Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,384 Commits 14 Branches 34 Tags
6f56f00a18da2217bcae1082cdcd920481fab13d
Commit Graph

45 Commits

Author SHA1 Message Date
Wade Alcorn
2fbca61368 Updated copyright dates 2014-12-30 07:44:58 +10:00
antisnatchor
6b93b09c2f #970 Updated DNS tunnel debug module config.yaml description 2014-06-29 13:20:11 +02:00
antisnatchor
d1688395ae #970 Added string to DNS requests to differentiate between normal and data-extrusion DNS requests 2014-06-29 13:04:51 +02:00
antisnatchor
f7df45ebd1 #970 Modified dns.js to support the current way we send data from client to server using DNS. 2014-06-29 12:31:59 +02:00
Wade Alcorn
94b636c6fd Fixed reference to origin 2014-04-24 19:36:58 +10:00
antisnatchor
b43fbce044 Fixed issue #957. The requester and proxy now work again after the jquery update. 2014-01-03 13:48:31 +00:00
Wade Alcorn
8003f1a47f Updated the copyright year to 2014 2014-01-01 16:34:15 +10:00
bcoles
da763df110 Uncommented several instances of beef.debug() - Part of issue #862 2013-04-17 22:12:35 +09:30
bcoles
a172362452 Part of issue #862 - Add beef.debug() for client-side debugging 
Add `beef.debug()` function - wraps `console.log()`

Debug messages are suppressed for browsers which don't support `console.log()`

Update './core/*' to use `beef.debug()` instead of `console.log()`
Update './modules/*' to use `beef.debug()` instead of `console.log()`
Update './extensions/*' to use `beef.debug()` instead of `console.log()`

Add 'modules/debug/test_beef_debug/' module
 2013-04-15 16:49:01 +09:30
bcoles
55b0bee9ca Re-enable XSS-Rays vectors containing ' charater 
Fix issue #47
 2013-04-14 20:38:41 +09:30
antisnatchor
73e291832e Replacing document.location.href with location in xssrays.js. 2013-04-07 15:54:14 +01:00
Wade Alcorn
fe40038441 Updated copyright year to 2013 2012-12-30 12:47:43 +10:00
bcoles
3152f41a18 Add beef.net.cors.request 
Returns a response object with HTTP status, headers and body

Add 'Test CORS Request' debug module
 2012-11-26 02:50:27 +10:30
Wade Alcorn
b68df3d024 Changed license header 2012-11-02 14:05:15 +10:00
antisnatchor
2bad801c80 Terminating unterminated statements in various JS files. 2012-05-22 13:27:57 +01:00
antisnatchor
f8cd395e21 Added additional check on pathname for XssRays Issue 657 2012-04-20 11:40:28 +01:00
antisnatchor
cf3587e2b1 Fix issue 657: the damn IE doesn't contain a forward slash on pathname 2012-04-19 18:08:16 +01:00
bcoles
cce8cf451c Added XssRays vectors: 
o URL encoded
	o Double URL encoded
	o Double nibble URL encoded

Fixes issue #65

Part of issue #47
 2012-04-05 14:26:30 +09:30
bcoles
2bca21a41d Minor updates to XSSRays 
Part of issue #47
 2012-03-26 16:29:15 +10:30
Keith Lee
97672966df Fix for issues 567 and also remove multiple calls to beef.browser.hasJava() from /beef/core/main/client/net/local.js 2012-03-07 01:41:27 +08:00
antisnatchor
c6988befc5 Fixed issue 66: base64'ed the iframe src in case of Chrome/Safari to bypass the webkit anti-XSS filter 2012-02-12 13:45:35 +01:00
Wade Alcorn
06899ca267 Year updated from 2011 to 2012 2011-12-31 22:24:36 +10:00
bcoles
4543d60570 Added allowCrossDomain functionality to beef.net.requester.send 2011-12-24 13:37:14 +10:30
bcoles
61a34c1c60 Decoupled beef.net.request and beef.net.proxyrequest 
This is part of issue 87
 2011-12-24 04:21:45 +10:30
bcoles
f2d4592941 Added DNS Tunnel first draft 2011-12-23 08:24:10 +10:30
bcoles
3ee52b82c0 Part of issue 87, issue 63, issue 29, issue 30 
In preperation for creating requester and proxy unit tests:

