Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added RESTful API call to update os/os_version/arch of a specific browser (useful in MITM scenarios where you have more powerful tools than browser/JS to fingerprint)

Browse Source
This commit is contained in:
antisnatchor
2015-12-02 14:35:55 +01:00
parent 7b1b3ef06c
commit d585f3ab24
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
core/main/rest/handlers/hookedbrowsers.rb
View File

@@ -120,6 +120,29 @@ module BeEF
result.to_json
end
# useful when you inject the BeEF hook in MITM situations (see MITMf) and you want to feed back
# to BeEF a more accurate OS type/version and architecture information
post '/update/:session' do
body = JSON.parse request.body.read
os = body['os']
os_version = body['os_version']
arch = body['arch']
hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
error 401 unless hb != nil
BeEF::Core::Models::BrowserDetails.first(:session_id => hb.session, :detail_key => 'OsName').destroy
BeEF::Core::Models::BrowserDetails.first(:session_id => hb.session, :detail_key => 'OsVersion').destroy
#BeEF::Core::Models::BrowserDetails.first(:session_id => hb.session, :detail_key => 'Arch').destroy
BeEF::Core::Models::BrowserDetails.new(:session_id => hb.session, :detail_key => 'OsName', :detail_value => os).save
BeEF::Core::Models::BrowserDetails.new(:session_id => hb.session, :detail_key => 'OsVersion', :detail_value => os_version).save
BeEF::Core::Models::BrowserDetails.new(:session_id => hb.session, :detail_key => 'Arch', :detail_value => arch).save
#TODO if there where any ARE rules defined for this hooked browser, after updating OS/arch, force a retrigger of the rule.
{'success' => true}.to_json
end
def hb_to_json(hbs)
hbs_hash = {}
i = 0
@@ -139,6 +162,7 @@ module BeEF
'name' => details.get(hb.session, 'BrowserName'),
'version' => details.get(hb.session, 'BrowserVersion'),
'os' => details.get(hb.session, 'OsName'),
'os_version' => details.get(hb.session, 'OsVersion'),
'platform' => details.get(hb.session, 'BrowserPlatform'),
'ip' => hb.ip,
'domain' => details.get(hb.session, 'HostName'),