diff --git a/core/main/client/browser.js b/core/main/client/browser.js index 3a6cf1ab8..cf223f5bd 100644 --- a/core/main/client/browser.js +++ b/core/main/client/browser.js @@ -213,12 +213,20 @@ beef.browser = { return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/17\./) != null; }, + /** + * Returns true if FF18 + * @example: beef.browser.isFF18() + */ + isFF18: function() { + return !!window.devicePixelRatio && !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/18\./) != null; + }, + /** * Returns true if FF. * @example: beef.browser.isFF() */ isFF: function() { - return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17(); + return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16() || this.isFF17() || this.isFF18(); }, /** @@ -258,7 +266,7 @@ beef.browser = { * @example: beef.browser.isC5() */ isC5: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==5)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==5)?true:false); }, /** @@ -266,7 +274,7 @@ beef.browser = { * @example: beef.browser.isC6() */ isC6: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==6)?true:false); + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==6)?true:false); }, /** @@ -274,7 +282,7 @@ beef.browser = { * @example: beef.browser.isC7() */ isC7: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==7)?true:false); + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==7)?true:false); }, /** @@ -282,7 +290,7 @@ beef.browser = { * @example: beef.browser.isC8() */ isC8: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==8)?true:false); + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==8)?true:false); }, /** @@ -290,7 +298,7 @@ beef.browser = { * @example: beef.browser.isC9() */ isC9: function() { - return (!!window.chrome && !!window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==9)?true:false); + return (!!window.chrome && !!window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==9)?true:false); }, /** @@ -298,7 +306,7 @@ beef.browser = { * @example: beef.browser.isC10() */ isC10: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==10)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==10)?true:false); }, /** @@ -306,7 +314,7 @@ beef.browser = { * @example: beef.browser.isC11() */ isC11: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==11)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==11)?true:false); }, /** @@ -314,7 +322,7 @@ beef.browser = { * @example: beef.browser.isC12() */ isC12: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==12)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==12)?true:false); }, /** @@ -322,7 +330,7 @@ beef.browser = { * @example: beef.browser.isC13() */ isC13: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==13)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==13)?true:false); }, /** @@ -330,7 +338,7 @@ beef.browser = { * @example: beef.browser.isC14() */ isC14: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==14)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==14)?true:false); }, /** @@ -338,7 +346,7 @@ beef.browser = { * @example: beef.browser.isC15() */ isC15: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==15)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==15)?true:false); }, /** @@ -346,7 +354,7 @@ beef.browser = { * @example: beef.browser.isC16() */ isC16: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==16)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==16)?true:false); }, /** @@ -354,7 +362,7 @@ beef.browser = { * @example: beef.browser.isC17() */ isC17: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==17)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==17)?true:false); }, /** @@ -362,7 +370,7 @@ beef.browser = { * @example: beef.browser.isC18() */ isC18: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==18)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==18)?true:false); }, /** @@ -370,7 +378,7 @@ beef.browser = { * @example: beef.browser.isC19() */ isC19: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==19)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==19)?true:false); }, /** @@ -378,7 +386,7 @@ beef.browser = { * @example: beef.browser.isC20() */ isC20: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==20)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==20)?true:false); }, /** @@ -386,7 +394,7 @@ beef.browser = { * @example: beef.browser.isC21() */ isC21: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==21)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==21)?true:false); }, /** @@ -394,7 +402,7 @@ beef.browser = { * @example: beef.browser.isC22() */ isC22: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==22)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==22)?true:false); }, /** @@ -402,7 +410,7 @@ beef.browser = { * @example: beef.browser.isC23() */ isC23: function() { - return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==23)?true:false); + return (!!window.chrome && !window.webkitPerformance && window.navigator.appVersion.match(/Chrome\/(\d+)\./)) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==23)?true:false); }, /** @@ -509,6 +517,7 @@ beef.browser = { FF15: this.isFF15(), // Firefox 15 FF16: this.isFF16(), // Firefox 16 FF17: this.isFF17(), // Firefox 17 + FF18: this.isFF18(), // Firefox 18 FF: this.isFF(), // Firefox any version IE6: this.isIE6(), // Internet Explorer 6 @@ -578,6 +587,7 @@ beef.browser = { if (this.isFF15()) { return '15' }; // Firefox 15 if (this.isFF16()) { return '16' }; // Firefox 16 if (this.isFF17()) { return '17' }; // Firefox 17 + if (this.isFF18()) { return '18' }; // Firefox 18 if (this.isIE6()) { return '6' }; // Internet Explorer 6 if (this.isIE7()) { return '7' }; // Internet Explorer 7 diff --git a/core/main/client/mitb.js b/core/main/client/mitb.js index 9ed626b74..58b7585f7 100644 --- a/core/main/client/mitb.js +++ b/core/main/client/mitb.js @@ -14,7 +14,6 @@ beef.mitb = { beef.mitb.cid = cid; beef.mitb.curl = curl; /*Override open method to intercept ajax request*/ - var xml_type; var hook_file = "<%= @hook_file %>"; if (window.XMLHttpRequest && !(window.ActiveXObject)) { @@ -161,11 +160,10 @@ beef.mitb = { y.open('GET', url, false, true); y.onreadystatechange = function () { if (y.readyState == 4 && y.responseText != "") { - target.innerHTML = y.responseText; setTimeout(beef.mitb.hook, 10); } - } + }; y.send(null); beef.mitb.sniff("GET: " + url); return true; @@ -200,11 +198,9 @@ beef.mitb = { beef.mitb.sniff("GET: " + url); } catch (x) { - - + // the link is cross-domain, so load the resource in a different tab window.open(url); beef.mitb.sniff("GET [New Window]: " + url); - } }, diff --git a/test/unit/tc_jools.rb b/test/unit/tc_jools.rb new file mode 100644 index 000000000..8924172aa --- /dev/null +++ b/test/unit/tc_jools.rb @@ -0,0 +1,114 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +require 'test/unit' +require '../common/test_constants' +require '../common/beef_test' + +class TC_Jools < Test::Unit::TestCase + @@victim = BeefTest.new_victim + + #test jools can be acces and a new object can be instantiated + def test_jools_exists + @@victim = BeefTest.new_victim + script = "return require('jools');" + jools = @@victim.execute_script(script) + assert_not_nil jools + script = "var Jools = require('jools'); + return new Jools([]);" + jools_obj = @@victim.execute_script(script) + assert_not_nil jools_obj + end + + #test simple jools rule example + def test_jools_simple + @@victim = BeefTest.new_victim + script = " var Jools = require('jools'); + var rules = [{ + 'name':'Lights on after 8pm', + 'condition': function(hour){ + return hour >= 8; + }, + 'consequence': function(){ + this.state = 'on'; + } + }]; + var fact = { + 'hour':8, + 'minute':21 + }; + var j = new Jools(rules); + var result = j.execute(fact); + return result.state;" + result = @@victim.execute_script(script) + assert_equal result,'on' + end + + #test jools chaining example + def test_jools_chaning + @@victim = BeefTest.new_victim + script = " var Jools = require('jools'); + var rules = [ + {'name':'frog is green', + 'condition': function(animal){ + return animal == 'frog'; + }, + 'consequence': function(){ + this.color = 'green'; + }}, + {'name':'canary is yellow', + 'condition': function(animal){ + return animal == 'canary'; + }, + 'consequence': function(){ + this.color = 'yellow'; + }}, + {'name':'croaks and eats flies', + 'condition' : function(eats){ + return eats && eats.indexOf('croaks') >= 0 && eats.indexOf('flies') >=0; + }, + 'consequence': function(){ + this.animal = 'frog'; + }}, + {'name':'chirps and sings', + 'condition' : function(does){ + return does && does.indexOf('chirps') >= 0 && does.indexOf('sings') >=0; + }, + 'consequence': function(){ + this.animal = 'canary'; + }} + ]; + var fact_1 = { + 'name':'fritz', + 'eats': ['croaks','flies'] + }; + var fact_2 = { + 'name':'fritz', + 'eats': ['croaks','rocks'] + }; + var fact_3 = { + 'name':'tweety', + 'does': ['sings','chirps'] + }; + var fact_4 = { + 'name':'tweety', + 'does': ['chrips','howls'] + }; + + var j = new Jools(rules); + var results = []; + results.push(j.execute(fact_1)); + results.push(j.execute(fact_2)); + results.push(j.execute(fact_3)); + results.push(j.execute(fact_4)); + return results;" + results = @@victim.execute_script(script) + assert_not_nil results + assert_equal results[0]['color'],'green' + assert_not_equal results[1]['color'], 'green' + assert_equal results[2]['color'],'yellow' + assert_not_equal results[3]['color'], 'yellow' + end +end diff --git a/test/unit/ts_unit.rb b/test/unit/ts_unit.rb index 109e99ba6..0c86a0aec 100644 --- a/test/unit/ts_unit.rb +++ b/test/unit/ts_unit.rb @@ -28,6 +28,7 @@ require './extensions/tc_requester' require './extensions/tc_event_logger' require './tc_grep' require './tc_filesystem' +require './tc_jools' class TS_BeefTests def self.suite @@ -53,6 +54,7 @@ class TS_BeefTests suite << TC_Hackverter.suite suite << TC_EventLogger.suite suite << TC_Hooks.suite + suite << TC_Jools.suite return suite end