Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,062 Commits 14 Branches 34 Tags
bd9891dc4ddc198ddb70ee05af4bb412ede546c6
Commit Graph

479 Commits

Author SHA1 Message Date
soh_cah_toa
bd9891dc4d Implemented #validate_response method in Dns::Rule. 
Perhaps the ugliest part of the DNS extension, it is also the most
crucial. This method ensures that a given resource and response are
appropriate for each other. It must also prevent RCE vulns since the
input is eval'd later on.

However, HINFO, MINFO, and especially TXT validation is not strict
enough. These three need to be reviewed scrupulously since a 100%
anti-RCE solution may prove to be difficult.
 2014-04-23 16:39:26 -04:00
soh_cah_toa
53a54de5fe Added @database to Dns::Server as a model reference. 2014-04-23 16:36:16 -04:00
soh_cah_toa
3029d3cea8 Implemented #process method that handles requests. 
The DNS server now searches for matching rules and sends its response
when handling incoming requests. However, all rules are still assigned
the same callback for the moment.
 2014-04-23 13:28:34 -04:00
soh_cah_toa
0dd9c193ec Appended ! to #remove_rule and #remove_ruleset. 
Adhering to the Ruby convention, this indicates that these methods
mutate the receiver and, therefore, should be considered dangerous.
 2014-04-23 12:53:41 -04:00
soh_cah_toa
2303851498 Implemented #remove_ruleset method. 2014-04-23 12:50:42 -04:00
soh_cah_toa
56c686de64 Implemented #get_ruleset method. 
Also refactored #get_rule to use new #to_hash helper method since
 2014-04-23 12:42:39 -04:00
soh_cah_toa
ed986e4ed5 Implemented #remove_rule method. 2014-04-23 12:07:59 -04:00
soh_cah_toa
b345da0203 Implemented #get_rule method. 2014-04-23 12:00:23 -04:00
soh_cah_toa
007f6302df Re-implemented #generate_id in Core::Main::Crypto. 
This is a better home for it since that is where other OpenSSL
crypto/token generator methods reside.
 2014-04-23 11:41:11 -04:00
soh_cah_toa
861d66207d Implemented new Rule model and #add_rule method. 2014-04-23 11:27:49 -04:00
soh_cah_toa
7386a7708b Changed Dns::Server to use RubyDNS 0.7.x API. 
At this point, it is just a prototype that resolves any request to
1.1.1.1.
 2014-04-23 11:14:35 -04:00
soh_cah_toa
f4d3858af6 Removed unneeded files in ruby/ subdirectory. 
Changed Logger overrides to disable logging instead of using BeEF's
print_* methods. RubyDNS logging is too verbose. The DNS extension will
perform debug logging on its own.
 2014-04-22 22:56:21 -04:00
soh_cah_toa
d4ba3ec98c Re-enabled DNS extension in config files. 2014-04-22 22:50:31 -04:00
bcoles
4529dd1a6c Add support for MaxMind GeoIP 2014-04-22 00:58:49 +09:30
antisnatchor
f2c83ced4d Merge remote-tracking branch 'origin/master' 2014-04-14 11:48:23 +02:00
antisnatchor
940b03e249 Removed twitter dependency from Gemfile as it's causing depenedencies issues sometimes, and the twitter notification feature isn't that used anyway. 2014-04-14 11:46:42 +02:00
Brendan Coles
d9fd2b994e Add browser proxy details to browser summary 2014-04-13 02:29:09 +10:00
bcoles
7d6eb4b714 Add 'beef.os.getDefaultBrowser' 2014-03-20 02:49:08 +10:30
Brendan Coles
7a8115211d Merge pull request #981 from beefproject/MSF-Target-Browsers 
Added support for target browser detection for MSF modules #530
 2014-03-16 13:39:03 +11:00
antisnatchor
8f4f51874d Fixed issues with the DNS server RESTful API. Now it works. 2014-03-06 17:11:27 +00:00
antisnatchor
46e165df5e Added support for browser language detection. Also added a new entry in Browser Details and JS call beef.browser.getBRowserLanguage() 2014-03-06 12:35:02 +00:00
bcoles
3494542b54 Make upstream DNS server configurable 2014-03-04 00:56:41 +10:30
antisnatchor
91fa8f4e63 Various fixes for the DNS extension code. 2014-03-02 16:05:57 +00:00
antisnatchor
39e672f420 Fixed 2 RCE bugs in the DNS extension code (unsafe eval calls). 2014-03-02 15:43:36 +00:00
antisnatchor
ec9cf4d460 Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:56:33 +00:00
antisnatchor
9dcff5184d Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:40:18 +00:00
Phil Grohe
f274001a65 Revised comments on beef.dom.createIframe() to reflect removal of 'method' parameter & form submitting behavior. Updated existing function calls to beef.dom.createIframe() to remove 'method' parameter. 2014-02-22 11:57:56 -05:00
Saafan
a4973a5365 Merge pull request #946 from offensivecoder/update_twitter_require_version_5 
Update twitter require version 5
 2014-02-21 00:48:46 +02:00
soh_cah_toa
a75a95b663 Implemented DNS spoofer in social engineering extension. 
The /api/seng/clone_page endpoint now accepts a boolean "dns_spoof"
key in the JSON request. This adds a DNS record pointing the
cloned webpage to the BeEF server.

