From b3f8504a2ec2734025d266fe5d7cbae677f428fd Mon Sep 17 00:00:00 2001 From: antisnatchor Date: Fri, 25 May 2012 12:02:28 +0100 Subject: [PATCH] Evasion: added support to scramble cookies as well. --- extensions/evasion/config.yaml | 2 ++ extensions/evasion/obfuscation/scramble.rb | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/extensions/evasion/config.yaml b/extensions/evasion/config.yaml index eae73d1f3..b708a9ecb 100644 --- a/extensions/evasion/config.yaml +++ b/extensions/evasion/config.yaml @@ -20,7 +20,9 @@ beef: name: 'Evasion' authors: ["antisnatchor"] scramble_variables: true + scramble_cookies: true scramble: beef: "beef" Beef: "Beef" + evercookie: "evercookie" chain: ["scramble","minify","base_64"] \ No newline at end of file diff --git a/extensions/evasion/obfuscation/scramble.rb b/extensions/evasion/obfuscation/scramble.rb index 419bf4670..d14ca5cff 100644 --- a/extensions/evasion/obfuscation/scramble.rb +++ b/extensions/evasion/obfuscation/scramble.rb @@ -25,6 +25,7 @@ module BeEF def execute(input, config) @output = input + to_scramble = config.get('beef.extension.evasion.scramble') to_scramble.each do |var, value| if var == value @@ -40,6 +41,20 @@ module BeEF end @output end + + if config.get('beef.extension.evasion.scramble_cookies') + # ideally this should not be static, but it's static in JS code, so fine for nowend + mod_cookie = BeEF::Extension::Evasion::Helper::random_string(5) + if config.get('beef.http.hook_session_name') == "BEEFHOOK" + @output.gsub!("BEEFHOOK",mod_cookie) + config.set('beef.http.hook_session_name',mod_cookie) + print_debug "[OBFUSCATION - SCRAMBLER] cookie [BEEFHOOK] scrambled -> [#{mod_cookie}]" + else + @output.gsub!("BEEFHOOK",config.get('beef.http.hook_session_name')) + print_debug "[OBFUSCATION - SCRAMBLER] cookie [BEEFHOOK] scrambled -> [#{config.get('beef.http.hook_session_name')}]" + end + end + @output end end