Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,922 Commits 14 Branches 34 Tags
098b9a24bf7f826c5a0a1d95de15b1dd0996a2e0
Commit Graph

2922 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Touhid M Shaikh
098b9a24bf html_escape prevent code execution . 
I noticed when i put HTML content in "beef-xss/config.yaml" file in Version Field.
And Restart Beef(beef_start.png) and Go to Admin Panel in my browser, then my html interpreter and execute.
This issue occurs bcz of "/beef-xss/extensions/admin_ui/controllers/panel/index.html" in this file insecure code implementetion.

NOW html_escape prevent code execution.
 2017-08-25 15:41:31 +05:30
Brendan Coles
f245d12da3 Downgrade therubyracer to 1.12.2 2017-08-15 10:35:35 +00:00
Brendan Coles
c86bdc2cfe Merge pull request #1429 from fabianfrz/fabianfrz-fix-gemfile 
fix gemfile; closes #1428
 2017-08-15 19:59:57 +10:00
Fabian Franz
12800215f9 fix gemfile 2017-08-15 11:03:21 +02:00
Brendan Coles
b58875c952 Add support for Firefox 54 and 55 2017-08-12 02:19:26 +00:00
Brendan Coles
1f56b835f6 Use beef.net.is_valid_ip 2017-08-12 02:03:11 +00:00
Brendan Coles
81b5182689 Add router DNS hijack modules 2017-08-12 01:47:29 +00:00
Brendan Coles
173a65be13 Add IP and port validation to beef.net 2017-08-11 06:12:15 +00:00
Brendan Coles
f545b3631b Replace gsub quotes with base64 encoding 2017-08-11 05:44:32 +00:00
Brendan Coles
50a97d3e36 Fix XSSRays when evasion is enabled - Fix #1426 2017-08-06 23:28:13 +00:00
Brendan Coles
14e788e574 Fix requester when evasion is enabled - Fix #1386 2017-08-06 22:16:40 +00:00
Brendan Coles
d5b020f9be Add evasion to build_missing_beefjs_components method 2017-08-06 22:08:04 +00:00
Brendan Coles
4f153c2de3 Support empty output messages to DNS logger 2017-08-06 22:02:55 +00:00
Brendan Coles
4ff956c9be Add tests for variable decleration with 'let' 2017-08-06 18:39:23 +00:00
Brendan Coles
5a2a74c6a7 Update dependencies 2017-08-05 16:18:33 +00:00
Brendan Coles
93ef7c0643 Update msfrpc-client dependency to v1.1.1 2017-08-04 06:05:43 +00:00
Brendan Coles
8cbe15deaa Add comment warning not to use the console extension 2017-06-30 06:31:11 +00:00
Brendan Coles
e8f9ee1234 Rollback Rack dependency to 1.6.x 2017-06-30 06:21:33 +00:00
Brendan Coles
36cc4a4dd3 Add event log RSS feed 2017-06-29 11:00:24 +00:00
Brendan Coles
f320669f56 Update dependencies 2017-06-29 05:11:51 +00:00
Brendan Coles
5f4cc87d13 Show errors from msfrpc-client 2017-06-18 03:13:23 +00:00
Brendan Coles
98c187fb38 Add NtfsCommonCreate DoS module 2017-06-01 02:24:12 +00:00
antisnatchor
9bf7fe3002 removed copyright 2017-05-31 09:01:10 +02:00
antisnatchor
c3685fcdf7 Fixed a few JS errors preventing the module from running. Tested on Edge 40 (Win10) and Chrome 58 (OSX) 2017-05-31 08:56:37 +02:00
antisnatchor
9589a70610 Merge pull request #1401 from SkyLined/master 
Add ORTC, fix WebRTC bug
 2017-05-31 08:41:11 +02:00
SkyLined
992e9235c7 Add ORTC, fix WebRTC bug 
* Add Object-RTC implementation that should work in Edge 38.
* Fix issue where WebRTC implementation could report partial results if there are multiple local IP addresses (e.g. multiple network cars, IPv4 & IPv6, ...). In such cases, the results would be reported for each IP address, where they should only be reported once, after all IP addresses have been enumerated.
* All indentation is now 4 spaces.
 2017-05-30 20:59:40 +02:00
Brendan Coles
dd47856c91 Add Detect Coupon Printer module 2017-05-20 17:37:44 +00:00
Brendan Coles
1dfc03e6e7 Add popunder persistence module with popup blocker bypass for IE 2017-05-20 14:18:35 +00:00
Brendan Coles
7ef36039a4 Add detection for WebGL support to BrowserDetails 2017-05-13 06:36:58 +00:00
Brendan Coles
2c43328614 Add detection for Web Worker support to BrowserDetails 2017-05-13 06:18:20 +00:00
Brendan Coles
9a9b826364 Update browser details from module post_execute 2017-05-12 14:24:14 +00:00
Brendan Coles
363802b028 Move require statements to core/loader 2017-05-12 13:48:25 +00:00
Brendan Coles
64adb6f7fa Downgrade therubyracer dependency for linux to 0.12.2 2017-05-07 04:16:47 +00:00
Brendan Coles
3a499c514a Add support for Chrome 57 and 58 2017-05-04 13:46:00 +00:00
Brendan Coles
6664467c56 Add Detect MIME Types module 2017-04-29 15:06:34 +00:00
Brendan Coles
923f1d9797 Add Fingerprint Browser module using FingerprintJS2 library 2017-04-29 14:19:19 +00:00
Brendan Coles
686d202efa Update links on demo pages 2017-04-28 11:37:33 +00:00
Brendan Coles
4c1d9111a9 Add support for Firefox 52 and 53 2017-04-28 09:05:50 +00:00
Brendan Coles
a2dbb6f7e2 Merge pull request #1393 from clod81/fix_jsonp_persistence_html_payload 
JSONP tempBody variable working again
 2017-04-28 18:32:32 +10:00
Claudio Contin
318796b11c Make html tempBody variable working again 2017-04-28 20:18:55 +12:00
Brendan Coles
b65dec0449 Update AdminUI jQuery to 1.12.4 2017-04-27 11:42:00 +00:00
Brendan Coles
eb8964f3ca Add DNS REST examples 2017-04-27 11:23:14 +00:00
Brendan Coles
8b9e8f02d3 Strip Windows support from auto msfrpcd 2017-04-26 10:21:02 +00:00
Brendan Coles
34967f61e0 Ignore null objects for browser_type 2017-04-23 07:00:39 +00:00
Brendan Coles
de5c231d34 Convert query response to_s in BrowserDetails 2017-04-23 06:32:28 +00:00
Brendan Coles
572b2db906 Add tests for BrowserDetails model 2017-04-23 06:02:11 +00:00
Brendan Coles
21238254a3 Add functionality to update existing BrowserDetails keys 2017-04-23 06:00:57 +00:00
Brendan Coles
c3069601e8 Add debug output to modules 2017-04-23 03:58:44 +00:00
Brendan Coles
cc260598d3 Load URL from ui_base_path 2017-04-23 03:44:16 +00:00
Brendan Coles
5c406b8d4f Add unless is_non_empty_string guard clause to browser filters 2017-04-23 03:25:36 +00:00