Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Erubis to Demos extension

Browse Source 
Change demo pages to load hook from beef.http.hook_url
instead of '/hook.js'

Fix #1024
This commit is contained in:
Brendan Coles
2014-09-06 08:21:37 +00:00
parent a40e8ca8de
commit ccc8a5a02d
8 changed files with 24 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
extensions/demos/api.rb
View File

@@ -6,15 +6,26 @@
module BeEF module BeEF
module Extension module Extension
module Demos module Demos
module RegisterHttpHandlers module RegisterHttpHandlers
BeEF::API::Registrar.instance.register(BeEF::Extension::Demos::RegisterHttpHandlers, BeEF::API::Server, 'mount_handler') BeEF::API::Registrar.instance.register(BeEF::Extension::Demos::RegisterHttpHandlers, BeEF::API::Server, 'mount_handler')
def self.mount_handler(beef_server) def self.mount_handler(beef_server)
# mount the handler to support the demos # mount everything in html directory to /demos/
dir = File.dirname(__FILE__)+'/html/' path = File.dirname(__FILE__)+'/html/'
beef_server.mount('/demos/', Rack::File.new(dir)) files = Dir[path+'**/*']
files.each do |f|
# don't follow symlinks
next if File.symlink?(f)
mount_path = '/demos/'+f.sub(path,'')
if File.extname(f) == '.html'
# use handler to mount HTML templates
beef_server.mount(mount_path, BeEF::Extension::Demos::Handler.new(f))
else
beef_server.mount(mount_path, Rack::File.new(f))
end
end
end end
end end
end end

3
extensions/demos/extension.rb
View File

@@ -13,10 +13,11 @@ module Demos
@full_name = 'demonstrations' @full_name = 'demonstrations'
@description = 'list of demonstration pages for beef' @description = 'Demonstration pages for BeEF'
end end
end end
end end
require 'extensions/demos/api' require 'extensions/demos/api'
require 'extensions/demos/handler'

2
extensions/demos/html/basic.html
View File

@@ -8,7 +8,7 @@
<head> <head>
<title>BeEF Basic Demo</title> <title>BeEF Basic Demo</title>
<script> <script>
var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>'; var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
document.write(commandModuleStr); document.write(commandModuleStr);
</script> </script>
</head> </head>

2
extensions/demos/html/butcher/index.html
View File

@@ -29,7 +29,7 @@
</script> </script>
<script> <script>
var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>'; var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
document.write(commandModuleStr); document.write(commandModuleStr);
</script> </script>
<div id="content"> <div id="content">

18
extensions/demos/html/butcher/secret_page.html
View File

@@ -1,18 +0,0 @@
<!--
Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net
Browser Exploitation Framework (BeEF) - http://beefproject.com
See the file 'doc/COPYING' for copying permission
-->
<html>
<head>
<title>Secret Page</title>
</head>
<body>
<h1>Secret page</h1>
<p>
This page is not hooked by beef. However you should still be capable of accessing it
using the Requester.
</p>
</body>
</html>

2
extensions/demos/html/clickjacking/clickjack_attack.html
View File

@@ -111,7 +111,7 @@ font-size:20px;
<body> <body>
<!-- BeEF hook call --> <!-- BeEF hook call -->
<script type="text/javascript"> <script type="text/javascript">
var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>'; var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
document.write(commandModuleStr); document.write(commandModuleStr);
</script> </script>

2
extensions/demos/html/plain.html
View File

@@ -4,7 +4,7 @@
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
--> -->
<script> <script>
var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>'; var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
document.write(commandModuleStr); document.write(commandModuleStr);
</script> </script>

2
extensions/demos/html/report.html
View File

@@ -7,7 +7,7 @@
<html><head> <html><head>
<title>Loading</title> <title>Loading</title>
<script> <script>
var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '/hook.js" type="text/javascript"><\/script>'; var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
document.write(commandModuleStr); document.write(commandModuleStr);
</script> </script>
</head><body> </head><body>