Added platform and ActiveX detection to the browser hook initialization

o Platform often provides the architecture (ie, 32bit) and can be useful in identifying devices / smart phones o ActiveX detection was added for obscure browsers (ie, such as software using an embedded browsing engine built on the IE COM) Normally ActiveX would only be detected on a hooked IE browser. Moved the `is_valid_yes_no' filter from browser.rb to base.rb git-svn-id: https://beef.googlecode.com/svn/trunk@1368 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-10-16 20:56:23 +00:00
parent caad2d5437
commit dd5b1f5a81
6 changed files with 101 additions and 8 deletions
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -136,6 +136,17 @@ module Filters
    return false if not is_non_empty_string?(str)
    (str =~ /[^\302\256[:print:]]/).nil? 
  end  
+
+  # Verify the yes and no is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string is either 'yes' or 'no'
+  # @todo Confirm this is case insensitive
+  def self.is_valid_yes_no?(str)
+    return false if has_non_printable_char?(str)
+    return false if str !~ /^(Yes|No)$/
+    return false if str.length > 200
+    true
+  end
  
 end
 end
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -96,13 +96,11 @@ module Filters
    true
  end

-  # Verify the yes and no is valid
+  # Verify the system platform is valid
  # @param [String] str String for testing
-  # @return [Boolean] If the string is either 'yes' or 'no'
-  # @todo Confirm this is case insensitive
-  def self.is_valid_yes_no?(str)
+  # @return [Boolean] If the string has valid system platform characters
+  def self.is_valid_system_platform?(str)
    return false if has_non_printable_char?(str)
-    return false if str !~ /^(Yes|No)$/
    return false if str.length > 200
    true
  end
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -611,6 +611,7 @@ beef.browser = {
 		var hostport = (document.location.port)? document.location.port : "80";
 		var browser_plugins = beef.browser.getPlugins();
 		var os_name = beef.os.getName();
+		var system_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null;
 		var internal_ip = beef.net.local.getLocalAddress();
 		var internal_hostname = beef.net.local.getLocalHostname();
 		var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {if (value == true) return value; else if (typeof value == 'object') return value; else return;});
@@ -621,6 +622,7 @@ beef.browser = {
 		var has_flash = (beef.browser.hasFlash())? "Yes" : "No";
 		var has_googlegears=(beef.browser.hasGoogleGears())? "Yes":"No";
 		var has_web_socket=(beef.browser.hasWebSocket())? "Yes":"No";
+		var has_activex = (typeof(window.ActiveXObject) != "undefined") ? "Yes":"No";
 		var has_session_cookies = (beef.browser.cookie.hasSessionCookies("cookie"))? "Yes":"No";
 		var has_persistent_cookies = (beef.browser.cookie.hasPersistentCookies("cookie"))? "Yes":"No";

@@ -633,6 +635,7 @@ beef.browser = {
 		if(hostport) details["HostPort"] = hostport;
 		if(browser_plugins) details["BrowserPlugins"] = browser_plugins;
 		if(os_name) details['OsName'] = os_name;
+		if(system_platform) details['SystemPlatform'] = system_platform;
 		if(internal_ip) details['InternalIP'] = internal_ip;
 		if(internal_hostname) details['InternalHostname'] = internal_hostname;
 		if(browser_type) details['BrowserType'] = browser_type;
@@ -643,6 +646,7 @@ beef.browser = {
 		if(has_flash) details['HasFlash'] = has_flash
 		if(has_web_socket) details['HasWebSocket'] = has_web_socket
 		if(has_googlegears) details['HasGoogleGears'] = has_googlegears
+		if(has_activex) details['HasActiveX'] = has_activex;
 		if(has_session_cookies) details["hasSessionCookies"] = has_session_cookies;
 		if(has_persistent_cookies) details["hasPersistentCookies"] = has_persistent_cookies;

--- a/extensions/admin_ui/controllers/modules/modules.rb
+++ b/extensions/admin_ui/controllers/modules/modules.rb
@@ -207,7 +207,22 @@ class Modules < BeEF::Extension::AdminUI::HttpController
      
      summary_grid_hash['results'].push(page_name_row) # add the row
    end
-   
+
+    # set and add the System Platform
+    system_platform = BD.get(zombie_session, 'SystemPlatform')
+    if not system_platform.nil?
+      encoded_system_platform = CGI.escapeHTML(system_platform)
+      encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
+
+      page_name_row = {
+        'category' => 'Browser Hook Initialisation',
+        'data' => encoded_system_platform_hash,
+        'from' => 'Initialisation'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
+
    # set and add the zombie screen size and color depth
    screen_params = BD.get(zombie_session, 'ScreenParams')
    if not screen_params.nil?
@@ -331,6 +346,21 @@ class Modules < BeEF::Extension::AdminUI::HttpController
      summary_grid_hash['results'].push(page_name_row) # add the row
    end