Integration tests included.
 2014-02-04 16:18:12 -05:00
antisnatchor
a0a36d333a Added a note about using SSL when connecting to Metasploit. Related to issue #958 2014-01-06 14:14:19 +00:00
bcoles
faafa9a196 Modify customhook extension to allow multiple hook points 2014-01-04 14:02:43 +10:30
bcoles
f97087c37a Change hard-coded 'hook.js' to 'beef.http.hook_file' 2014-01-04 11:33:58 +10:30
bcoles
6d449672ae Trivial edits to 'secret_page.html' demo page 2014-01-04 09:06:14 +10:30
Wade Alcorn
8003f1a47f Updated the copyright year to 2014 2014-01-01 16:34:15 +10:00
bcoles
02e6d4db11 Rescue StandardError rather than Exception 2013-12-30 06:41:07 +10:30
antisnatchor
b28a79b56a Enhancing the keylogger to log also shift/alt/ctrl 2013-12-15 16:01:50 +00:00
Marc Wickenden
f2ba3b55e8 require version 5 of the twitter gem due to removal of Twitter.configure method 2013-11-24 00:20:08 +00:00
antisnatchor
2c750670d7 fixed doctype error in basic.html (IE only) 2013-10-08 15:21:54 +01:00
antisnatchor
71a67defd4 Added new RESTful API method to bind a local file to a url. Also added "dropper" directory into Social Engineering extension. 2013-10-08 14:08:52 +01:00
bcoles
638e037e56 Remove Java and VLC detection from hook init 2013-10-06 19:17:55 +10:30
antisnatchor
2f51deb88a Fixed issue with Social Engineering extension when using an SMTP server without any needed authentication. 2013-10-02 14:53:04 +01:00
antisnatchor
86d23d3815 Fix issue #662 the Web UI base path can now be configured in the main config.yaml. Web UI JS files are now also minified. 2013-10-01 17:16:46 +01:00
bcoles
189e6543e0 Fix bug with rendering images from command responses in the admin UI 2013-09-12 18:26:00 +09:30
bcoles
f5b86e7894 Add metasploit default path for kali 2013-08-19 12:37:35 +09:30
bcoles
db83cdd086 Add metasploit default path for pentoo - take 2 2013-08-19 12:37:06 +09:30
bcoles
e9e085e9e1 Add metasploit default path for pentoo 2013-08-17 21:56:42 +09:30
soh_cah_toa
9d4ea6c224 Fixed issue mentioned in FIXME comment in RubyDNS::Server#match. 
Changed 'block.class.name' to just 'block' in case/when clause.
 2013-07-22 22:42:27 -04:00
soh_cah_toa
b2aed14234 Added regex support to #add_rule (tests included). 
Due to strange behavior in Sourcify, the /.../ literal syntax cannot
be used as a parameter; only %r{} or Regexp::new. There is a note
for this in the documentation for #add_rule.
 2013-07-22 22:37:39 -04:00
Saafan
75f33016ea Added support for target browser detection for MSF modules #530 2013-07-22 08:49:56 -04:00
soh_cah_toa
6a62cf9eaa Added public attributes 'address' and 'port' to Dns::Server. 
This removes the need to search config.yaml for the address:port.
Also included unit tests.
 2013-07-19 22:33:40 -04:00