Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,384 Commits 14 Branches 34 Tags
6f56f00a18da2217bcae1082cdcd920481fab13d
Commit Graph

343 Commits

Author SHA1 Message Date
antisnatchor
5fb6334654 (Fixes issue 405): added attack vector browser checks using the beef.browser API. If the vector is marked as working with only IE, if the browser is FF the attack will be skipped. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1249 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-09-02 09:21:31 +00:00
antisnatchor
f228138fb2 <xssrays> small code cleanup and comments added 
git-svn-id: https://beef.googlecode.com/svn/trunk@1247 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 11:11:42 +00:00
antisnatchor
4fc61d4c47 (Fixes issue 403): added handler: "xssrays" to xssrays.js. This is why beef.net.send was never called. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1246 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 10:00:22 +00:00
antisnatchor
59bfab48a3 (Fixes issue 406): when checking for URI path Xss, remove the last / from the url in case there is one. It will be added later. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1245 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 08:43:57 +00:00
antisnatchor
cfe0b3e87b <xssrays> removed browser checks and fixed unreferenced variable sameDomain (now is crossDomain) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1244 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-31 08:24:17 +00:00
bcoles@gmail.com
7a4b07ef2e Added "Has WebSockets" to initialization / details tab 
git-svn-id: https://beef.googlecode.com/svn/trunk@1237 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-26 13:28:53 +00:00
bcoles@gmail.com
c3bd1e5fa7 Added "not http" to port_status as part of beef.net.request 
Status "open" and "closed" were added in revision 1177

Fixes issue 286



git-svn-id: https://beef.googlecode.com/svn/trunk@1215 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-19 15:28:51 +00:00
a.m.saafan@gmail.com
a1acb6e397 Added support for encoding and storing requests of type image. Fixes issue 368. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1200 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-17 14:19:25 +00:00
bcoles@gmail.com
ff63d46337 Added Firefox 6 to core/main/client/browser.js 
git-svn-id: https://beef.googlecode.com/svn/trunk@1199 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-17 08:57:38 +00:00
wade@bindshell.net
3167722af2 Fixes issue 436. IE can now be hooked cross domain. Loading script is used instead of ajax now. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1180 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-11 01:52:45 +00:00
wade@bindshell.net
324449eb0f fixed bug where IE wasn't send the HOOKSESSION cross domain/port 
git-svn-id: https://beef.googlecode.com/svn/trunk@1179 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-11 01:52:13 +00:00
bcoles@gmail.com
22941a51b4 Augmented beef.net.request to support port_status 
Only "open" and "closed" are supported currently

Part of issue 286



git-svn-id: https://beef.googlecode.com/svn/trunk@1177 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-10 09:47:01 +00:00
scotty.b.brown@gmail.com
df1565883b (Fixes issue 433) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1173 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-09 09:39:00 +00:00
antisnatchor
922e72d2fe Issue 384: xssrays core code cleanup, refactoring and small bugfix (finishing the scan if stack.length=0) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1165 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 12:22:56 +00:00
antisnatchor
fca36abfdc Issue 384: xssrays core code cleanup, added support for configurable crossDomain, debug and cleanTimeout settings 
git-svn-id: https://beef.googlecode.com/svn/trunk@1163 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 11:56:23 +00:00
yori.kvitchko
a70de4dbf8 Added get cookies to on-initialize. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1162 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-03 06:36:50 +00:00
bcoles@gmail.com
f37433c027 The scroll bars are now removed from a hooked window if the iframe 
persistance command has been executed. The scroll bars are removed once 
the user clicks a URL in order to prevent duplicate scroll bars.

Fixes issue 224



git-svn-id: https://beef.googlecode.com/svn/trunk@1161 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-02 13:09:01 +00:00
antisnatchor
df0428ca8f (Fixes issue 423): Updated jQuery to 1.6.2 to fix the console error when using jQuery inside an iFrame on the page (xssrays) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1157 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-01 11:43:04 +00:00
antisnatchor
9c57194d38 Issue 384: fixed handling of different ports (!= 80/443) on get-params/Uri-path XSS. commented out some JS debug code. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1156 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-08-01 10:14:44 +00:00
bcoles@gmail.com
73ae24b029 Added Detect Cookie Support to initialization and details tab 
M	extensions/admin_ui/controllers/modules/modules.rb
M	extensions/initialization/handler.rb
M	core/main/client/browser.js

Example output on details tab:

	Session Cookies: Yes
	Persistent Cookies: Yes

Fixes Issue 380



git-svn-id: https://beef.googlecode.com/svn/trunk@1122 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-28 05:06:53 +00:00
antisnatchor
a5a9e45076 Issue 384: First draft of XssRays (core xssrays JS) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1114 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-26 18:36:30 +00:00
antisnatchor
77f9f4f542 (Fixes issue 391) Fixed JSON undefined error that was preventing browser hooking on IE < 8 
git-svn-id: https://beef.googlecode.com/svn/trunk@1080 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-21 13:50:12 +00:00
bcoles@gmail.com
a9d983b898 Added Browser Type to initialization and default tab 
M extensions/admin_ui/controllers/modules/modules.rb
	M extensions/initialization/handler.rb
	M core/main/client/browser.js 

Example output on details tab:

	Browser Type: {"FF5":true, "FF":true}

Fixes Issue 377


git-svn-id: https://beef.googlecode.com/svn/trunk@1070 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-18 22:09:26 +00:00
bcoles@gmail.com
569fec02cd Added Detect Scripts Support to initialization and details tab 
M extensions/admin_ui/controllers/modules/modules.rb
M extensions/initialization/handler.rb
M core/main/client/browser.js 

