Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
687 Commits 14 Branches 34 Tags
5ea6dd9fd2fb9ab97cb44a8cfb01bb5d6437ea73
Commit Graph

66 Commits

Author SHA1 Message Date
bcoles@gmail.com
5ea6dd9fd2 Added Firefox 8 detection 
In preperation for Firefox 8 (the beta is public)



git-svn-id: https://beef.googlecode.com/svn/trunk@1385 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-30 12:07:17 +00:00
antisnatchor
5f59e198d1 Added Chrome 15 detection 
git-svn-id: https://beef.googlecode.com/svn/trunk@1384 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-29 14:52:59 +00:00
avlidienbrunn@gmail.com
f3cd6aaeb5 (Fixes issue 450) Ported MITB code from h.ackack.net! 
git-svn-id: https://beef.googlecode.com/svn/trunk@1371 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-19 08:06:36 +00:00
bcoles@gmail.com
dd5b1f5a81 Added platform and ActiveX detection to the browser hook initialization 
o Platform often provides the architecture (ie, 32bit) and can 
	be useful in identifying devices / smart phones

	o ActiveX detection was added for obscure browsers (ie, such as 
	software using an embedded browsing engine built on the IE COM)
	Normally ActiveX would only be detected on a hooked IE browser.

Moved the `is_valid_yes_no' filter from browser.rb to base.rb



git-svn-id: https://beef.googlecode.com/svn/trunk@1368 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-16 20:56:23 +00:00
bcoles@gmail.com
d0f332643e Separated hostname and hostport 
git-svn-id: https://beef.googlecode.com/svn/trunk@1366 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-16 14:25:47 +00:00
buherator@gmail.com
ed866886f7 Storing port of HookedBrowser, fixing value of HookedBrowser.domain 
git-svn-id: https://beef.googlecode.com/svn/trunk@1365 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-15 22:04:08 +00:00
antisnatchor
e22332e1f8 (Fixes issue 467) rewrote from scratch the XssRays handler, refactored JS and Ruby code, improved the whole thing. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1361 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-12 14:56:50 +00:00
bcoles@gmail.com
f7bca3c192 Added Rewrite HREFs (HTTPS) module 
This module will rewrite all the href attributes of HTTPS links to use 
HTTP instead of HTTPS. Links relative to the web root are not rewritten.

Added beef.dom.rewriteLinksProtocol(old_protocol, new_protocol, selector)



git-svn-id: https://beef.googlecode.com/svn/trunk@1317 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-29 09:55:09 +00:00
bcoles@gmail.com
87e5bca2fb Added match for Firefox 7 in preperation for impending release 
git-svn-id: https://beef.googlecode.com/svn/trunk@1313 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-28 06:48:27 +00:00
antisnatchor
75b425e5e6 Added detection for Chrome 14 
git-svn-id: https://beef.googlecode.com/svn/trunk@1299 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-21 08:29:05 +00:00
bcoles@gmail.com
9127bbeb88 Patched browser detection 
Revision 1285 broke browser hooking for Opera, Chrome and Safari.

This commit should fix this issue. Also:

Fixes issue 514
Fixes issue 503



git-svn-id: https://beef.googlecode.com/svn/trunk@1291 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-16 06:21:13 +00:00
abraham.aranguren@gmail.com
2b095f2cf0 Fix for Issue 503: Firefox is identified as Safari: 
Under certain configurations Firefox was incorrectly being detected as Safari, this happened because !!window.globalStorage returns false on at least some Firefox 5 and Firefox 6 browser configurations such as mine.

git-svn-id: https://beef.googlecode.com/svn/trunk@1285 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-13 21:39:14 +00:00
antisnatchor@gmail.com
d33e9f88b5 (Fixes issue 456) reverted back to jQuery 1.5.2, moved port status checking code in 'complete' handler 
git-svn-id: https://beef.googlecode.com/svn/trunk@1284 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-13 18:50:12 +00:00
bcoles@gmail.com
ee6dbe3bee Updated OS detection 
o Added icons

