Initial hook detection (#2440)

* initial multi-stage with basic switch on useragent * added legacybrowseruseragents to core * moved logic to a method and debugging * array for holding legacy browsers * added are.js back for parity to legacy hook.js * removed byebug
2022-06-23 16:00:57 +10:00
parent 73a3d17f29
commit eea9740f4f
5 changed files with 228 additions and 1 deletions
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -9,6 +9,7 @@ module BeEF
      # @note This class handles connections from hooked browsers to the framework.
      class HookedBrowsers < BeEF::Core::Router::Router
        include BeEF::Core::Handlers::Modules::BeEFJS
+        include BeEF::Core::Handlers::Modules::MultiStageBeEFJS
        include BeEF::Core::Handlers::Modules::LegacyBeEFJS
        include BeEF::Core::Handlers::Modules::Command

@@ -17,6 +18,16 @@ module BeEF
          disable :protection
        end

+        # Generate the hook js provided to the hookwed browser (the magic happens here)
+        def confirm_browser_user_agent(user_agent)
+          browser_type = user_agent.split(' ').last # selecting just name/version of browser
+          # does the browser already exist in the legacy database / object? Return true if yes
+          BeEF::Core::Models::LegacyBrowserUserAgents.user_agents.each do |ua_string|
+            return true if ua_string.include? browser_type
+          end
+          false
+        end
+
        # Process HTTP requests sent by a hooked browser to the framework.
        # It will update the database to add or update the current hooked browser
        # and deploy some command modules or extensions to the hooked browser.
@@ -111,18 +122,31 @@ module BeEF
            host_name = request.host
            unless BeEF::Filters.is_valid_hostname?(host_name)
              (print_error 'Invalid host name'
-               return)
+              return)
            end

            # Generate the hook js provided to the hookwed browser (the magic happens here)
            if BeEF::Core::Configuration.instance.get('beef.http.websocket.enable')
+              print_debug 'Using WebSocket'
              build_beefjs!(host_name)
+            elsif confirm_browser_user_agent(request.user_agent)
+              print_debug 'Using multi_stage_beefjs'
+              multi_stage_beefjs!(host_name)
            else
+              print_debug 'Using legacy_build_beefjs'
              legacy_build_beefjs!(host_name)
            end
            # @note is a known browser so send instructions
          end

+          # check for string within array of strings
+          def check_for_string(string, array)
+            array.each do |item|
+              return true if item.include? string
+            end
+            false
+          end
+
          # @note set response headers and body
          headers  'Pragma' => 'no-cache',
                   'Cache-Control' => 'no-cache',