+    # set and add the yes|no value for HasActiveX
+    has_activex = BD.get(zombie_session, 'HasActiveX')
+    if not has_activex.nil?
+      encoded_has_activex = CGI.escapeHTML(has_activex)
+      encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
+
+      page_name_row = {
+        'category' => 'Browser Hook Initialisation',
+        'data' => encoded_has_activex_hash,
+        'from' => 'Initialisation'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
+
    # set and add the return values for hasSessionCookies
    has_session_cookies = BD.get(zombie_session, 'hasSessionCookies')
    if not has_session_cookies.nil?
--- a/extensions/console/lib/shellinterface.rb
+++ b/extensions/console/lib/shellinterface.rb
@@ -398,10 +398,25 @@ class ShellInterface
        'data' => encoded_internal_ip_hash,
        'from' => 'Initialisation'
      }
-      
+
      summary_grid_hash['results'].push(page_name_row) # add the row
    end
-    
+
+    # set and add the System Platform
+    system_platform = BD.get(zombie_session, 'SystemPlatform')
+    if not system_platform.nil?
+      encoded_system_platform = CGI.escapeHTML(system_platform)
+      encoded_system_platform_hash = { 'System Platform' => encoded_system_platform }
+
+      page_name_row = {
+        'category' => 'Browser Hook Initialisation',
+        'data' => encoded_system_platform_hash,
+        'from' => 'Initialisation'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
+
    # set and add the internal hostname
    internal_hostname = BD.get(self.targetsession, 'InternalHostname')
    if not internal_hostname.nil?
@@ -540,6 +555,21 @@ class ShellInterface
      summary_grid_hash['results'].push(page_name_row) # add the row
    end

+    # set and add the yes|no value for HasActiveX
+    has_activex = BD.get(self.targetsession, 'HasActiveX')
+    if not has_activex.nil?
+      encoded_has_activex = CGI.escapeHTML(has_activex)
+      encoded_has_activex_hash = { 'Has ActiveX' => encoded_has_activex }
+
+      page_name_row = {
+        'category' => 'Browser Hook Initialisation',
+        'data' => encoded_has_activex_hash,
+        'from' => 'Initialisation'
+      }
+
+      summary_grid_hash['results'].push(page_name_row) # add the row
+    end
+
    # set and add the return values for hasSessionCookies
    has_session_cookies = BD.get(self.targetsession, 'hasSessionCookies')
    if not has_session_cookies.nil?
--- a/extensions/initialization/handler.rb
+++ b/extensions/initialization/handler.rb
@@ -146,6 +146,15 @@ module Initialization
        print_error "Invalid browser plugins returned from the hook browser's initial connection."
      end

+      # get and store the system platform
+      begin
+        system_platform = get_param(@data['results'], 'SystemPlatform')
+        raise WEBrick::HTTPStatus::BadRequest, "Invalid system platform" if not BeEF::Filters.is_valid_system_platform?(system_platform)
+        BD.set(session_id, 'SystemPlatform', system_platform)
+      rescue
+        print_error "Invalid system platform returned from the hook browser's initial connection."
+      end
+
      # get and store the internal ip address
      begin
        internal_ip = get_param(@data['results'], 'InternalIP')
@@ -252,6 +261,17 @@ module Initialization
        print_error "Invalid value for HasWebSocket returned from the hook browser's initial connection."
      end

+      # get and store the yes|no value for HasActiveX
+      begin
+        has_activex = get_param(@data['results'], 'HasActiveX')
+        if not has_activex.nil?
+          raise WEBrick::HTTPStatus::BadRequest, "Invalid value for HasActiveX" if not BeEF::Filters.is_valid_yes_no?(has_activex)
+          BD.set(session_id, 'HasActiveX', has_activex)
+        end
+      rescue
+        print_error "Invalid value for HasActiveX returned from the hook browser's initial connection."
+      end
+
      # get and store whether the browser has session cookies enabled
      begin
        has_session_cookies = get_param(@data['results'], 'hasSessionCookies')