "POST") {
$j.ajaxSetup({ $j.ajaxSetup({
@@ -432,10 +432,10 @@ beef.net = {
}, },
complete: function (xhr, textStatus) { complete: function (xhr, textStatus) {
// cross-domain request // cross-origin request
if (cross_domain) { if (cross_origin) {
response.port_status = "crossdomain"; response.port_status = "crossorigin";
if (xhr.status != 0) { if (xhr.status != 0) {
response.status_code = xhr.status; response.status_code = xhr.status;
@@ -446,7 +446,7 @@ beef.net = {
if (textStatus) { if (textStatus) {
response.status_text = textStatus; response.status_text = textStatus;
} else { } else {
response.status_text = "crossdomain"; response.status_text = "crossorigin";
} }
if (xhr.getAllResponseHeaders()) { if (xhr.getAllResponseHeaders()) {
@@ -460,7 +460,7 @@ beef.net = {
} }
} else { } else {
// same-domain request // same-origin request
response.status_code = xhr.status; response.status_code = xhr.status;
response.status_text = textStatus; response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders(); response.headers = xhr.getAllResponseHeaders();

2
core/main/client/net/requester.js
View File

@@ -25,7 +25,7 @@ beef.net.requester = {
request = requests_array[i]; request = requests_array[i];
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http'; if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data); beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id, beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, { function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body, response_data: res.response_body,
response_status_code: res.status_code, response_status_code: res.status_code,

4
core/main/client/net/xssrays.js
View File

@@ -171,7 +171,7 @@ beef.net.xssrays = {
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol, this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
search:url.search, type: 'url'});//scan each link & param search:url.search, type: 'url'});//scan each link & param
} else { } else {
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString()); beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
beef.debug('\nlocation :' + location.hostname.toString()); beef.debug('\nlocation :' + location.hostname.toString());
} }
} }
@@ -251,7 +251,7 @@ beef.net.xssrays = {
continue; continue;
} }
if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) { if (!this.crossDomain && (this.host(action).toString() != this.host(location.toString()))) {
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString()); beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
beef.debug('location :' + this.host(location)); beef.debug('location :' + this.host(location));
continue; continue;
} }

2
core/main/configuration.rb
View File

@@ -256,7 +256,7 @@ module BeEF
# #
def load_modules_config def load_modules_config
set('beef.module', {}) set('beef.module', {})
# support nested sub-categories, like browser/hooked_domain/ajax_fingerprint # support nested sub-categories, like browser/hooked_origin/ajax_fingerprint
module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml') module_configs = File.join("#{$root_dir}/modules/**", 'config.yaml')
Dir.glob(module_configs) do |cf| Dir.glob(module_configs) do |cf|
y = load(cf) y = load(cf)

2
core/main/handlers/browserdetails.rb
View File

@@ -547,7 +547,7 @@ module BeEF
end end
# log a few info of newly hooked zombie in the console # log a few info of newly hooked zombie in the console
print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked domain [#{log_zombie_domain}:#{log_zombie_port}]" print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, browser:#{browser_name}-#{browser_version}, os:#{os_name}-#{os_version}], hooked origin [#{log_zombie_domain}:#{log_zombie_port}]"
# add localhost as network host # add localhost as network host
if config.get('beef.extension.network.enable') if config.get('beef.extension.network.enable')

6
core/main/router/router.rb
View File

@@ -27,9 +27,9 @@ module BeEF
# @note If CORS is enabled, expose the appropriate headers # @note If CORS is enabled, expose the appropriate headers
if config.get('beef.http.restful_api.allow_cors') if config.get('beef.http.restful_api.allow_cors')
allowed_domains = config.get('beef.http.restful_api.cors_allowed_domains') allowed_origins = config.get('beef.http.restful_api.cors_allowed_origins')
if allowed_domains if allowed_origins
headers 'Access-Control-Allow-Origin' => allowed_domains headers 'Access-Control-Allow-Origin' => allowed_origins
end end
headers 'Access-Control-Allow-Methods' => 'POST, GET' headers 'Access-Control-Allow-Methods' => 'POST, GET'

2
docs/BeefJS.html
View File

@@ -558,7 +558,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/are.js.html
View File

@@ -83,7 +83,7 @@ beef.regCmp("beef.are");
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.are.html
View File

@@ -457,7 +457,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.browser.cookie.html
View File

@@ -634,7 +634,7 @@ Original author unknown.</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.browser.html
View File

@@ -30172,7 +30172,7 @@ Restricted by same-origin policy</p>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.browser.popup.html
View File

@@ -214,7 +214,7 @@ Original author unknown.</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.dom.html
View File

@@ -3679,7 +3679,7 @@ http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html</p>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.encode.base64.html
View File