  o Tidied up some of the requester and proxy
  o Partially de-coupled requester from proxy
  o Fixed minor bugs:
    o is_valid_uri was not implemented correctly
    o http scheme validation had "http" instead of "https"
 2011-12-20 02:47:50 +10:30
antisnatchor
c37db1e364 (Fixes issue 486): now using the requester (so also the tunneling proxy) you can correctly send POST requests 2011-11-23 17:07:55 +01:00
antisnatchor
e22332e1f8 (Fixes issue 467) rewrote from scratch the XssRays handler, refactored JS and Ruby code, improved the whole thing. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1361 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-10-12 14:56:50 +00:00
antisnatchor
3f82b0315a (Fixes issue 427): fixed sending back PoC for POST injection with xssrays. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1251 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 10:18:48 +00:00
antisnatchor
10d8edb5fd <xssrays> prevent printing console.log messages if the hooked browser is IE 
git-svn-id: https://beef.googlecode.com/svn/trunk@1250 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 09:26:46 +00:00
antisnatchor
5fb6334654 (Fixes issue 405): added attack vector browser checks using the beef.browser API. If the vector is marked as working with only IE, if the browser is FF the attack will be skipped. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1249 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 09:21:31 +00:00
antisnatchor
f228138fb2 <xssrays> small code cleanup and comments added 
git-svn-id: https://beef.googlecode.com/svn/trunk@1247 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 11:11:42 +00:00
antisnatchor
4fc61d4c47 (Fixes issue 403): added handler: "xssrays" to xssrays.js. This is why beef.net.send was never called. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1246 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 10:00:22 +00:00
antisnatchor
59bfab48a3 (Fixes issue 406): when checking for URI path Xss, remove the last / from the url in case there is one. It will be added later. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1245 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 08:43:57 +00:00
antisnatchor
cfe0b3e87b <xssrays> removed browser checks and fixed unreferenced variable sameDomain (now is crossDomain) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1244 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 08:24:17 +00:00
bcoles@gmail.com
22941a51b4 Augmented beef.net.request to support port_status 
Only "open" and "closed" are supported currently

Part of issue 286



git-svn-id: https://beef.googlecode.com/svn/trunk@1177 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-10 09:47:01 +00:00
antisnatchor
922e72d2fe Issue 384: xssrays core code cleanup, refactoring and small bugfix (finishing the scan if stack.length=0) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1165 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 12:22:56 +00:00
antisnatchor
fca36abfdc Issue 384: xssrays core code cleanup, added support for configurable crossDomain, debug and cleanTimeout settings 
git-svn-id: https://beef.googlecode.com/svn/trunk@1163 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 11:56:23 +00:00
antisnatchor
9c57194d38 Issue 384: fixed handling of different ports (!= 80/443) on get-params/Uri-path XSS. commented out some JS debug code. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1156 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-01 10:14:44 +00:00
antisnatchor
a5a9e45076 Issue 384: First draft of XssRays (core xssrays JS) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1114 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-26 18:36:30 +00:00
antisnatchor
2d5360a870 Issue 384: initial commit of Gareth XssRays 0.5.5 
git-svn-id: https://beef.googlecode.com/svn/trunk@1064 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-14 09:10:25 +00:00
antisnatchor
fe5b318792 (Fixes issue 359) Proxy/Requester now forward back original XHR response headers (stripping some of them lik encoding and cache related). Added also a temporary fix for issue 368 (prevent saving raw image data if db = mysql). 
git-svn-id: https://beef.googlecode.com/svn/trunk@1051 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-09 22:30:44 +00:00
scotty.b.brown@gmail.com
5c3e6f1575 Adding Apache Licence Header to all files (except VERSION file) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1046 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-02 23:08:28 +00:00
antisnatchor
6af4f673d3 Proxy and Requester enhancements. Proxy got a good performance improvement, it's now multi-thread, able to handle errors, can be used with a normal browser. Requester core (ruby/js) has been enhanced too: db model, js logic and parsing code. Many previous bugs in different parts have been corrected. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1027 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-06-26 18:03:53 +00:00
scotty.b.brown@gmail.com
35f62714b1 Moving nextgen from a branch to the trunk!!! 
git-svn-id: https://beef.googlecode.com/svn/trunk@908 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-04-20 07:54:56 +00:00