Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,013 Commits 14 Branches 34 Tags
df4ec4153815da2c080f413ff74474e5cb4aeb9a
Commit Graph

459 Commits

Author SHA1 Message Date
antisnatchor
8f4f51874d Fixed issues with the DNS server RESTful API. Now it works. 2014-03-06 17:11:27 +00:00
antisnatchor
46e165df5e Added support for browser language detection. Also added a new entry in Browser Details and JS call beef.browser.getBRowserLanguage() 2014-03-06 12:35:02 +00:00
bcoles
3494542b54 Make upstream DNS server configurable 2014-03-04 00:56:41 +10:30
antisnatchor
91fa8f4e63 Various fixes for the DNS extension code. 2014-03-02 16:05:57 +00:00
antisnatchor
39e672f420 Fixed 2 RCE bugs in the DNS extension code (unsafe eval calls). 2014-03-02 15:43:36 +00:00
antisnatchor
ec9cf4d460 Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:56:33 +00:00
antisnatchor
9dcff5184d Manually merged DNS extension code (pull request 967 from @soh-cah-toa) 2014-03-02 12:40:18 +00:00
Phil Grohe
f274001a65 Revised comments on beef.dom.createIframe() to reflect removal of 'method' parameter & form submitting behavior. Updated existing function calls to beef.dom.createIframe() to remove 'method' parameter. 2014-02-22 11:57:56 -05:00
Saafan
a4973a5365 Merge pull request #946 from offensivecoder/update_twitter_require_version_5 
Update twitter require version 5
 2014-02-21 00:48:46 +02:00
soh_cah_toa
a75a95b663 Implemented DNS spoofer in social engineering extension. 
The /api/seng/clone_page endpoint now accepts a boolean "dns_spoof"
key in the JSON request. This adds a DNS record pointing the
cloned webpage to the BeEF server.