@@ -731,7 +731,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.encode.json.html
View File

@@ -383,7 +383,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.geolocation.html
View File

@@ -569,7 +569,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.hardware.html
View File

@@ -2077,7 +2077,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.init.html
View File

@@ -477,7 +477,7 @@ the brwoser details. So sendback the browser details again.</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.js.html
View File

@@ -126,7 +126,7 @@ if(typeof beef === 'undefined' &amp;&amp; typeof window.beef === 'undefined') {
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.logger.html
View File

@@ -2159,7 +2159,7 @@ TODO: Cleanup this function</p>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.mitb.html
View File

@@ -917,7 +917,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.net.connection.html
View File

@@ -360,7 +360,7 @@ https://developer.mozilla.org/en-US/docs/Web/API/Navigator/connection</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.net.cors.html
View File

@@ -443,7 +443,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.net.dns.html
View File

@@ -316,7 +316,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

4
docs/beef.net.html
View File

@@ -760,7 +760,7 @@ back to BeEF straight away.</p>
<p>Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:</p> <p>Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:</p>
<ul> <ul>
<li>requestid: needed on the callback</li> <li>requestid: needed on the callback</li>
<li>allowCrossDomain: set cross-domain requests as allowed or blocked</li> <li>allowCrossOrigin: set cross-origin requests as allowed or blocked</li>
</ul> </ul>
<p>forge_request is used mainly by the Requester and Tunneling Proxy Extensions. <p>forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
Example usage: Example usage:
@@ -2379,7 +2379,7 @@ even if WebSockets are enabled.</p>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.net.local.html
View File

@@ -440,7 +440,7 @@ sock: new java.net.Socket();</p>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.net.portscanner.html
View File

@@ -495,7 +495,7 @@ homepage: 'http://www.gnucitizen.org'</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.net.requester.html
View File

@@ -268,7 +268,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.net.xssrays.html
View File

@@ -764,7 +764,7 @@ Other aspects of the original code have been simplified and improved.</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.os.html
View File

@@ -4189,7 +4189,7 @@ http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/</p>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.session.html
View File

@@ -391,7 +391,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.timeout.html
View File

@@ -217,7 +217,7 @@ antisnatchor</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.updater.html
View File

@@ -722,7 +722,7 @@ websocket.js is used instead.</p></div>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.webrtc.html
View File

@@ -3062,7 +3062,7 @@ against the message directly</p>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/beef.websocket.html
View File

@@ -490,7 +490,7 @@ beef.websocket.send('{&quot;handler&quot; : &quot;' + handler + '&quot;, &quot;c
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/browser.js.html
View File

@@ -4680,7 +4680,7 @@ beef.regCmp('beef.browser');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/browser_cookie.js.html
View File

@@ -163,7 +163,7 @@ beef.regCmp('beef.browser.cookie');</code></pre>
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/browser_popup.js.html
View File

@@ -70,7 +70,7 @@ beef.regCmp('beef.browser.popup');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/dom.js.html
View File

@@ -545,7 +545,7 @@ beef.regCmp('beef.dom');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/encode_base64.js.html
View File

@@ -214,7 +214,7 @@ beef.regCmp('beef.encode.base64');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/encode_json.js.html
View File

@@ -182,7 +182,7 @@ beef.regCmp('beef.encode.json');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/geolocation.js.html
View File

@@ -150,7 +150,7 @@ beef.regCmp('beef.geolocation');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/global.html
View File

@@ -192,7 +192,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/hardware.js.html
View File

@@ -359,7 +359,7 @@ beef.regCmp('beef.hardware');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/index.html
View File

@@ -102,7 +102,7 @@ See the file 'doc/COPYING' for copying permission
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/init.js.html
View File

@@ -132,7 +132,7 @@ function beef_init() {
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/lib_platform.js.html
View File

@@ -1302,7 +1302,7 @@
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/logger.js.html
View File

@@ -403,7 +403,7 @@ beef.regCmp('beef.logger');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

4
docs/mitb.js.html
View File

@@ -66,7 +66,7 @@ beef.mitb = {
if (method == "GET") { if (method == "GET") {
//GET request -> cross-origin //GET request -> cross-origin
if (url.indexOf(document.location.hostname) == -1 || (portR != null &amp;&amp; requestPort != document.location.port )) { if (url.indexOf(document.location.hostname) == -1 || (portR != null &amp;&amp; requestPort != document.location.port )) {
beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url); beef.mitb.sniff("GET [Ajax CrossOrigin Request]: " + url);
window.open(url); window.open(url);
}else { //GET request -> same-origin }else { //GET request -> same-origin
beef.mitb.sniff("GET [Ajax Request]: " + url); beef.mitb.sniff("GET [Ajax Request]: " + url);
@@ -288,7 +288,7 @@ beef.regCmp('beef.mitb');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

