From bbf7143a9afaec5c0b61b2f040e12c5dce0d9b3b Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Mon, 5 Nov 2012 19:32:34 +0000
Subject: [PATCH] Modified Autorun to work with modules with USER_NOTIFY
 target. Also added a few config options in the main config.yaml.

---
 config.yaml                          |  7 +++++++
 core/main/handlers/browserdetails.rb | 30 ++++++++++++++++++----------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/config.yaml b/config.yaml
index 2e1280a37..29d68f633 100644
--- a/config.yaml
+++ b/config.yaml
@@ -72,6 +72,13 @@ beef:
         user:   "beef"
         passwd: "beef"
 
+    # Autorun modules as soon the browser is hooked.
+    # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
+    autorun:
+        enable: true
+        # set this to FALSE if you don't want to allow auto-run execution for modules with target->user_notify
+        allow_user_notify: true
+
     crypto_default_value_length: 80
 
     # You may override default extension configuration parameters here
diff --git a/core/main/handlers/browserdetails.rb b/core/main/handlers/browserdetails.rb
index 60b059f3f..082892f92 100644
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -24,6 +24,8 @@ module BeEF
         end
 
         def setup()
+          config = BeEF::Core::Configuration.instance
+
           # validate hook session value
           session_id = get_param(@data, 'beefhook')
           (self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id)
@@ -273,19 +275,25 @@ module BeEF
 
 
           # Call autorun modules
-          autorun = []
-          BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
-            if v.has_key?('autorun') and v['autorun'] == true
-              if BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name}) == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
-                BeEF::Module.execute(k, session_id)
-                autorun.push(k)
-              else
-                print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser #{zombie.ip}"
+          if config.get('beef.autorun.enable')
+            autorun = []
+            BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
+              if v.has_key?('autorun') and v['autorun'] == true
+                target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name})
+                if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
+                  BeEF::Module.execute(k, session_id)
+                  autorun.push(k)
+                elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify')
+                  BeEF::Module.execute(k, session_id)
+                  autorun.push(k)
+                else
+                  print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
+                end
               end
+            }
+            if autorun.length > 0
+              print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
             end
-          }
-          if autorun.length > 0
-            print_info "Autorun executed: #{autorun.join(', ')} against Hooked browser #{zombie.ip}"
           end
         end