Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,073 Commits 14 Branches 34 Tags
32db367ada81ce152edfb926c0c8a4cbfd6ff7c6
Commit Graph

486 Commits

Author SHA1 Message Date
soh_cah_toa
32db367ada Refactored ID filter checks into #is_valid_id?. 
Added call to #remove_rule! as well.
 2014-04-24 23:28:11 -04:00
soh_cah_toa
bca9eccdf0 Implemented GET ruleset, rule, and POST rule handlers. 
Many filter checks were removed because the new DNS extension performs
validation before performing any database operation.

Modified message for InvalidParamError to be more modular.
 2014-04-24 16:40:19 -04:00
soh_cah_toa
94fc2805d1 Added ID filter checks to #get_rule. 
This is ensures that ID validation occurs when using either the Ruby API
or the RESTful API. Previously, validation was only done for the
RESTful API.
 2014-04-24 16:36:44 -04:00
soh_cah_toa
7b229a2a20 Added new #validate_pattern method. 
Uses BeEF::Filters to ensure that empty, null, and non-printable
patterns are tossed out. Added new InvalidDnsPatternError exception
class to handle these cases.

Renamed #validate_response to #format_callback since the name is more
appropriate.
 2014-04-24 14:26:37 -04:00
soh_cah_toa
ad25c49b2d Refactored IP filters into parameterized #is_valid_ip?. 
Using parameterized methods is better structured coding style rather
than defining multiple similarly-behaved methods.

annex_region('crimea') # good
vs.
annex_crimea # bad
 2014-04-24 13:11:00 -04:00
soh_cah_toa
e791fca8a9 Updated #validate_response to use BeEF::Filters. 2014-04-23 18:07:27 -04:00
soh_cah_toa
6385ddf85b Changed data type of :callback property to Object. 
Using String was sufficient but this way is more consistent.
 2014-04-23 16:50:47 -04:00
soh_cah_toa
bd9891dc4d Implemented #validate_response method in Dns::Rule. 
Perhaps the ugliest part of the DNS extension, it is also the most
crucial. This method ensures that a given resource and response are
appropriate for each other. It must also prevent RCE vulns since the
input is eval'd later on.