50
docs/net.js.html
View File

@@ -102,7 +102,7 @@ beef.net = {
this.status_text = null; // success, timeout, error, ... this.status_text = null; // success, timeout, error, ...
this.response_body = null; // "&lt;html>…." if not a cross-origin request this.response_body = null; // "&lt;html>…." if not a cross-origin request
this.port_status = null; // tcp port is open, closed or not http this.port_status = null; // tcp port is open, closed or not http
this.was_cross_domain = null; // true or false this.was_cross_origin = null; // true or false
this.was_timedout = null; // the user specified timeout was reached this.was_timedout = null; // the user specified timeout was reached
this.duration = null; // how long it took for the request to complete this.duration = null; // how long it took for the request to complete
this.headers = null; // full response headers this.headers = null; // full response headers
@@ -245,11 +245,11 @@ beef.net = {
* @return {Object} this object contains the response details * @return {Object} this object contains the response details
*/ */
request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) { request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
//check if same domain or cross domain //check if same origin or cross origin
var cross_domain = true; var cross_origin = true;
if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
if (document.location.port == "" || document.location.port == null) { if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443"); cross_origin = !(port == "80" || port == "443");
} }
} }
@@ -266,12 +266,12 @@ beef.net = {
//define response object //define response object
var response = new this.response; var response = new this.response;
response.was_cross_domain = cross_domain; response.was_cross_origin = cross_origin;
var start_time = new Date().getTime(); var start_time = new Date().getTime();
/* /*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script': * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests. * This will turn POSTs into GETs for cross origin requests.
*/ */
if (method == "POST") { if (method == "POST") {
$j.ajaxSetup({ $j.ajaxSetup({
@@ -338,7 +338,7 @@ beef.net = {
/** /**
* Similar to beef.net.request, except from a few things that are needed when dealing with forged requests: * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
* - requestid: needed on the callback * - requestid: needed on the callback
* - allowCrossDomain: set cross-domain requests as allowed or blocked * - allowCrossOrigin: set cross-origin requests as allowed or blocked
* *
* forge_request is used mainly by the Requester and Tunneling Proxy Extensions. * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
* Example usage: * Example usage:
@@ -346,20 +346,20 @@ beef.net = {
* true, null, { foo: "bar" }, 5, 'html', false, null, function(response) { * true, null, { foo: "bar" }, 5, 'html', false, null, function(response) {
* alert(response.response_body)}) * alert(response.response_body)})
*/ */
forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) { forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossOrigin, requestid, callback) {
if (domain == "undefined" || path == "undefined") { if (domain == "undefined" || path == "undefined") {
beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified."); beef.debug("[beef.net.forge_request] Error: Malformed request. No host specified.");
return; return;
} }
// check if same domain or cross domain // check if same origin or cross origin
var cross_domain = true; var cross_origin = true;
if (document.domain == domain &amp;&amp; document.location.protocol == scheme + ':') { if (document.domain == domain &amp;&amp; document.location.protocol == scheme + ':') {
if (document.location.port == "" || document.location.port == null) { if (document.location.port == "" || document.location.port == null) {
cross_domain = !(port == "80" || port == "443"); cross_origin = !(port == "80" || port == "443");
} else { } else {
if (document.location.port == port) cross_domain = false; if (document.location.port == port) cross_origin = false;
} }
} }
@@ -376,23 +376,23 @@ beef.net = {
// define response object // define response object
var response = new this.response; var response = new this.response;
response.was_cross_domain = cross_domain; response.was_cross_origin = cross_origin;
var start_time = new Date().getTime(); var start_time = new Date().getTime();
// if cross-domain requests are not allowed and the request is cross-domain // if cross-origin requests are not allowed and the request is cross-origin
// don't proceed and return // don't proceed and return
if (allowCrossDomain == "false" &amp;&amp; cross_domain) { if (allowCrossOrigin == "false" &amp;&amp; cross_origin) {
beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent."); beef.debug("[beef.net.forge_request] Error: Cross Domain Request. The request was not sent.");
response.status_code = -1; response.status_code = -1;
response.status_text = "crossdomain"; response.status_text = "crossorigin";
response.port_status = "crossdomain"; response.port_status = "crossorigin";
response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n"; response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
response.headers = "ERROR: Cross Domain Request. The request was not sent.\n"; response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
if (callback != null) callback(response, requestid); if (callback != null) callback(response, requestid);
return response; return response;
} }
// if the request was cross-domain from a HTTPS origin to HTTP // if the request was cross-origin from a HTTPS origin to HTTP
// don't proceed and return // don't proceed and return
if (document.location.protocol == 'https:' &amp;&amp; scheme == 'http') { if (document.location.protocol == 'https:' &amp;&amp; scheme == 'http') {
beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent."); beef.debug("[beef.net.forge_request] Error: Mixed Active Content. The request was not sent.");
@@ -407,7 +407,7 @@ beef.net = {
/* /*
* according to http://api.jquery.com/jQuery.ajax/, Note: having 'script': * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
* This will turn POSTs into GETs for remote-domain requests. * This will turn POSTs into GETs for cross origin requests.
*/ */
if (method == "POST") { if (method == "POST") {
$j.ajaxSetup({ $j.ajaxSetup({
@@ -460,10 +460,10 @@ beef.net = {
}, },
complete: function (xhr, textStatus) { complete: function (xhr, textStatus) {
// cross-domain request // cross-origin request
if (cross_domain) { if (cross_origin) {
response.port_status = "crossdomain"; response.port_status = "crossorigin";
if (xhr.status != 0) { if (xhr.status != 0) {
response.status_code = xhr.status; response.status_code = xhr.status;
@@ -474,7 +474,7 @@ beef.net = {
if (textStatus) { if (textStatus) {
response.status_text = textStatus; response.status_text = textStatus;
} else { } else {
response.status_text = "crossdomain"; response.status_text = "crossorigin";
} }
if (xhr.getAllResponseHeaders()) { if (xhr.getAllResponseHeaders()) {
@@ -488,7 +488,7 @@ beef.net = {
} }
} else { } else {
// same-domain request // same-origin request
response.status_code = xhr.status; response.status_code = xhr.status;
response.status_text = textStatus; response.status_text = textStatus;
response.headers = xhr.getAllResponseHeaders(); response.headers = xhr.getAllResponseHeaders();
@@ -606,7 +606,7 @@ beef.regCmp('beef.net');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/net_connection.js.html
View File

