Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,627 Commits 14 Branches 34 Tags
d58f979395d6fe85a006d3c61f8ee8b088f32dc7
Commit Graph

2627 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
mgeeky
d58f979395 Update html2canvas component in the spyder_eye module from 0.4 to 0.5.0-alpha1 which resulted in much more detailed screenshot, as can be seen in: http://imgur.com/a/Sm9OG . Also, armored a bit the code running in the zombie' browser. Branch is called 'get_snapshot' as I didn't know that there is already a module utilizing terrific html2canvas. 2016-04-14 15:31:08 +02:00
mgeeky
9ebb5abe18 Added exception handling in some subtle conditions when Javascript minifying could fail (as it happened to me once)w 2016-04-13 21:42:32 +02:00
mgeeky
010867cf24 Added three new Autorun rules 2016-04-13 21:38:25 +02:00
mgeeky
261c9ee5aa Changed default custom domains variable to a safe-for-work one. :-) 2016-04-07 14:25:22 +02:00
mgeeky
d5e041e3e3 Added 'top' ports scannig set according to Fyoodr's nmap-realted resarch (gathered from nmap-services) 2016-04-06 12:03:58 +02:00
mgeeky
ede4ce46d6 Extend Get Visited Domains module's description to include format of the visited domains text box 2016-03-31 12:29:08 +02:00
mgeeky
617a30f80e Added functionality to specify custom static resources paths for Get Visited Domains module. 2016-03-31 12:25:27 +02:00
mgeeky
a677e9c746 Added checkbox specyfing whether to create a pop-under at user's tab closing event (module confirm_close_tab). Also extracted static confirmation message to the module's options. 2016-03-08 15:32:36 +01:00
mgeeky
8ab9716a44 Firefox has forbidden access to the chrome:// scheme rendering "Detect Extensions" module useless. The code has been trying to fingerprint installed extensions by creating image which would load extension-specific url and then in onload' event would send such information to the BeeF server. Unfortunately there was no code handling onerror' situation, therefore end user wasn't getting any status from this module (stating that it failed). The below commit adds such functionality. 2016-03-08 14:49:29 +01:00
mgeeky
faddd76de0 Added try..catch to avoid looped mozRTCSessionDescription undefined exceptions in Firefox (as occured in 43.0). Shouldn't do much havoc I guess. 2016-03-07 18:20:08 +01:00
mgeeky
e14b5f953a Modified the Man-In-The-Browser logic of building query string in form fetching. Previous implementation couldn't handle properly option and submit parameters, therefore a MITB-ed user wasn't sending correct query string which should include those two more fields. For instance, bWAPP application (by IT SEC Games) makes choosing a bug to exploit by submitting form consisting of an option and <button> with type=submit. With this patch an user behind MITB will be able to successfully fetch the form and thus proceed to the next bug. 2016-03-07 18:01:37 +01:00
antisnatchor
815eff8d4e Merge pull request #1220 from ilatypov/master 
Delay form submission to allow the Javascript event loop complete the…
 2016-02-18 15:51:00 +01:00
antisnatchor
39ca52ae8b Merge pull request #1221 from Und3rf10w/patch-1216 
Update loader.rb to include optparse
 2016-02-18 15:49:44 +01:00
Jonathan Echavarria
f1eb8c8723 Update loader.rb 