	o Removed duplicate entry for Win98



git-svn-id: https://beef.googlecode.com/svn/trunk@1278 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-12 14:54:18 +00:00
bcoles@gmail.com
c81bdf75af Updated Safari browser version detection 
git-svn-id: https://beef.googlecode.com/svn/trunk@1277 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-12 12:47:29 +00:00
bcoles@gmail.com
c596a5c49a Added browser version detection for Safari 5.1 
git-svn-id: https://beef.googlecode.com/svn/trunk@1276 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-12 10:45:12 +00:00
antisnatchor@gmail.com
b3b869d36f (Fixes issue 498) added exact version detection for all FF browser plugins. For other browser see issue comments in the tracker. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1273 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-11 15:27:31 +00:00
antisnatchor@gmail.com
8ab109bc50 (Fixes issue 499) added websocket detection for FF6+ 
git-svn-id: https://beef.googlecode.com/svn/trunk@1272 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-11 14:08:28 +00:00
bcoles@gmail.com
515dbefacf Fixes issue 483 
git-svn-id: https://beef.googlecode.com/svn/trunk@1263 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-08 11:39:18 +00:00
bcoles@gmail.com
ca4e2d18f5 Added Android OS detection from useragent 
git-svn-id: https://beef.googlecode.com/svn/trunk@1254 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 11:35:20 +00:00
bcoles@gmail.com
203173b621 Added BlackBerry and Nokia (Symbian/Maemo) OS detection from useragent 
git-svn-id: https://beef.googlecode.com/svn/trunk@1253 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 10:56:41 +00:00
antisnatchor
3f82b0315a (Fixes issue 427): fixed sending back PoC for POST injection with xssrays. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1251 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 10:18:48 +00:00
antisnatchor
10d8edb5fd <xssrays> prevent printing console.log messages if the hooked browser is IE 
git-svn-id: https://beef.googlecode.com/svn/trunk@1250 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 09:26:46 +00:00
antisnatchor
5fb6334654 (Fixes issue 405): added attack vector browser checks using the beef.browser API. If the vector is marked as working with only IE, if the browser is FF the attack will be skipped. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1249 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 09:21:31 +00:00
antisnatchor
f228138fb2 <xssrays> small code cleanup and comments added 
git-svn-id: https://beef.googlecode.com/svn/trunk@1247 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 11:11:42 +00:00
antisnatchor
4fc61d4c47 (Fixes issue 403): added handler: "xssrays" to xssrays.js. This is why beef.net.send was never called. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1246 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 10:00:22 +00:00
antisnatchor
59bfab48a3 (Fixes issue 406): when checking for URI path Xss, remove the last / from the url in case there is one. It will be added later. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1245 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 08:43:57 +00:00
antisnatchor
cfe0b3e87b <xssrays> removed browser checks and fixed unreferenced variable sameDomain (now is crossDomain) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1244 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 08:24:17 +00:00
bcoles@gmail.com
7a4b07ef2e Added "Has WebSockets" to initialization / details tab 
git-svn-id: https://beef.googlecode.com/svn/trunk@1237 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-26 13:28:53 +00:00
bcoles@gmail.com
c3bd1e5fa7 Added "not http" to port_status as part of beef.net.request 
Status "open" and "closed" were added in revision 1177

Fixes issue 286



git-svn-id: https://beef.googlecode.com/svn/trunk@1215 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-19 15:28:51 +00:00
a.m.saafan@gmail.com
a1acb6e397 Added support for encoding and storing requests of type image. Fixes issue 368. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1200 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-17 14:19:25 +00:00
bcoles@gmail.com
ff63d46337 Added Firefox 6 to core/main/client/browser.js 
git-svn-id: https://beef.googlecode.com/svn/trunk@1199 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-17 08:57:38 +00:00
wade@bindshell.net
3167722af2 Fixes issue 436. IE can now be hooked cross domain. Loading script is used instead of ajax now. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1180 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-11 01:52:45 +00:00
wade@bindshell.net
324449eb0f fixed bug where IE wasn't send the HOOKSESSION cross domain/port 
git-svn-id: https://beef.googlecode.com/svn/trunk@1179 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-11 01:52:13 +00:00
bcoles@gmail.com
22941a51b4 Augmented beef.net.request to support port_status 
Only "open" and "closed" are supported currently