@@ -92,7 +92,7 @@ beef.regCmp('beef.net.connection');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/net_cors.js.html
View File

@@ -125,7 +125,7 @@ beef.regCmp('beef.net.cors');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/net_dns.js.html
View File

@@ -139,7 +139,7 @@ beef.regCmp('beef.net.dns');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/net_local.js.html
View File

@@ -129,7 +129,7 @@ beef.regCmp('beef.net.local');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/net_portscanner.js.html
View File

@@ -108,7 +108,7 @@ beef.regCmp('beef.net.portscanner');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

4
docs/net_requester.js.html
View File

@@ -53,7 +53,7 @@ beef.net.requester = {
request = requests_array[i]; request = requests_array[i];
if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http'; if (request.proto == 'https') var scheme = 'https'; else var scheme = 'http';
beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data); beef.debug('[Requester] ' + request.method + ' ' + scheme + '://' + request.host + ':' + request.port + request.uri + ' - Data: ' + request.data);
beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id, beef.net.forge_request(scheme, request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossOrigin, request.id,
function(res, requestid) { beef.net.send('/requester', requestid, { function(res, requestid) { beef.net.send('/requester', requestid, {
response_data: res.response_body, response_data: res.response_body,
response_status_code: res.status_code, response_status_code: res.status_code,
@@ -83,7 +83,7 @@ beef.regCmp('beef.net.requester');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

6
docs/net_xssrays.js.html
View File

@@ -199,7 +199,7 @@ beef.net.xssrays = {
this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol, this.xss({href:url.href, pathname:url.pathname, hostname:url.hostname, port: url.port, protocol: location.protocol,
search:url.search, type: 'url'});//scan each link &amp; param search:url.search, type: 'url'});//scan each link &amp; param
} else { } else {
beef.debug('Scan is not Cross-domain. URLS\nurl :' + url.hostname.toString()); beef.debug('Scan is not Cross-origin. URLS\nurl :' + url.hostname.toString());
beef.debug('\nlocation :' + location.hostname.toString()); beef.debug('\nlocation :' + location.hostname.toString());
} }
} }
@@ -279,7 +279,7 @@ beef.net.xssrays = {
continue; continue;
} }
if (!this.crossDomain &amp;&amp; (this.host(action).toString() != this.host(location.toString()))) { if (!this.crossDomain &amp;&amp; (this.host(action).toString() != this.host(location.toString()))) {
beef.debug('Scan is not Cross-domain. FormPost\naction :' + this.host(action).toString()); beef.debug('Scan is not Cross-origin. FormPost\naction :' + this.host(action).toString());
beef.debug('location :' + this.host(location)); beef.debug('location :' + this.host(location));
continue; continue;
} }
@@ -541,7 +541,7 @@ beef.regCmp('beef.net.xssrays');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/os.js.html
View File

