Add Erubis to Demos extension

Change demo pages to load hook from beef.http.hook_url
instead of '/hook.js'

Fix #1024

extensions/demos/api.rb

@@ -6,15 +6,26 @@
 module BeEF
 module Extension
 module Demos
-  
+
   module RegisterHttpHandlers
-    
+
     BeEF::API::Registrar.instance.register(BeEF::Extension::Demos::RegisterHttpHandlers, BeEF::API::Server, 'mount_handler')
-    
+
     def self.mount_handler(beef_server)
-      # mount the handler to support the demos
-      dir = File.dirname(__FILE__)+'/html/'
-      beef_server.mount('/demos/', Rack::File.new(dir))
+      # mount everything in html directory to /demos/
+      path = File.dirname(__FILE__)+'/html/'
+      files = Dir[path+'**/*']
+      files.each do |f|
+        # don't follow symlinks
+        next if File.symlink?(f)
+        mount_path = '/demos/'+f.sub(path,'')
+        if File.extname(f) == '.html'
+          # use handler to mount HTML templates
+          beef_server.mount(mount_path, BeEF::Extension::Demos::Handler.new(f))
+        else
+          beef_server.mount(mount_path, Rack::File.new(f))
+        end
+      end
     end
   end
 end

extensions/demos/extension.rb

@@ -13,10 +13,11 @@ module Demos
   
   @full_name = 'demonstrations'
   
-  @description = 'list of demonstration pages for beef'
+  @description = 'Demonstration pages for BeEF'
   
 end
 end
 end
 
 require 'extensions/demos/api'
+require 'extensions/demos/handler'

extensions/demos/html/basic.html

@@ -8,7 +8,7 @@
 <head>
 	<title>BeEF Basic Demo</title>
 	<script>
-		var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
+		var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
 		document.write(commandModuleStr);
 	</script>
 </head>

extensions/demos/html/butcher/index.html

@@ -29,7 +29,7 @@
 
 </script>
 <script>
-	var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
+	var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
 	document.write(commandModuleStr);
 </script>
 <div id="content">

extensions/demos/html/butcher/secret_page.html

@@ -1,18 +0,0 @@
-<!--
-    Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
-    See the file 'doc/COPYING' for copying permission
--->
-<html>
-<head>
-	<title>Secret Page</title>
-</head>
-<body>
-	<h1>Secret page</h1>
-	
-	<p>
-		This page is not hooked by beef. However you should still be capable of accessing it
-		using the Requester.
-	</p>
-</body>
-</html>

extensions/demos/html/clickjacking/clickjack_attack.html

@@ -111,7 +111,7 @@ font-size:20px;
 <body>
 <!-- BeEF hook call -->
 <script type="text/javascript">
-	var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
+	var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
 	document.write(commandModuleStr);
 </script>
 

extensions/demos/html/plain.html

@@ -4,7 +4,7 @@
     See the file 'doc/COPYING' for copying permission
 -->
 <script>
-var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
+var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
 document.write(commandModuleStr);
 </script>
 

extensions/demos/html/report.html

@@ -7,7 +7,7 @@
 <html><head>
 <title>Loading</title>
 <script>
-	var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>';
+	var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
 	document.write(commandModuleStr);
 </script>
 </head><body>