Integration tests included.
 2014-02-04 16:18:12 -05:00
antisnatchor
a0a36d333a Added a note about using SSL when connecting to Metasploit. Related to issue #958 2014-01-06 14:14:19 +00:00
bcoles
faafa9a196 Modify customhook extension to allow multiple hook points 2014-01-04 14:02:43 +10:30
bcoles
f97087c37a Change hard-coded 'hook.js' to 'beef.http.hook_file' 2014-01-04 11:33:58 +10:30
bcoles
6d449672ae Trivial edits to 'secret_page.html' demo page 2014-01-04 09:06:14 +10:30
Wade Alcorn
8003f1a47f Updated the copyright year to 2014 2014-01-01 16:34:15 +10:00
bcoles
02e6d4db11 Rescue StandardError rather than Exception 2013-12-30 06:41:07 +10:30
antisnatchor
b28a79b56a Enhancing the keylogger to log also shift/alt/ctrl 2013-12-15 16:01:50 +00:00
Marc Wickenden
f2ba3b55e8 require version 5 of the twitter gem due to removal of Twitter.configure method 2013-11-24 00:20:08 +00:00
antisnatchor
2c750670d7 fixed doctype error in basic.html (IE only) 2013-10-08 15:21:54 +01:00
antisnatchor
71a67defd4 Added new RESTful API method to bind a local file to a url. Also added "dropper" directory into Social Engineering extension. 2013-10-08 14:08:52 +01:00
bcoles
638e037e56 Remove Java and VLC detection from hook init 2013-10-06 19:17:55 +10:30
antisnatchor
2f51deb88a Fixed issue with Social Engineering extension when using an SMTP server without any needed authentication. 2013-10-02 14:53:04 +01:00
antisnatchor
86d23d3815 Fix issue #662 the Web UI base path can now be configured in the main config.yaml. Web UI JS files are now also minified. 2013-10-01 17:16:46 +01:00
bcoles
189e6543e0 Fix bug with rendering images from command responses in the admin UI 2013-09-12 18:26:00 +09:30
bcoles
f5b86e7894 Add metasploit default path for kali 2013-08-19 12:37:35 +09:30
bcoles
db83cdd086 Add metasploit default path for pentoo - take 2 2013-08-19 12:37:06 +09:30
bcoles
e9e085e9e1 Add metasploit default path for pentoo 2013-08-17 21:56:42 +09:30
soh_cah_toa
9d4ea6c224 Fixed issue mentioned in FIXME comment in RubyDNS::Server#match. 
Changed 'block.class.name' to just 'block' in case/when clause.
 2013-07-22 22:42:27 -04:00
soh_cah_toa
b2aed14234 Added regex support to #add_rule (tests included). 
Due to strange behavior in Sourcify, the /.../ literal syntax cannot
be used as a parameter; only %r{} or Regexp::new. There is a note
for this in the documentation for #add_rule.
 2013-07-22 22:37:39 -04:00
soh_cah_toa
6a62cf9eaa Added public attributes 'address' and 'port' to Dns::Server. 
This removes the need to search config.yaml for the address:port.
Also included unit tests.
 2013-07-19 22:33:40 -04:00
soh_cah_toa
8d961c1938 Added support for rules that fail to resolve (e.g. NXDOMAIN). 
Included unit tests.
 2013-07-19 22:15:25 -04:00
soh_cah_toa
95d0ddbe87 Added new method #remove_ruleset that clears the entire DNS ruleset. 
Included unit tests as well.
 2013-07-17 18:16:46 -04:00
soh_cah_toa
ebbadba6dd Improved #run_server to check if EM reactor is already running. 
Also moved Thread creation to inside #run_server instead of
forcing caller to do so.
 2013-07-14 23:27:21 -04:00
antisnatchor
f869d2924a Fixed an XSS discovered by Mario in the default keylogger. 2013-07-01 15:24:36 +01:00
gcatt
f6ebe9fac0 Revert "Add Unity Web Player detection" 
This reverts commit 696e3715fe.
 2013-07-01 10:11:20 +02:00
gcatt
696e3715fe Add Unity Web Player detection 2013-07-01 10:07:47 +02:00
soh_cah_toa
e775748603 Added more tests for GET /api/dns/rule/:id with invalid input. 
Also changed handler to return 404 when rule isn't found.
 2013-06-08 21:58:28 -04:00
soh_cah_toa
3b58518cfd Added tests for GET /api/dns/rule/:id handler. 
Fixed #parse_response so that these tests pass.
 2013-06-08 19:04:42 -04:00
soh_cah_toa
eccbdd6958 Added tests for AAAA, CNAME, HINFO, MINFO, and MX RR types. 
Also fixed #format_response to properly format MS records.
 2013-06-07 18:32:29 -04:00
soh_cah_toa
6901581ae7 Moved #format_response call to before when RR type is evaled. 
Since #format_response throws an exception for unknown RR types,
calling it first will ensure bad Resolv::DNS::Resource names will
never be evaled.
 2013-06-06 22:59:54 -04:00
soh_cah_toa
09ec09601e Changed hash key syntax from previous commit. 
Besides being consistent, Sinatra actually requires the string
syntax.
 2013-06-05 18:33:08 -04:00
soh_cah_toa
fc6f0aface Changed DELETE handler to return JSON "success" key. 
Prior to this, nothing was returned. This will allow users to
determine whether or not a rule was removed as expected.
 2013-06-05 18:29:18 -04:00
soh_cah_toa
89a5d6fdbb Modified #remove_rule to return a boolean value. 
This is will soon allow the DELETE handler to indicate success
or failure.
 2013-06-05 18:20:48 -04:00
soh_cah_toa
6c61b39d81 Changed 401 status to 403 in filter for non-permitted IP's. 
403 Forbidden is more appropriate since 401 Unauthorized only
indicates that authentication is needed. In the case of a bad IP,
authentication will make no difference which is exactly what 403 is
meant for.
 2013-06-05 17:09:09 -04:00
soh_cah_toa
80ab665054 Added new InvalidParamError class for handling bad named parameters. 
Previously, InvalidJsonError was being used mistakenly for this which
is misleading considering no JSON was involved.
 2013-06-05 16:56:05 -04:00
soh_cah_toa
e56494d486 Renamed /rules GET route to /ruleset for the sake of consistency. 
Also added new "count" key to result that lists the number of rules.
 2013-06-05 16:30:24 -04:00
soh_cah_toa
2f5133e11a Changed GET handlers to return recently fixed rule data. 
Also wrapped all handlers in a begin/end block that catches
internal StandardError exceptions.
 2013-06-05 15:56:33 -04:00
soh_cah_toa
44622345d0 s/DNS/Dns/g since that is the BeEF style convention. 2013-06-03 17:55:58 -04:00
soh_cah_toa
0f8221918b Improved coding style (a la ruby-style-guide and rubocop). 
Because I'm too tired to start testing and need a little victory. ;)
 2013-06-03 00:11:41 -04:00
soh_cah_toa
c8c9e1e139 Reimplemented POST handler to avoid unsafe use of #eval. 
Now the desired response is passed an array. Each RR type is handled
specially to craft the necessary response.
 2013-06-02 22:40:58 -04:00