@@ -403,7 +403,7 @@ beef.regCmp('beef.net.os');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/session.js.html
View File

@@ -116,7 +116,7 @@ beef.regCmp('beef.session');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/timeout.js.html
View File

@@ -65,7 +65,7 @@ setTimeout(beef_init, 1000);
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/updater.js.html
View File

@@ -135,7 +135,7 @@ beef.regCmp('beef.updater');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/webrtc.js.html
View File

@@ -758,7 +758,7 @@ beef.regCmp('beef.webrtc');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

2
docs/websocket.js.html
View File

@@ -142,7 +142,7 @@ beef.regCmp('beef.websocket');
<br class="clear"> <br class="clear">
<footer> <footer>
Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.3</a> on Fri Oct 04 2024 17:02:30 GMT+1000 (Australian Eastern Standard Time) Documentation generated by <a href="https://github.com/jsdoc/jsdoc">JSDoc 4.0.4</a> on Wed Oct 23 2024 16:03:46 GMT+1000 (Australian Eastern Standard Time)
</footer> </footer>
<script> prettyPrint(); </script> <script> prettyPrint(); </script>

4
extensions/admin_ui/media/javascript/ui/panel/ZombieDataGrid.js
View File

@@ -187,7 +187,7 @@ ZombieDataGrid = function(url, page, base) {
end end
if (BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable")) if (BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable"))
context_menu << { context_menu << {
id: 'zombie_grid_xssrays_hooked_domain', id: 'zombie_grid_xssrays_hooked_origin',
text: 'Launch XssRays on Hooked Domain', text: 'Launch XssRays on Hooked Domain',
iconCls: 'zombie-tree-ctxMenu-xssrays' iconCls: 'zombie-tree-ctxMenu-xssrays'
} }
@@ -230,7 +230,7 @@ ZombieDataGrid = function(url, page, base) {
jsonData: {'hb_id': escape(hb_id)} jsonData: {'hb_id': escape(hb_id)}
}); });
break; break;
case 'zombie_grid_xssrays_hooked_domain': case 'zombie_grid_xssrays_hooked_origin':
Ext.Ajax.request({ Ext.Ajax.request({
url: '/api/xssrays/scan/' + escape(hb_id) + '?token=' + beefwui.get_rest_token(), url: '/api/xssrays/scan/' + escape(hb_id) + '?token=' + beefwui.get_rest_token(),
method: 'POST' method: 'POST'

8
extensions/admin_ui/media/javascript/ui/panel/tabs/ZombieTabXssRays.js
View File

@@ -106,9 +106,9 @@ ZombieTab_XssRaysTab = function(zombie) {
padding: '10px 5px 0 5px' padding: '10px 5px 0 5px'
},{ },{
xtype:'checkbox', xtype:'checkbox',
id:'cross_domain', id:'cross_origin',
fieldLabel: 'Cross-domain (check for XSS on cross-domain resources)', fieldLabel: 'Cross-origin (check for XSS on cross-origin resources)',
name: 'cross_domain', name: 'cross_origin',
checked: true checked: true
}], }],
@@ -120,7 +120,7 @@ ZombieTab_XssRaysTab = function(zombie) {
bar.update_sending('Starting XssRays on ' + zombie.ip + ' ...'); bar.update_sending('Starting XssRays on ' + zombie.ip + ' ...');
form.submit({ form.submit({
params: { params: {
cross_domain: document.getElementById('cross_domain').checked cross_origin: document.getElementById('cross_origin').checked
}, },
success: function() { success: function() {
bar.update_sent("Scan settings saved for hooked browser [" + zombie.ip + "]. XssRays will be added to victim DOM on next polling."); bar.update_sent("Scan settings saved for hooked browser [" + zombie.ip + "]. XssRays will be added to victim DOM on next polling.");

4
extensions/admin_ui/media/javascript/ui/panel/zombiesTreeList.js
View File

@@ -79,7 +79,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
end end
if (BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable")) if (BeEF::Core::Configuration.instance.get("beef.extension.xssrays.enable"))
context_menu << { context_menu << {
id: 'xssrays_hooked_domain', id: 'xssrays_hooked_origin',
text: 'Launch XssRays on Hooked Domain', text: 'Launch XssRays on Hooked Domain',
iconCls: 'zombie-tree-ctxMenu-xssrays' iconCls: 'zombie-tree-ctxMenu-xssrays'
} }
@@ -121,7 +121,7 @@ Ext.extend(zombiesTreeList, Ext.tree.TreePanel, {
jsonData: {'hb_id': escape(hb_id)} jsonData: {'hb_id': escape(hb_id)}
}); });
break; break;
case 'xssrays_hooked_domain': case 'xssrays_hooked_origin':
Ext.Ajax.request({ Ext.Ajax.request({
url: '/api/xssrays/scan/' + escape(hb_id) + '?token=' + beefwui.get_rest_token(), url: '/api/xssrays/scan/' + escape(hb_id) + '?token=' + beefwui.get_rest_token(),
method: 'POST' method: 'POST'