Example output on details tab:

Java Enabled: No
VBScript Enabled: No
Has Flash: Yes
Has GoogleGears: No

Fixes Issue 383 # https://code.google.com/p/beef/issues/detail?id=383



git-svn-id: https://beef.googlecode.com/svn/trunk@1069 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-18 04:16:54 +00:00
bcoles@gmail.com
6b00485b97 Added Screen Details to initialization and default tab 
M      extensions/admin_ui/controllers/modules/modules.rb
M      extensions/initialization/handler.rb
M      core/main/client/browser.js

Example output on details tab:

Screen Params: {"width"=>1024, "height"=>768, "colordepth"==>24}
Window Size: {"width"=>1024, "height"=>640}



git-svn-id: https://beef.googlecode.com/svn/trunk@1067 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-16 07:14:23 +00:00
antisnatchor
2d5360a870 Issue 384: initial commit of Gareth XssRays 0.5.5 
git-svn-id: https://beef.googlecode.com/svn/trunk@1064 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-14 09:10:25 +00:00
antisnatchor
fe5b318792 (Fixes issue 359) Proxy/Requester now forward back original XHR response headers (stripping some of them lik encoding and cache related). Added also a temporary fix for issue 368 (prevent saving raw image data if db = mysql). 
git-svn-id: https://beef.googlecode.com/svn/trunk@1051 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-09 22:30:44 +00:00
antisnatchor
1386e8efc3 (Fixes issue 366) Reducing chop size to prevent ERROR WEBrick::HTTPStatus::RequestURITooLarge 
git-svn-id: https://beef.googlecode.com/svn/trunk@1049 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-09 22:30:29 +00:00
scotty.b.brown@gmail.com
5c3e6f1575 Adding Apache Licence Header to all files (except VERSION file) 
git-svn-id: https://beef.googlecode.com/svn/trunk@1046 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-07-02 23:08:28 +00:00
scotty.b.brown@gmail.com
27f9857d31 (Fixes issue 350) There is no discernible difference between FF4 and FF5 This may prove similar to Chrome now FF are on a shorter release cycle. 
As such the difference between FF4 and FF5 has had to fall back to UA string.

git-svn-id: https://beef.googlecode.com/svn/trunk@1032 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-06-27 11:53:39 +00:00
scotty.b.brown@gmail.com
b96184a0cf FF5 is no longer detected as FF3.6 
git-svn-id: https://beef.googlecode.com/svn/trunk@1031 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-06-27 11:09:17 +00:00
antisnatchor
6af4f673d3 Proxy and Requester enhancements. Proxy got a good performance improvement, it's now multi-thread, able to handle errors, can be used with a normal browser. Requester core (ruby/js) has been enhanced too: db model, js logic and parsing code. Many previous bugs in different parts have been corrected. 
git-svn-id: https://beef.googlecode.com/svn/trunk@1027 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-06-26 18:03:53 +00:00
antisnatchor
10d8a1dc6d (Fixes issue 354) fixed handling of raw unicode data in browsers that supports window.btoa and window.atob 
git-svn-id: https://beef.googlecode.com/svn/trunk@1020 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-06-25 17:11:07 +00:00
scotty.b.brown@gmail.com
2f681c51e2 Knew i would miss one. 
git-svn-id: https://beef.googlecode.com/svn/trunk@999 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-06-18 23:44:24 +00:00
scotty.b.brown@gmail.com
49fc521a16 (Fixes issue 349) Added detection of Chrome 12 
git-svn-id: https://beef.googlecode.com/svn/trunk@998 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-06-18 23:38:16 +00:00
antisnatchor
eb42e7cc5c Added some comments, really relevant issuing cross-domain XHR 
git-svn-id: https://beef.googlecode.com/svn/trunk@950 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-05-02 18:54:58 +00:00
antisnatchor
91bfc090e9 Updated jQuery to latest stable version 1.5.2 
git-svn-id: https://beef.googlecode.com/svn/trunk@949 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-05-02 18:54:00 +00:00
antisnatchor
f8f623a5e8 Fixes crossdomain request detection in case BeEF is running on port 80 (document.location.port is then empty) 
git-svn-id: https://beef.googlecode.com/svn/trunk@948 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-05-02 14:51:54 +00:00
antisnatchor
b30967aafe Fixes wrong check for crossdomain request (added different port check) in beef.net.request JS. 
git-svn-id: https://beef.googlecode.com/svn/trunk@946 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-05-02 09:52:24 +00:00
scotty.b.brown@gmail.com
7b5a947ed9 Adding Chrome 11 detection (released today) 
git-svn-id: https://beef.googlecode.com/svn/trunk@941 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-04-28 05:20:44 +00:00
antisnatchor
f13806fa5c (Fixes issue 288): now changeFavicon works in Firefox, Chrome and Opera 
git-svn-id: https://beef.googlecode.com/svn/trunk@928 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-04-26 09:35:23 +00:00
antisnatchor
1625178b27 (Fixes issue 154) 
git-svn-id: https://beef.googlecode.com/svn/trunk@917 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-04-22 17:10:37 +00:00
scotty.b.brown@gmail.com
35f62714b1 Moving nextgen from a branch to the trunk!!! 
git-svn-id: https://beef.googlecode.com/svn/trunk@908 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
 2011-04-20 07:54:56 +00:00