Part of issue 286



git-svn-id: https://beef.googlecode.com/svn/trunk@1177 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-10 09:47:01 +00:00
scotty.b.brown@gmail.com
df1565883b (Fixes issue 433) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1173 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-09 09:39:00 +00:00
antisnatchor
922e72d2fe Issue 384: xssrays core code cleanup, refactoring and small bugfix (finishing the scan if stack.length=0) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1165 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 12:22:56 +00:00
antisnatchor
fca36abfdc Issue 384: xssrays core code cleanup, added support for configurable crossDomain, debug and cleanTimeout settings 
git-svn-id: https://beef.googlecode.com/svn/trunk@1163 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 11:56:23 +00:00
yori.kvitchko
a70de4dbf8 Added get cookies to on-initialize. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1162 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 06:36:50 +00:00
bcoles@gmail.com
f37433c027 The scroll bars are now removed from a hooked window if the iframe 
persistance command has been executed. The scroll bars are removed once 
the user clicks a URL in order to prevent duplicate scroll bars.

Fixes issue 224



git-svn-id: https://beef.googlecode.com/svn/trunk@1161 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-02 13:09:01 +00:00
antisnatchor
df0428ca8f (Fixes issue 423): Updated jQuery to 1.6.2 to fix the console error when using jQuery inside an iFrame on the page (xssrays) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1157 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-01 11:43:04 +00:00
antisnatchor
9c57194d38 Issue 384: fixed handling of different ports (!= 80/443) on get-params/Uri-path XSS. commented out some JS debug code. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1156 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-01 10:14:44 +00:00
bcoles@gmail.com
73ae24b029 Added Detect Cookie Support to initialization and details tab 
M	extensions/admin_ui/controllers/modules/modules.rb
M	extensions/initialization/handler.rb
M	core/main/client/browser.js

Example output on details tab:

	Session Cookies: Yes
	Persistent Cookies: Yes

Fixes Issue 380



git-svn-id: https://beef.googlecode.com/svn/trunk@1122 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-28 05:06:53 +00:00
antisnatchor
a5a9e45076 Issue 384: First draft of XssRays (core xssrays JS) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1114 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-26 18:36:30 +00:00
antisnatchor
77f9f4f542 (Fixes issue 391) Fixed JSON undefined error that was preventing browser hooking on IE < 8 
git-svn-id: https://beef.googlecode.com/svn/trunk@1080 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-21 13:50:12 +00:00
bcoles@gmail.com
a9d983b898 Added Browser Type to initialization and default tab 
M extensions/admin_ui/controllers/modules/modules.rb
	M extensions/initialization/handler.rb
	M core/main/client/browser.js 

Example output on details tab:

	Browser Type: {"FF5":true, "FF":true}

Fixes Issue 377


git-svn-id: https://beef.googlecode.com/svn/trunk@1070 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-18 22:09:26 +00:00
bcoles@gmail.com
569fec02cd Added Detect Scripts Support to initialization and details tab 
M extensions/admin_ui/controllers/modules/modules.rb
M extensions/initialization/handler.rb
M core/main/client/browser.js 

Example output on details tab:

Java Enabled: No
VBScript Enabled: No
Has Flash: Yes
Has GoogleGears: No

Fixes Issue 383 # https://code.google.com/p/beef/issues/detail?id=383



git-svn-id: https://beef.googlecode.com/svn/trunk@1069 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-18 04:16:54 +00:00
bcoles@gmail.com
6b00485b97 Added Screen Details to initialization and default tab 
M      extensions/admin_ui/controllers/modules/modules.rb
M      extensions/initialization/handler.rb
M      core/main/client/browser.js

Example output on details tab:

Screen Params: {"width"=>1024, "height"=>768, "colordepth"==>24}
Window Size: {"width"=>1024, "height"=>640}



git-svn-id: https://beef.googlecode.com/svn/trunk@1067 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-16 07:14:23 +00:00
antisnatchor
2d5360a870 Issue 384: initial commit of Gareth XssRays 0.5.5 
git-svn-id: https://beef.googlecode.com/svn/trunk@1064 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-14 09:10:25 +00:00
antisnatchor
fe5b318792 (Fixes issue 359) Proxy/Requester now forward back original XHR response headers (stripping some of them lik encoding and cache related). Added also a temporary fix for issue 368 (prevent saving raw image data if db = mysql). 
git-svn-id: https://beef.googlecode.com/svn/trunk@1051 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-09 22:30:44 +00:00