2
extensions/proxy/extension.rb
View File

@@ -10,7 +10,7 @@ module BeEF
@short_name = 'proxy' @short_name = 'proxy'
@full_name = 'proxy' @full_name = 'proxy'
@description = 'The tunneling proxy allows HTTP requests to the hooked domain to be tunneled through the victim browser' @description = 'The tunneling proxy allows HTTP requests to the hooked origin to be tunneled through the victim browser'
end end
end end
end end

4
extensions/proxy/proxy.rb
View File

@@ -125,7 +125,7 @@ module BeEF
path: uri_path_and_qs, path: uri_path_and_qs,
request_date: Time.now, request_date: Time.now,
hooked_browser_id: get_tunneling_proxy, hooked_browser_id: get_tunneling_proxy,
allow_cross_domain: 'true' allow_cross_origin: 'true'
) )
http.save http.save
print_debug( print_debug(
@@ -133,7 +133,7 @@ module BeEF
"domain[#{http.domain}:#{http.port}], " \ "domain[#{http.domain}:#{http.port}], " \
"method[#{http.method}], " \ "method[#{http.method}], " \
"path[#{http.path}], " \ "path[#{http.path}], " \
"cross domain[#{http.allow_cross_domain}]" "cross origin[#{http.allow_cross_origin}]"
) )
# Wait for the HTTP response to be stored in the db. # Wait for the HTTP response to be stored in the db.

4
extensions/requester/api/hook.rb
View File

@@ -81,7 +81,7 @@ module BeEF
# The Hash will then be converted into JSON, given as input to beef.net.requester.send Javascript API function # The Hash will then be converted into JSON, given as input to beef.net.requester.send Javascript API function
# and finally sent to and executed by the hooked browser. # and finally sent to and executed by the hooked browser.
def requester_parse_db_request(http_db_object) def requester_parse_db_request(http_db_object)
allow_cross_domain = http_db_object.allow_cross_domain.to_s allow_cross_origin = http_db_object.allow_cross_origin.to_s
verb = http_db_object.method.upcase verb = http_db_object.method.upcase
proto = http_db_object.proto.downcase proto = http_db_object.proto.downcase
uri = http_db_object.request.split(/\s+/)[1] uri = http_db_object.request.split(/\s+/)[1]
@@ -137,7 +137,7 @@ module BeEF
'port' => @port, 'port' => @port,
'uri' => uri, 'uri' => uri,
'headers' => headers, 'headers' => headers,
'allowCrossDomain' => allow_cross_domain 'allowCrossOrigin' => allow_cross_origin
} }
# Add POST request data # Add POST request data

2
extensions/requester/rest/requester.rb
View File

@@ -181,7 +181,7 @@ module BeEF
port: host_port, port: host_port,
path: uri, path: uri,
request_date: Time.now, request_date: Time.now,
allow_cross_domain: 'true' allow_cross_origin: 'true'
) )
print_debug "added new http request for #{zombie.session}" print_debug "added new http request for #{zombie.session}"

12
extensions/xssrays/api/scan.rb
View File

@@ -31,7 +31,7 @@ module BeEF
# the URI of the XssRays handler where rays should come back if the vulnerability is verified # the URI of the XssRays handler where rays should come back if the vulnerability is verified
beefurl = BeEF::Core::Server.instance.url beefurl = BeEF::Core::Server.instance.url
cross_domain = xs.cross_domain cross_origin = xs.cross_origin
timeout = xs.clean_timeout timeout = xs.clean_timeout
ws = BeEF::Core::Websocket::Websocket.instance ws = BeEF::Core::Websocket::Websocket.instance
@@ -47,7 +47,7 @@ module BeEF
// Browser Exploitation Framework (BeEF) - https://beefproject.com // Browser Exploitation Framework (BeEF) - https://beefproject.com
// See the file \'doc/COPYING\' for copying permission // See the file \'doc/COPYING\' for copying permission
//', '') //', '')
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout add_to_body xs.id, hb.session, beefurl, cross_origin, timeout
if config.get('beef.extension.evasion.enable') if config.get('beef.extension.evasion.enable')
evasion = BeEF::Extension::Evasion::Evasion.instance evasion = BeEF::Extension::Evasion::Evasion.instance
@@ -58,18 +58,18 @@ module BeEF
# If we use XHR-polling, add the component to the main hook file # If we use XHR-polling, add the component to the main hook file
else else
build_missing_beefjs_components 'beef.net.xssrays' build_missing_beefjs_components 'beef.net.xssrays'
add_to_body xs.id, hb.session, beefurl, cross_domain, timeout add_to_body xs.id, hb.session, beefurl, cross_origin, timeout
end end
print_debug("[XSSRAYS] Adding XssRays to the DOM. Scan id [#{xs.id}], started at [#{xs.scan_start}], cross domain [#{cross_domain}], clean timeout [#{timeout}].") print_debug("[XSSRAYS] Adding XssRays to the DOM. Scan id [#{xs.id}], started at [#{xs.scan_start}], cross origin [#{cross_origin}], clean timeout [#{timeout}].")
end end
def add_to_body(id, session, beefurl, cross_domain, timeout) def add_to_body(id, session, beefurl, cross_origin, timeout)
config = BeEF::Core::Configuration.instance config = BeEF::Core::Configuration.instance
req = %{ req = %{
beef.execute(function() { beef.execute(function() {
beef.net.xssrays.startScan('#{id}', '#{session}', '#{beefurl}', #{cross_domain}, #{timeout}); beef.net.xssrays.startScan('#{id}', '#{session}', '#{beefurl}', #{cross_origin}, #{timeout});
}); });
} }