However, HINFO, MINFO, and especially TXT validation is not strict
enough. These three need to be reviewed scrupulously since a 100%
anti-RCE solution may prove to be difficult.
 2014-04-23 16:39:26 -04:00
soh_cah_toa
53a54de5fe Added @database to Dns::Server as a model reference. 2014-04-23 16:36:16 -04:00
soh_cah_toa
3029d3cea8 Implemented #process method that handles requests. 
The DNS server now searches for matching rules and sends its response
when handling incoming requests. However, all rules are still assigned
the same callback for the moment.
 2014-04-23 13:28:34 -04:00
soh_cah_toa
0dd9c193ec Appended ! to #remove_rule and #remove_ruleset. 
Adhering to the Ruby convention, this indicates that these methods
mutate the receiver and, therefore, should be considered dangerous.
 2014-04-23 12:53:41 -04:00
soh_cah_toa
2303851498 Implemented #remove_ruleset method. 2014-04-23 12:50:42 -04:00
soh_cah_toa
56c686de64 Implemented #get_ruleset method. 
Also refactored #get_rule to use new #to_hash helper method since
 2014-04-23 12:42:39 -04:00
soh_cah_toa
ed986e4ed5 Implemented #remove_rule method. 2014-04-23 12:07:59 -04:00
soh_cah_toa
b345da0203 Implemented #get_rule method. 2014-04-23 12:00:23 -04:00
soh_cah_toa
007f6302df Re-implemented #generate_id in Core::Main::Crypto. 
This is a better home for it since that is where other OpenSSL
crypto/token generator methods reside.
 2014-04-23 11:41:11 -04:00
soh_cah_toa
861d66207d Implemented new Rule model and #add_rule method. 2014-04-23 11:27:49 -04:00
soh_cah_toa
7386a7708b Changed Dns::Server to use RubyDNS 0.7.x API. 
At this point, it is just a prototype that resolves any request to
1.1.1.1.
 2014-04-23 11:14:35 -04:00
soh_cah_toa
f4d3858af6 Removed unneeded files in ruby/ subdirectory. 
Changed Logger overrides to disable logging instead of using BeEF's
print_* methods. RubyDNS logging is too verbose. The DNS extension will
perform debug logging on its own.
 2014-04-22 22:56:21 -04:00
soh_cah_toa
d4ba3ec98c Re-enabled DNS extension in config files. 2014-04-22 22:50:31 -04:00
bcoles
4529dd1a6c Add support for MaxMind GeoIP 2014-04-22 00:58:49 +09:30
antisnatchor
f2c83ced4d Merge remote-tracking branch 'origin/master' 2014-04-14 11:48:23 +02:00
antisnatchor
940b03e249 Removed twitter dependency from Gemfile as it's causing depenedencies issues sometimes, and the twitter notification feature isn't that used anyway. 2014-04-14 11:46:42 +02:00
Brendan Coles
d9fd2b994e Add browser proxy details to browser summary 2014-04-13 02:29:09 +10:00
bcoles
7d6eb4b714 Add 'beef.os.getDefaultBrowser' 2014-03-20 02:49:08 +10:30
Brendan Coles
7a8115211d Merge pull request #981 from beefproject/MSF-Target-Browsers 
Added support for target browser detection for MSF modules #530
 2014-03-16 13:39:03 +11:00
antisnatchor
8f4f51874d Fixed issues with the DNS server RESTful API. Now it works. 2014-03-06 17:11:27 +00:00
antisnatchor
46e165df5e Added support for browser language detection. Also added a new entry in Browser Details and JS call beef.browser.getBRowserLanguage() 2014-03-06 12:35:02 +00:00
bcoles
3494542b54 Make upstream DNS server configurable 2014-03-04 00:56:41 +10:30
antisnatchor
91fa8f4e63 Various fixes for the DNS extension code. 2014-03-02 16:05:57 +00:00
antisnatchor
39e672f420 Fixed 2 RCE bugs in the DNS extension code (unsafe eval calls). 2014-03-02 15:43:36 +00:00
antisnatchor
ec9cf4d460 Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:56:33 +00:00
antisnatchor
9dcff5184d Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:40:18 +00:00
Phil Grohe
f274001a65 Revised comments on beef.dom.createIframe() to reflect removal of 'method' parameter & form submitting behavior. Updated existing function calls to beef.dom.createIframe() to remove 'method' parameter. 2014-02-22 11:57:56 -05:00
Saafan
a4973a5365 Merge pull request #946 from offensivecoder/update_twitter_require_version_5 
Update twitter require version 5
 2014-02-21 00:48:46 +02:00
soh_cah_toa
a75a95b663 Implemented DNS spoofer in social engineering extension. 
The /api/seng/clone_page endpoint now accepts a boolean "dns_spoof"
key in the JSON request. This adds a DNS record pointing the
cloned webpage to the BeEF server.

Integration tests included.
 2014-02-04 16:18:12 -05:00
antisnatchor
a0a36d333a Added a note about using SSL when connecting to Metasploit. Related to issue #958 2014-01-06 14:14:19 +00:00
bcoles
faafa9a196 Modify customhook extension to allow multiple hook points 2014-01-04 14:02:43 +10:30
bcoles
f97087c37a Change hard-coded 'hook.js' to 'beef.http.hook_file' 2014-01-04 11:33:58 +10:30
bcoles
6d449672ae Trivial edits to 'secret_page.html' demo page 2014-01-04 09:06:14 +10:30
Wade Alcorn
8003f1a47f Updated the copyright year to 2014 2014-01-01 16:34:15 +10:00
bcoles
02e6d4db11 Rescue StandardError rather than Exception 2013-12-30 06:41:07 +10:30
antisnatchor
b28a79b56a Enhancing the keylogger to log also shift/alt/ctrl 2013-12-15 16:01:50 +00:00
Marc Wickenden
f2ba3b55e8 require version 5 of the twitter gem due to removal of Twitter.configure method 2013-11-24 00:20:08 +00:00
antisnatchor
2c750670d7 fixed doctype error in basic.html (IE only) 2013-10-08 15:21:54 +01:00
antisnatchor
71a67defd4 Added new RESTful API method to bind a local file to a url. Also added "dropper" directory into Social Engineering extension. 2013-10-08 14:08:52 +01:00
bcoles
638e037e56 Remove Java and VLC detection from hook init 2013-10-06 19:17:55 +10:30
antisnatchor
2f51deb88a Fixed issue with Social Engineering extension when using an SMTP server without any needed authentication. 2013-10-02 14:53:04 +01:00
antisnatchor
86d23d3815 Fix issue #662 the Web UI base path can now be configured in the main config.yaml. Web UI JS files are now also minified. 2013-10-01 17:16:46 +01:00
bcoles
189e6543e0 Fix bug with rendering images from command responses in the admin UI 2013-09-12 18:26:00 +09:30