Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,941 Commits 14 Branches 34 Tags
63e9e721948c036cfb98ff42c8d41faa3120d5ad
Commit Graph

671 Commits

Author SHA1 Message Date
Jonathan Echavarria
63e9e72194 add gem install warning to notifications config 2017-10-05 09:47:43 -04:00
Jonathan Echavarria
1b5e56e4a6 removed debug line from pushover notification channel 2017-10-05 09:45:59 -04:00
Jonathan Echavarria
27d1166869 set pushover to be disabled by default 2017-10-05 09:44:35 -04:00
Jonathan Echavarria
409d9962bb modified the notifications extenion to add pushover support 2017-10-05 09:43:11 -04:00
Jonathan Echavarria
d47303f0e7 changed config.yaml to add pushover support 2017-10-05 09:40:36 -04:00
Jonathan Echavarria
c01febbe9b added pushover channel 2017-10-05 09:39:39 -04:00
Brendan Coles
0311b317b7 Revert "html_escape prevent code execution ." 2017-08-30 16:25:04 +10:00
Brendan Coles
aa3c0932ce Use in msf-exploits.cache path 2017-08-29 07:24:03 +00:00
Brendan Coles
9ab7461ac5 Merge pull request #1436 from touhidshaikh/patch-1 
html_escape prevent code execution .
 2017-08-29 17:00:53 +10:00
Touhid M Shaikh
098b9a24bf html_escape prevent code execution . 
I noticed when i put HTML content in "beef-xss/config.yaml" file in Version Field.
And Restart Beef(beef_start.png) and Go to Admin Panel in my browser, then my html interpreter and execute.
This issue occurs bcz of "/beef-xss/extensions/admin_ui/controllers/panel/index.html" in this file insecure code implementetion.

NOW html_escape prevent code execution.
 2017-08-25 15:41:31 +05:30
Greg Molnar
2d7cfd73f4 detect microsoft edge 2017-08-23 13:37:38 +02:00
Brendan Coles
50a97d3e36 Fix XSSRays when evasion is enabled - Fix #1426 2017-08-06 23:28:13 +00:00
Brendan Coles
14e788e574 Fix requester when evasion is enabled - Fix #1386 2017-08-06 22:16:40 +00:00
Brendan Coles
4f153c2de3 Support empty output messages to DNS logger 2017-08-06 22:02:55 +00:00
Brendan Coles
8cbe15deaa Add comment warning not to use the console extension 2017-06-30 06:31:11 +00:00
Brendan Coles
5f4cc87d13 Show errors from msfrpc-client 2017-06-18 03:13:23 +00:00
Brendan Coles
7ef36039a4 Add detection for WebGL support to BrowserDetails 2017-05-13 06:36:58 +00:00
Brendan Coles
2c43328614 Add detection for Web Worker support to BrowserDetails 2017-05-13 06:18:20 +00:00
Brendan Coles
9a9b826364 Update browser details from module post_execute 2017-05-12 14:24:14 +00:00
Brendan Coles
686d202efa Update links on demo pages 2017-04-28 11:37:33 +00:00
Brendan Coles
b65dec0449 Update AdminUI jQuery to 1.12.4 2017-04-27 11:42:00 +00:00
Brendan Coles
8b9e8f02d3 Strip Windows support from auto msfrpcd 2017-04-26 10:21:02 +00:00
Brendan Coles
cc260598d3 Load URL from ui_base_path 2017-04-23 03:44:16 +00:00
Brendan Coles
9ad5ddf534 Add method to delete response from requester history 2017-04-23 01:45:30 +00:00
Brendan Coles
9b57435d5e Add placeholder for requester REST endpoints 2017-04-23 01:43:57 +00:00
Brendan Coles
c191a50f3c Force UTF-8 encoding for requester responses - Fix #1340 2017-04-22 02:10:48 +00:00
Brendan Coles
127b1d56e7 Add UTF-8 characters to demo pages for testing purposes 2017-04-22 01:52:13 +00:00
Brendan Coles
275153be38 Remove todo note 2017-04-20 19:56:31 +00:00
Brendan Coles
530962ea29 Cleanup and fix proxy/requester 2017-04-16 14:29:28 +00:00
Brendan Coles
08f5cf3e29 Cleanup and fix proxy/requester 2017-04-16 14:28:45 +00:00
Brendan Coles
f7a26556e9 Update hook jQuery to 1.12.4 - Fix #1133 2017-04-15 10:50:26 +00:00
Matt Metzger
f0fdc3d537 Omit Transfer-Encoding header in proxy responses 
Beef automatically calculates and inserts a Content-Length header when
sending proxy responses. If the Transfer-Encoding header is not
stripped, many browsers treat this as a Content-Length of 0, thus
rendering an empty body.
 2017-04-09 01:20:32 -04:00
Brendan Coles
06263790c8 Test if supplied IP address is valid dot-decimal format 2017-02-04 22:20:48 +00:00
Brendan Coles
8820ddc294 Store NetworkHost :lastseen as integer - Fix #1348 2017-02-03 19:53:44 +00:00
Wade Alcorn
91cc7ed873 Updated Copyright information 2016-12-29 15:50:13 +10:00
TheJambo
cb3a62ba5d Update WelcomeTab.js 2016-12-22 09:32:35 +00:00
TheJambo
6c103cfac7 Updated to include IPEC 2016-12-22 09:14:11 +00:00
Brendan Coles
ff83871d44 Add console events to event logger 2016-10-08 18:27:19 +00:00
Brendan Coles
ce3261900e Update butcher demo to use jQuery 1.12.4 2016-10-07 21:11:05 +00:00
Brendan Coles
2a5d878eee Use relative script URL for demos 2016-10-07 21:04:25 +00:00
Brendan Coles
d3a30a9b18 Add timeout to MSF RPC initial connection 2016-07-04 10:53:37 +00:00
Brendan Coles
16da11e7df Play sound in AdminUI upon new hooked browser 2016-05-15 01:26:06 +00:00
Brendan Coles
af737f80ec Merge pull request #1258 from mgeeky/get_snapshot 
Spyder_Eye got updated. #2
 2016-05-02 18:55:04 +10:00
Brendan Coles
dbccb111e5 Validate empty DNS REST API JSON keys 2016-04-22 06:27:05 +00:00
mgeeky
9ebb5abe18 Added exception handling in some subtle conditions when Javascript minifying could fail (as it happened to me once)w 2016-04-13 21:42:32 +02:00
Brendan Coles
47f7812df4 Clean up basic demo page 2016-04-10 17:27:18 +00:00
Brendan Coles
8cc5e8b236 Allow comma separated list of IPs and ranges as input 2016-04-09 06:36:28 +00:00
antisnatchor
5e7342e1bd Added Brave browser detection. 2016-04-01 14:14:13 +02:00
Brendan Coles
43a797b36a Re-order BeEF::Filters.is_valid_ip arguments with optional last 2016-03-25 20:58:17 +00:00
Brendan Coles
60f046c775 Update jquery version in evasion exclude_core_js 2016-02-13 06:49:54 +00:00