2
extensions/xssrays/config.yaml
View File

@@ -10,4 +10,4 @@ beef:
name: 'XSSRays' name: 'XSSRays'
authors: ["antisnatchor"] authors: ["antisnatchor"]
clean_timeout: 3000 clean_timeout: 3000
cross_domain: true cross_origin: true

2
extensions/xssrays/handler.rb
View File

@@ -67,7 +67,7 @@ module BeEF
) )
xssrays_detail.save xssrays_detail.save
print_info("[XSSRAYS] Scan id [#{xssrays_scan.id}] received ray [ip:#{hooked_browser.ip}], hooked domain [#{hooked_browser.domain}]") print_info("[XSSRAYS] Scan id [#{xssrays_scan.id}] received ray [ip:#{hooked_browser.ip}], hooked origin [#{hooked_browser.domain}]")
print_debug("[XSSRAYS] Ray info: \n #{request.query_string}") print_debug("[XSSRAYS] Ray info: \n #{request.query_string}")
end end

22
extensions/xssrays/rest/xssrays.rb
View File

@@ -17,7 +17,7 @@ module BeEF
halt 403 unless BeEF::Core::Rest.permitted_source?(request.ip) halt 403 unless BeEF::Core::Rest.permitted_source?(request.ip)
CLEAN_TIMEOUT = config.get('beef.extension.xssrays.clean_timeout') || 3_000 CLEAN_TIMEOUT = config.get('beef.extension.xssrays.clean_timeout') || 3_000
CROSS_DOMAIN = config.get('beef.extension.xssrays.cross_domain') || true CROSS_ORIGIN = config.get('beef.extension.xssrays.cross_origin') || true
HB = BeEF::Core::Models::HookedBrowser HB = BeEF::Core::Models::HookedBrowser
XS = BeEF::Core::Models::Xssraysscan XS = BeEF::Core::Models::Xssraysscan
@@ -118,12 +118,12 @@ module BeEF
return return
end end
# set Cross-domain settings # set Cross-origin settings
cross_domain = params[:cross_domain].to_s cross_origin = params[:cross_origin].to_s
cross_domain = if cross_domain == '' cross_origin = if cross_origin == ''
CROSS_DOMAIN CROSS_ORIGIN
else else
cross_domain != 'false' cross_origin != 'false'
end end
# set clean timeout settings # set clean timeout settings
@@ -134,8 +134,8 @@ module BeEF
hooked_browser_id: hooked_browser.id, hooked_browser_id: hooked_browser.id,
scan_start: Time.now, scan_start: Time.now,
domain: hooked_browser.domain, domain: hooked_browser.domain,
# check also cross-domain URIs found by the crawler # check also cross-origin URIs found by the crawler
cross_domain: cross_domain, cross_origin: cross_origin,
# how long to wait before removing the iFrames from the DOM (5000ms default) # how long to wait before removing the iFrames from the DOM (5000ms default)
clean_timeout: clean_timeout clean_timeout: clean_timeout
) )
@@ -143,8 +143,8 @@ module BeEF
print_info( print_info(
"[XSSRays] Starting XSSRays [ip:#{hooked_browser.ip}], " \ "[XSSRays] Starting XSSRays [ip:#{hooked_browser.ip}], " \
"hooked domain [#{hooked_browser.domain}], " \ "hooked origin [#{hooked_browser.domain}], " \
"cross-domain: #{cross_domain}, " \ "cross-origin: #{cross_origin}, " \
"clean timeout: #{clean_timeout}" "clean timeout: #{clean_timeout}"
) )
@@ -181,7 +181,7 @@ module BeEF
scan_start: scan.scan_start, scan_start: scan.scan_start,
scan_finish: scan.scan_finish, scan_finish: scan.scan_finish,
domain: scan.domain, domain: scan.domain,
cross_domain: scan.cross_domain, cross_origin: scan.cross_origin,
clean_timeout: scan.clean_timeout, clean_timeout: scan.clean_timeout,
is_started: scan.is_started, is_started: scan.is_started,
is_finished: scan.is_finished is_finished: scan.is_finished