Includes fixes for #1216 by loading the 'optparse' library
 2016-02-17 09:29:11 -05:00
Ilguiz Latypov
d81db24912 Delay form submission to allow the Javascript event loop complete the transfer of the log. #1215 2016-02-15 16:02:06 -05:00
Brendan Coles
b8afb0e855 Add WS timer to banner 2016-02-13 10:00:47 +00:00
Brendan Coles
d110675c0f Revert 96dfde519a 2016-02-13 09:53:23 +00:00
Brendan Coles
7a668abc0a Update ARE to support Evasion extension - Fix #1219 2016-02-13 07:09:00 +00:00
Brendan Coles
60f046c775 Update jquery version in evasion exclude_core_js 2016-02-13 06:49:54 +00:00
Brendan Coles
d0ca66cbf5 Decrease workers and increase timeout 2016-02-12 14:38:42 +00:00
Brendan Coles
13fded460e assert_equal <expected>,<actual> 2016-02-12 13:59:50 +00:00
Brendan Coles
96dfde519a Remove JSON.stringify(results) from beef.websocket.send - Fix #1210 2016-02-12 13:25:39 +00:00
Brendan Coles
d1d7371ccf Disable console extension 2016-02-12 13:10:23 +00:00
Brendan Coles
ca288fef9f Update gems 2016-02-12 11:23:29 +00:00
Brendan Coles
1a16837182 Remove win32console gem dependency for Windows 2016-02-12 11:03:29 +00:00
Brendan Coles
afd48d8a5f Advise console extension is unavailable 2016-02-12 08:32:00 +00:00
Brendan Coles
8e5991784f Add ARE return status 2016-02-11 12:37:48 +00:00
Brendan Coles
bef0c6dcdd Add support for Windows 10 2016-02-10 07:40:28 +00:00
Brendan Coles
85d87f47b5 Remove HTTP method from beef.dom.persistentIframe - Fix #1211 2016-02-09 14:05:35 +00:00
Brendan Coles
8697c81ffa Replace eval with hard-coded strings 2016-02-08 08:29:52 +00:00
Brendan Coles
fa8464bdd9 Update supported browsers 2016-02-08 03:59:25 +00:00
Brendan Coles
5065a55238 Add lan_http_scan ARE rule 2016-02-07 13:19:35 +00:00
Brendan Coles
bb8fe9d8f8 Fix icon 2016-02-07 12:20:53 +00:00
Brendan Coles
7e6e3bc51d Add lan_flash_scan ARE rule 2016-02-07 12:20:04 +00:00
Brendan Coles
848dc65c6f Add cross_origin_scanner_flash module 2016-02-07 11:20:55 +00:00
Brendan Coles
321aff56f3 Rename cross_origin_scanner to cross_origin_scanner_cors 2016-02-07 10:53:32 +00:00
Brendan Coles
eb9e0a0a68 Add ARE return status 2016-02-07 01:01:02 +00:00
Brendan Coles
83e1f596de unless 2016-02-06 08:04:29 +00:00
Brendan Coles
dde8034606 Use 'Unknown' if BrowserPlatform is null 2016-02-05 04:25:23 +00:00
Brendan Coles
1715113ffa Update Ruby version requirement to 2.0 2016-02-04 09:39:59 +00:00
Brendan Coles
6e157e163f Update therubyracer link 2016-02-04 09:34:12 +00:00
Brendan Coles
ac1b51bbb2 Use groups in Gemfile 2016-02-04 09:32:55 +00:00
Brendan Coles
989d6de65a Check ENV['LANG'] for UTF-8 compatibility 2016-02-04 07:51:45 +00:00
Brendan Coles
9e0ccf71bb Change /api/modules/multi_browser to accept 'ALL_ONLINE' for 'hb_ids' 2016-02-04 00:49:29 +00:00
Brendan Coles
8e3264e750 Change names 2016-02-03 22:57:33 +00:00
Brendan Coles
f4ff606cbf Change /api/modules/multi_browser to accept 'ALL' for 'hb_ids' 2016-02-02 21:50:08 +00:00
Brendan Coles
efe8961dfa Fix file path - Fix #1204 2016-02-02 01:40:26 +00:00
Brendan Coles
5507447661 Hide ARE rule processing output unless debugging 2016-02-01 18:42:21 +00:00
Brendan Coles
efb99f9e98 Add command module ID to module response log message 2016-02-01 14:18:24 +00:00
Brendan Coles
39df7184aa Add Clear Console module 2016-01-31 20:29:45 +00:00