0
modules/browser/hooked_domain/ajax_fingerprint/command.js → modules/browser/hooked_origin/ajax_fingerprint/command.js
View File

0
modules/browser/hooked_domain/ajax_fingerprint/config.yaml → modules/browser/hooked_origin/ajax_fingerprint/config.yaml
View File

0
modules/browser/hooked_domain/ajax_fingerprint/module.rb → modules/browser/hooked_origin/ajax_fingerprint/module.rb
View File

0
modules/browser/hooked_domain/alert_dialog/command.js → modules/browser/hooked_origin/alert_dialog/command.js
View File

0
modules/browser/hooked_domain/alert_dialog/config.yaml → modules/browser/hooked_origin/alert_dialog/config.yaml
View File

0
modules/browser/hooked_domain/alert_dialog/module.rb → modules/browser/hooked_origin/alert_dialog/module.rb
View File

0
modules/browser/hooked_domain/apache_tomcat_examples_cookie_disclosure/command.js → modules/browser/hooked_origin/apache_tomcat_examples_cookie_disclosure/command.js
View File

0
modules/browser/hooked_domain/apache_tomcat_examples_cookie_disclosure/config.yaml → modules/browser/hooked_origin/apache_tomcat_examples_cookie_disclosure/config.yaml
View File

0
modules/browser/hooked_domain/apache_tomcat_examples_cookie_disclosure/module.rb → modules/browser/hooked_origin/apache_tomcat_examples_cookie_disclosure/module.rb
View File

0
modules/browser/hooked_domain/cisco_asa_password_disclosure/command.js → modules/browser/hooked_origin/cisco_asa_password_disclosure/command.js
View File

2
modules/browser/hooked_domain/cisco_asa_password_disclosure/config.yaml → modules/browser/hooked_origin/cisco_asa_password_disclosure/config.yaml
View File

@@ -9,7 +9,7 @@ beef:
enable: true enable: true
category: ["Browser", "Hooked Domain"] category: ["Browser", "Hooked Domain"]
name: "Cisco ASA Plaintext Passwords" name: "Cisco ASA Plaintext Passwords"
description: "Recover Username, password, and second password (MFA) used for a Cisco ASA WebVPN session. The hooked domain needs to be the domain authenticated against." description: "Recover Username, password, and second password (MFA) used for a Cisco ASA WebVPN session. The hooked origin needs to be the origin authenticated against."
authors: ["catatonicprime"] authors: ["catatonicprime"]
target: target:
working: ["All"] working: ["All"]

0
modules/browser/hooked_domain/cisco_asa_password_disclosure/module.rb → modules/browser/hooked_origin/cisco_asa_password_disclosure/module.rb
View File

0
modules/browser/hooked_domain/clear_console/command.js → modules/browser/hooked_origin/clear_console/command.js
View File

0
modules/browser/hooked_domain/clear_console/config.yaml → modules/browser/hooked_origin/clear_console/config.yaml
View File

0
modules/browser/hooked_domain/clear_console/module.rb → modules/browser/hooked_origin/clear_console/module.rb
View File

0
modules/browser/hooked_domain/deface_web_page/command.js → modules/browser/hooked_origin/deface_web_page/command.js
View File

0
modules/browser/hooked_domain/deface_web_page/config.yaml → modules/browser/hooked_origin/deface_web_page/config.yaml
View File

0
modules/browser/hooked_domain/deface_web_page/module.rb → modules/browser/hooked_origin/deface_web_page/module.rb
View File

0
modules/browser/hooked_domain/deface_web_page_component/command.js → modules/browser/hooked_origin/deface_web_page_component/command.js
View File

0
modules/browser/hooked_domain/deface_web_page_component/config.yaml → modules/browser/hooked_origin/deface_web_page_component/config.yaml
View File

0
modules/browser/hooked_domain/deface_web_page_component/module.rb → modules/browser/hooked_origin/deface_web_page_component/module.rb
View File

0
modules/browser/hooked_domain/disable_developer_tools/command.js → modules/browser/hooked_origin/disable_developer_tools/command.js
View File

Some files were not shown because too many files have changed in this diff Show More